When organizations look to protect sensitive data at rest in the cloud or in transit on the way to it, there are two primary obfuscation strategies most consider – tokenization or encryption. But some enterprises may not know the details of how these methods work or how they differ.
A newer technology, tokenization is the process of taking a sensitive data field and replacing it with a surrogate value called a token. De-tokenization is the reverse process of replacing a token with its associated clear text value.
Encryption uses a cipher algorithm to mathematically transform data. Encrypted values can be transformed back to the original value via the use of a key. With encryption, a mathematical link back to its true form still exists.