Tokenization takes the lead in the fight for data security
Presented by Capital One Software
Tokenization is emerging as a cornerstone of modern data security, helping companies separate the value of their data from its risks. During this VB in ConversationRavi Raghu, president of Capital One Software, talks about the ways in which tokenization can help reduce the value of compromised data and preserve the underlying data format and usability, including Capital One’s own experience in leveraging tokenization at scale.
Tokenization, Raghu claims, is a far superior technology. It converts sensitive data into a non-sensitive digital replacement called a token, which goes back to the original, which is secured in a digital vault. The token placeholder preserves both the format and usefulness of the sensitive data and can be used in all applications, including AI models. Because tokenization removes the need to manage encryption keys or dedicate computing power to constantly encrypting and decrypting, it offers one of the most scalable ways for companies to protect their most sensitive data, he added.
“The deadly part, from a security perspective, if you think about it in relation to other methods: If a bad actor gets their hands on the data, they get their hands on tokens,” he explained. “The actual data isn’t with the token, unlike other methods like encryption, where the actual data sits there, waiting for someone to get a key or use brute force to get to the real data. From every angle, this is the ideal way to protect sensitive data.”
The tokenization differentiator
Most organizations are just scratching the surface of data security, adding security at the very end, when the data is read, to prevent an end user from accessing it. At a minimum, organizations should focus on securing data as it is written while it is being stored. But the best organizations go further and protect data from birth, from the moment it is created.
At one end of the security spectrum is a simple lock-and-key approach that limits access but leaves the underlying data intact. More advanced methods, such as masking or altering data, permanently change its meaning – which can compromise its usability. File-level encryption provides broader protection for large amounts of stored data, but when you talk about field-level encryption (for example, a social security number), it becomes more challenging. It takes a lot of computing power to encrypt a single field, and then decrypt it at the time of use. And still it has a fatal flaw: the original data is still there and only needs the key to access it.
Tokenization avoids these pitfalls by replacing the original data with a surrogate that has no intrinsic value. If the token is intercepted – by the wrong person or by the wrong machine – the data itself remains safe.
The business value of tokenization
“Essentially, you’re protecting data, and that’s invaluable,” Raghu said. “Another thing that’s invaluable: Can you then use that for modeling purposes? On the one hand, it’s a protective tool, and on the other hand, it’s a business enabler.”
Because tokenization preserves the structure and ordinality of the original data, it can still be used for modeling and analysis, making protection a business enabler. Take private health data covered by HIPAA, for example: tokenization means data can be used to build pricing models or for gene therapy research while still remaining compliant.
“If your data is already protected, you can expand the use of data across the enterprise and ensure everyone gets more and more value from the data,” said Raghu. “Conversely, if you don’t have that, there’s a lot of reluctance among companies today to give more people access to it, or to give more and more AI agents access to their data. Ironically, they limit the explosion radius of innovation. The impact of tokenization is huge, and there are a lot of metrics you could use to measure that: operational impact, revenue impact, and of course, peace of mind from a security perspective.”
Breaking adoption barriers
Until now, the fundamental challenges with traditional tokenization have been performance. AI requires scale and speed that is unprecedented. That’s one of the biggest challenges Capital One is addressing with Databolt, its vaultless tokenization solution, which can produce up to 4 million tokens per second.
“Capital One has been undergoing tokenization for over a decade. We started it because we serve our 100 million banking customers. We want to protect that sensitive data,” Raghu said. “We’ve been eating our own dog food with our internal tokenization capacity, over 100 billion times a month. We’ve taken that knowledge and that capability, scale and speed and innovated for the world to use, so that it’s a commercial offering.”
Vaultless tokenization is an advanced form of tokenization that does not require a central database (vault) to store token allocations. Instead, it uses mathematical algorithms, cryptographic techniques and deterministic mapping to generate tokens dynamically. This approach is faster, more scalable, and eliminates the security risk associated with managing a vault.
“We realized that because of the scale and speed requirements we had, we had to build out that capacity ourselves,” Raghu said. “We’ve worked continuously to ensure it can scale to hundreds of billions of activities per month. All of our innovation revolves around building IP and the ability to do that at a proven scale across our enterprise, with the goal of serving our customers.”
While conventional tokenization methods can add some complexity and slow down operations, Databolt integrates seamlessly with encrypted data warehouses, allowing companies to maintain robust security without slowing down performance or operations. Tokenization takes place in the customer’s environment, eliminating the need to communicate with an external network to perform tokenization operations, which can also slow down performance.
“We believe that tokenization should be fundamentally easy to implement,” said Raghu. “You should be able to secure your data very quickly and operate at the speed, scale and cost that organizations need. I think this has been a critical barrier to the mass adoption of tokenization so far. In an AI world, that will become a huge factor.”
Don’t miss it the entire conversation with Ravi Raghu, president of Capital One Software, here.
Sponsored articles are content produced by a company that pays for the post or has a business relationship with VentureBeat, and is always clearly marked. For more information please contact sales@venturebeat.com.
