Tokenization. It’s not just for PCI anymore. As enterprises migrate to the cloud for improved cost and efficiency, data is being put at risk. A recent scan of Amazon S3 buckets showed a treasure trove of sensitive information being stored without any access controls whatsoever. We’ve seen identity theft, leaked social security numbers, leaked customer email addresses, and other PII inadvertently exposed to attackers.
Fortunately this is not completely new ground. The Retail industry developed the PCI framework years ago to deal with many of the same complexities we’re seeing today in the cloud. Migration to SaaS, PaaS, or even IaaS means relying on an external party for some portion of your data or workflow, just as the Retail industry did with payments, settlements, etc. We can adopt best practices from the PCI framework to protect cloud-hosted data. Tools such as tokenization or format-preserving encryption can help.
Join me tomorrow at the SC Congress eConference on Auditing and Compliance. I’ll be joined by Principal Forrester Analyst John Kindervag to discuss best practices in data protection for the cloud. We’ll look at Forrester’s proven “PCI Unleashed” framework and map that to cloud data protection use cases.