Data Masking and Tokenization

Download Solution Brief

data masking hero

Keep sensitive data anonymous, portable, and compliant

Data masking and tokenization is a critical technology that enables organizations to reduce the impact of a cyber-attack, meet data privacy laws, and harness the value of their data. Yet, many Data, Security, and Application Teams still grapple with data security and privacy—sensitive data is everywhere, legacy solutions cannot scale and meet the performance and agility demands of modern distributed workloads, and adoption of siloed point solutions often infringes corporate security mandates or data privacy regulations.


The Fortanix Data Security Manager, a unified data security platform, powered by Confidential Computing, allows teams to keep sensitive PII and PHI data anonymous, portable and compliant. Fortanix delivers secure and scalable data tokenization solutions by means of vaultless, NIST-certified FF1 Format Preserving Encryption (FPE). Data sets are replaced with surrogate values called tokens, which retain the same format as the original data but have no intrinsic value. This data tokenization approach preserves the integrity and structure of data, yet it is deidentified and safeguarded from unauthorized access.

With Fortanix Tokenization, teams now can safely share and use data, while reducing cyber risks and complying with privacy and security regulations.


Reduce the cost and effort for PCI-DSS  compliance

Reduce the cost and effort for PCI-DSS compliance

Easily replace the 16-digit primary credit card account number with a vautless token and store securely to enable online transmission of this data.
PII Compliance (GDPR, CCPA)

PII Compliance (GDPR, CCPA)

Tokenize Personally Identifiable Information (PII) data to achieve compliance with a variety of privacy regulations, meet data residency requirements, and increase customers’ trust.
Accelerate HIPAA compliance

Accelerate HIPAA compliance

Comply with HIPAA regulations by substituting electronically protected health information (ePHI) and non-public personal information (NPPI) with a tokenized value.
Securely migrate to cloud

Securely migrate to cloud

Fortanix features natively integrated FIPS 140-2 Level 3 compliant HSM, available on-premises or as SaaS, that enables separate store of tokens and encryption keys to give organizations control over governance and access.


Mitigate risk of data breach

Manage keys, tokens, and policies across all infrastructure in a single UI.

Enforce governance and compliance

Implement administrative safeguards and quickly create tokenization rules to accelerate compliance.

Increase agility

Automate processes with SDKs and REST APIs and seamlessly integrate with CI/CD and SIEM tools.

Tokenization Diagram

The Fortanix Difference


A unified data security platform to manage Format Preserving Encryption and the lifecycle of encryption keys.


Tokenization performed in a Trusted Execution Environment to protect data in use.


SaaS or on-premises deployment with integrated FIPS 140-2 Level 3 HSM.

Fortanix secures data, wherever it is. Our data-first approach helps businesses of all sizes to modernize their security solutions on-premises, in the cloud and everywhere in between. Enterprises worldwide, especially in privacy-sensitive industries like healthcare, fintech, financial services, government, and retail, trust Fortanix for data security, privacy, and compliance. Fortanix investors include Goldman Sachs, Foundation Capital, Intel Capital, In-Q-Tel, Neotribe Ventures and GiantLeap Capital. Fortanix is headquartered in Santa Clara, CA. For more information, visit

Banner Background

Ready to test Fortanix Runtime Encryption?

request a demo
dsm laptop Image