DEV Community

Cover image for Acra. Features: Tokenization
Cossack Labs
Cossack Labs

Posted on • Updated on

Acra. Features: Tokenization

Typically, encrypted data is a binary data. But in some cases, database structure suggests using the original data format (string, int). Data tokenization works for similar goal as encryption (protect data's confidentiality) but allows storing data in its original format.

Use Acra Community Edition for free. Check out Acra Enterprise Edition tailored for solutions with high security requirements.

4️⃣ Tokenization

💡 Acra allows configuring data tokenization to certain database fields. Tokenization means that a sensitive data field is substituted with a token and matched to the original only when the original data field is required.

Acra combines encryption and tokenization—the original data fields are encrypted and stored in a separate table/database, when the original database stores tokens instead. Thus, the database leakage will reveal only tokens, not the original data.

Tokenization. Acra by Cossack Labs

Tokens look like plaintext data—they match the desired row type/format and length. Acra supports tokens of different formats: email, string, int, binary.

💡 Tokenization is useful for encrypting data in legacy systems—no need to change database scheme or rewrite legacy applications as they will continue working with tokens instead of original data.

Note, that data encryption, data masking, and tokenization are different security controls that address similar threats but provide different usability advantages. They all work for your sensitive data and build defense in depth on different levels.

Discussion (0)