Minimizing scope and risk should be the top priorities of an entity pursuing PCI compliance. A simple, efficient method for accomplishing both tasks is edge tokenization, a process that employs load balancers to push tokenization to the edge of your environment. Here’s how it works.
Edge Tokenization Explained
Load balancers, or reverse proxies, are pieces of hardware designed to evenly distribute network loads and application traffic across multiple servers. They typically sit on the outer edge of a network, making them the first and last assets to touch inbound and outbound data, and because they can interact with the data flowing through an environment, they have the potential to perform additional functions. This combination of placement and functionality makes them particularly useful for executing actions such as deep packet inspections and, in this case, edge tokenization.
To perform edge tokenization, TokenEx utilizes those capabilities by programming web service requests to tokenize and detokenize all sensitive data sets before they pass through the load balancer. By tokenizing sensitive data before it enters your environment, all assets downstream from the load balancer are now out of scope. The result: successful edge tokenization.
The Value of Edge Tokenization
- Leverage existing technology for data security
- No more single points of failure by introducing tokenization appliances
- No code or application changes required
- Reduce compliance overhead by descoping everything beyond the load balancer
How we do it
If you have a load balancer capable of performing content inspections, modifications and API calls to outside services, your technology should be compatible with TokenEx’s data security platform. Most enterprise-class load balancers have scripting capabilities to inspect and modify HTTP content on its way to an application. Using these scripting capabilities, we can identify sensitive data and create rules for how to handle it.
For example, as a credit card number travels through a load balancer, the load balancer can identify the credit card. Once the credit card is identified, the load balancer can then make an API call to the TokenEx platform to tokenize that credit card number. TokenEx will then return the token to the load balancer where it is then sent to the intended destination application.
Using edge tokenization with TokenEx, companies can completely prevent sensitive data from entering downstream technologies. Today, TokenEx has customers employing this process flow from F5 and Brocade vTMs in combination with the TokenEx API, and customers who have F5 vTMs utilize iRule capabilities to call the TokenEx API. In the future, TokenEx will have similar integrations with other industry-leading reverse proxy technologies.
To learn more about edge tokenization, our platform or our solutions, please contact firstname.lastname@example.org with any questions you might have. In the meantime, keep an eye out for more exciting development news from our innovation team.