Outsourcing Tokenization vs. On-Premise Data Security

Outsourcing Tokenization vs. On-Premise Data Security

Every data security solution has the same ultimate goal – reduce the risk of handling and storing sensitive data. Nobody wants to face a breach or a service outage, and every solution will have ways of managing that risk. The differences arise in the specific ways that risk is managed. Some companies prefer to keep everything in-house, while others want to outsource tokenization.

When we started building TokenEx, we did it with the goal of creating a comprehensive security solution that could reduce the risk of working with sensitive data as much as possible. But along with that goal, we also wanted to create a solution that was an economical option for our customers.

We’ve achieved both of our goals. TokenEx’s tokenization services allow you to remove sensitive data from your environment without disrupting your normal operations. Tokenization allows our customers to reduce their compliance obligations, keep their data more secure, and remove a great deal of risk. And it also allows them to save a great deal of money.

To see the difference between TokenEx and other data security solutions, take a look at the cost of ownership analysis below.

This chart is based on a five-year analysis performed by one of our customers, comparing our services to an on-premise tokenization solution offered by one of our competitors. Both our solution and the competitor’s were designed to provide comprehensive, robust data security and to limit the scope of PCI obligations. So what made our solution cost more than $600,000 less over five years?

First, let’s take a look at some of the numbers. Under the first section, Hardware and Software, the breakdown of expenses is quite different. With TokenEx’s solution, the biggest expense is the software license. The $450,000 cost in this section is based on a $90,000 per year subscription fee multiplied over the five-year period. In contrast, our competitor’s solution carried an initial set-up cost of $330,000, plus maintenance and support costs that, over the five year period, would end up costing even more.

Operations expenses are also much higher with an on-premise data security solution. With TokenEx, the only significant operations expenses are some initial setup costs (located under Professional Services in the table), Backup and Recovery services, and regular PCI compliance obligations, totaling just over $200,000 over the course of five years.

In contrast, our competitor’s solution required significantly more ongoing expenses. Initial setup expenses were significantly higher – $112,000 vs $37,000 – due to the need to customize the on-premise systems to work in their environment. Their solution also required the customer to set up their own data center, engage in additional employee training, pay IT personnel, and buy insurance for the equipment and data. TokenEx’s solution required none of these additional expenses. And, due to the fact that an on-premise solution keeps sensitive data inside the customer’s environment, PCI obligations were $120,000 higher over the five-year timeline.

Other long-term expenses, such as equipment replacement, scaling, and decommissioning were also much higher with the on-premise solution our competitors offered. In total, this led to a difference of $632,650 over the five-year period. That’s nearly double the cost of our services.

There is another crucial difference between TokenEx’s data security solution and our competitor’s, as well: risk. Because an on-premise security system requires customers to keep sensitive data in their environments, these solutions also expose the customer to the possibility of a data breach. With TokenEx, the vast majority of that risk shifts to us.

According to the Ponemon Institute, the average cost of a data breach is $188 per record lost. In other words, it takes an average of $188 per record for a company to recover from losing customer data. When multiplied over thousands or millions of credit card records or personal data sets, the cost of a breach can quickly become astronomical. For instance, the data breach that affected retailer Neiman Marcus in late 2013 exposed about 1.1 million customer records, and on average a breach of that size incurs a cost of about $206,800. The 2013 Target breach, one of the largest in history, exposed 110 million records – a number that could cost more than $20 billion in recovery costs.

For the customer above, this risk (and the associated cost) was unacceptable. They wanted to secure and store approximately four million customer records, but with an on-premise solution, they would have been exposed to up to $752 million in recovery expenses in the event of a breach.

However, TokenEx’s solution does not store any sensitive data in your systems. If a breach does occur, the only data that can be exposed is tokenized data, which cannot be turned back into true values without authorization. Tokenized data is worthless to thieves and hackers – so worthless, in fact, that the PCI Security Council doesn’t even consider it sensitive data. It carries virtually no risk to store in your environment, and is not subject to PCI compliance.

In the end, TokenEx’s solution was both more economical and far more secure than the competing on-premise system. And, because our services are scalable and can work with any existing infrastructure, we’re a perfect solution for businesses of any size, in any industry. If you would like to learn more about how we can increase your security and reduce your expenses, contact us today. Please follow us on Twitter and LinkedIn to get the latest news on our services.

Topic(s): payments , data security , PCI DSS , tokenization