It is safe to say that there has never been a more important point in history for protecting sensitive information, but are all data protection approaches equal?  This whitepaper explores the limitations of data-at-rest encryption, the complex challenges of applying data obfuscation to data the moment it is created in an application, and practical architectures and approaches to simplifying application-level data protection to better address securing data where most breaches occur – at the application layer.

This Summary of Findings reveals misconceptions related to application-level data protection, which can leave important gaps in data security, and it explores the perceptions, complexities, challenges, and intentions of enterprises when it comes to protecting their sensitive data in use.

That data protection cannot be great, if cryptographic key management is poor is a fundamental truth of information security, however many enterprises are not attuned to the fundamentals of sound cryptographic key management.

Tokenization is now widely recognized as an effective strategy for limiting the risk of exposure from a data breach, but enterprises have learned much from first generation tokenization solutions and should expect more from today’s solutions, including the ability to govern who can access data, and in what format.

Using copies of production data for developing and testing new code or system enhancements risks exposing the data and violating data privacy regulations unnecessarily, however anonymizing the production data, which can be done effectively and economically, can safeguard the data before it is used.

The complexity related to the data preparation process for issuing EMV chip cards makes it tempting to outsource the process to a third party, however there are risks associated with outsourcing EMV data preparation and benefits to retaining it in-house that should be carefully considered.