If you are handling any type of sensitive data, like payment card data (PCI) or Personally Identifiable Data (PII), and you’re not tokenizing this data outside of your environment currently, then you have some opportunity to strengthen your risk posture. We will be discussing and introducing how you can leverage F5 Load Balancers and their iRule capability to tokenize data at the very edge of your environment. How do you use load balancers and tokenization to remove sensitive data from your environment? Is handling sensitive data sets risky? How do you pass the data on to partners and vendors who need the data to process? (i.e. sending PCI to a payment processor for fulfillment or utilizing PII for marketing or analytics’ vendors)
What is a Load Balancer?
Load Balancers are technologies that pretty much balance the network load (network traffic) inbound and outbound from your network. These technologies have the capability to do pretty amazing things like deep packet inspection, so you can identify what data is being sent to you and create workflows that govern where this data should be sent based on the contents of the packet. Load balancers generally sit on the outer edge of a network, so they are the first assets to see inbound data and the last assets to see outbound data. Ideal placement, right?
How Does Tokenization Work?
The purpose of tokenization is to swap out sensitive data—typically payment card or social security numbers—with a randomized number in the same format, but with no intrinsic value of its own. For example, handling payment card data presents risk to companies, and tokenization will take the payment card data and use cryptography to tokenize that data, so it can be accepted without introducing compliance and risk burden. The best place to use tokenization to tokenize data is either outside of your environment or at the very edge of your environment, (where the load balancer sits).
Utilizing Load Balancers and Tokenization
So, how do you use these two technologies together to get rid of sensitive data within your environment? Probably one of the cooler features load balancers have today is the ability to interact with the data flowing through them using rules you can create through their administrative consoles. For brands like F5, these rules are called iRules. Because load balancers can perform deep packet inspection to identify sensitive data, they can also leverage iRule capabilities, (or a similar capability using a different brand), to make web service requests to TokenEx to tokenize and detokenize these sensitive pieces of data before they make it past the load balancer. This takes all assets downstream from the load balancer out of scope for PCI compliance, (if you’re handing payment card data), and it also tokenizes other sensitive data sets, so this risky data never makes it into your environment.
Reduce Your Risk
Why is this so important? Well, handling any type of sensitive data introduces risk to your company. We all know about the damage a data breach can do to a company–egregious fines, class-action lawsuits, and even putting them out of business. Our goal at TokenEx is to introduce as many ways possible to leverage our platform to tokenize and secure data outside of your environment, so your company is not at risk of losing such sensitive data due to a breach. The great part about the strategy of using these technologies together is that the integration between the two assets is about as simple as it can get. Within minutes, you can be tokenizing data from your load balancer within the TokenEx environment introducing very little latency into the data exchange process.
Secure Vendor and Partner Data
The last point we’ll address is how to use this technology when you have vendors or partners who actually need the sensitive data you’ve tokenized. The use case here is that your processor needs the payment card number to process a payment. Problem is, you can’t very well send them a token to process in place of a credit card, so you need the actual payment card number back. However, you don’t want to bring it back into your environment. Using the same technique, create an iRule that calls the TokenEx platform and detokenizes the data outbound for the payment processor. It’s that easy, really!