Tokenizing the ERP Environment Without Touching the ERP

With larger organizations come larger integrations and more complexity.  Without a doubt, the number 1 question TokenEx fields with Enterprise class organizations is  Do you have experience integrating with SAP, Oracle, NetSuite, or other?  The short answer is yes.  The longer answer, TokenEx doesn’t really need to integrate with the larger ERP environments because our goal is to integrate out in front of the ERP, before the sensitive data hits these complex systems. Who are the biggest ERP providers? Why does TokenEx tokenize sensitive data sets before they hit the ERP? What are the costs of using 3rd party maintenance and support providers? How has TokenEx separated from its competitors in providing unlimited flexibility in their security stack?

What Is On the Market Today?

First, a bit of background on some of the ERPs in the marketplace today and how they work with solution providers like TokenEx. If you look at the two biggest ERP providers, arguably SAP & Oracle, both have a partner portal or something similar where solution providers can market their solutions specific to the ERP platform.  Take Oracle–they have the Oracle Marketplace.  This is where, once you’ve paid for your membership or partnership to the Oracle Network, you get to certify and advertise your solution.  The same is true for SAP, as well as other ERP providers where third-party solutions are made available for ERP consumers to leverage in their environment.

Tokenize Before It Hits the ERP

Why does TokenEx tokenize data sets before they hit the ERP environments?  If you wait until the data hits the ERP environment to tokenize it, you’re too late.  The ERP application is in scope for compliance, and this presents many challenges and expenses for organizations in relation to data security and compliance. TokenEx tokenizes these sensitive data sets before they ever touch your ERP solution, to guarantee that your organization will remain in compliance (PCI) while utilizing that solution, and reduce the risk of handling sensitive data sets inside your ERP environment.

Tokenizing Within the ERP is More Expensive

A prime example of the cost and compliance burden organizations must face if they tokenize their data after it reaches the ERP revolves around the maintenance and support costs.  From a compliance standpoint, (particularly PCI compliance), systems that interact with payment card data must have up-to-date system and security patches.  However, if you do not have a service contract for your ERP environment, you cannot download and install system and security patches for the ERP. Since these are part of the maintenance and support contracts that can cost millions of dollars every year, organizations that send untokenized data into the ERP environment are faced with the choice to either ante up those millions or be non-compliant.  Imagine 30% of the cost of the original price tag of one of these ERP environments every year to keep your maintenance and support contracts in place.  Dollars and figures, one of our customers paid $7MM for their SAP integration, and they now have the lovely pleasure of paying ~$2MM every year for Maintenance and Support.

3rd Party Maintenance and Support Leads to Non-compliance

So to avoid the previous scenario, now assume you decide you don’t want to pay for Maintenance & Support because it’s too expensive.  Say you decide to use an independent enterprise software support company like Rimini Street or Spinnaker to take over Maintenance & Support for your ERP environment.  Now your costs are 50% of the original Maintenance and Support contract with these third-party maintenance and support providers, but you don’t receive the system and security patches that are furnished by the OEM provider.  And, just like that, you’re out of compliance per PCI.  If you’re out of compliance, then you can expect fines and penalties from the card brands and your processors, as well as very steep penalties in the event of breach. You see how this works by now, so there’s really no way out.  Or, is there?

Unlimited Flexibility

Leveraging the TokenEx Data Security Platform stack– you can have it any way you want it?  We have the solutions in place today to give you the flexibility and independence you need for your environment.  This way, you avoid being trapped with costly maintenance and support contracts or non-compliance.  Using the TokenEx platform you will have access to any number of acceptance channel solutions that integrate with your E-Commerce, Mobile, Batch File, EDI, Contact Center, or other technologies that accept sensitive data.  Additionally, TokenEx will also provide technologies that allow you to pass data securely and in a compliant manner to service providers, partners, or other entities that need the data in its original format. You can have your data and use it too!

For a case study on our ability to support your needs with ERP environments, please reference our MRC Global Case Study.  Or, if you would like to contact TokenEx, we would enjoy the opportunity to learn more about your company, goals with tokenization, and desired strategy for securing sensitive data within your environment. TokenEx is the industry leader for cloud tokenization. Follow us on Twitter and LinkedIn.


Topic(s): data security , tokenization

Keep Up With Our PCI & Privacy Blog