Overview
Tokenization, or Format-Preserving Encryption (FPE), substitutes select sensitive data elements such as PANs, PHI, and PII with a surrogate value—called a token—which uses the same format as the original dataset but holds no real value in the event of a breach.
Fortanix tokenization solution masks your sensitive data without interfering with Business Intelligence or Analytics tools and helps organizations securely share select data sets while complying with privacy and security regulations.
Fortanix Solution
Fortanix Data Security Manager enables simple and efficient tokenization workflows with a cloud-scale architecture for better and faster performance. A single unified platform for secure key management and cryptography services including cloud key management, secret management, and much more to protect sensitive data in hybrid and multi-cloud environments.
The built-in encryption, key management, and tokenization services support a comprehensive set of interfaces such as REST APIs, PKCS11, CNG, JCE, KMIP, and others.

Benefits
Granular Data Access Control
The combination of Format-Preserving Tokenization (FPE) and Role-Based Access Control (RBAC) strengthens the protection of sensitive data. With Fortanix as a centralized platform, authorized identities such as applications and users get a unified workflow to authenticate, query and tokenize data, regardless of the app’s or user’s location.
Safe Data Sharing
Fortanix offers vault-less tokenization that’s more secure and simpler to manage. The platform provides FIPS 140-2 Level 3 compliant HSMs to protect the keys for tokenized data—eliminating the need for a centralized token database. In addition, organizations can more safely expose select data sets to 3rd parties or developers for data analytics, or with support staff to verify end-customer identities, for example.
Simplified Regulatory Compliance
Application developers can access the Fortanix platform from any location to dynamically mask sensitive data like credit card or social security numbers to achieve PCI-DSS compliance and add an additional layer of security. Similarly, developers can apply HIPAA regulations by substituting electronically protected health information (ePHI) and non-public personal information (NPPI) with a tokenized value.
The Fortanix Difference

Vaultless Tokenization
Vaultless Tokenization is more secure. Fortanix Vaultless Tokenization uses a FIPS 140-2 Level 3 compliant HSM to tokenize data. There is no centralized token database required.
Advanced Data Masking
A user can choose to dynamically mask an entire field of tokenized data or part of the field based on users or group.