SlideShare una empresa de Scribd logo

Tokenization Webinar featuring Securosis - Intel

Intel - API Security & Tokenization
Intel - API Security & Tokenization
TecnologíaEmpresariales
1 de 50
Choosing From 3 Core PCI-DSS Tokenization Models A. Tokenize 100% B. Modify Apps C. Proxy-data in transit Adrian Lane – Securosis PCI-DSS Analyst Blake Dournaee, Intel Application Security & Identity Products 1
Today’s Agenda • Basic tokenization flows- recap • Differing tokenization needs based on volume & merchant type • Pros/cons outsource vs on-prem • Proxy & encryption models Scope • 3 core solution deployment patterns Reduction • Use cases Application Security and Identity Products 2
Presents Tokenization Use Cases Adrian Lane, CTO alane@securosis.com Twitter: @AdrianLane
About Securosis
One key question: Why use tokenization?
• Tokenization means: - Fewer controls - Less complexity - Reduced audit scope - Fewer systems to review To make data security easier ...
To save time ...
And to save money. • Fewer security products for fewer systems • Fewer reports • Auditors have less to do
How does it work?
• By removing confidential data • Replace with low value token • Reduce CC#/PAN access • Reducing system interdependence • Fewer checks, controls and reports Here’s how:
2 Minute Tokenization Primer: • Tokenization replaces sensitive data with a random value. • Sensitive data is kept encrypted in a data vault. • The real data is only exposed when absolutely necessary. • Applications function as normal as token preserves format and data type.
The Tokens • Should be random or semi-random. • Same format as original value (e.g. 16 digits, passes LUHN check). • Some characteristics may carry-over (e.g. last 4 digits of a credit card number). • Single or multi-use.
Basic Architecture
Integration Options • Application API Calls • Proxy Agents • Database Queries • Back-office Systems
Non-CDE Cardholder Data Environment Token Database Token Server Authorized Tokenized Application databases out Tokenized of scope systems in De-tokenization request scope
Failover & Performance • Distributed • Replicated • Code books
You can’t steal what’s not there!
PCI Security Standards Council on Tokenization
Is it right for me? • Answer: It depends • Your type of business • Your application environment • The size of your business • Your goals
Deployment Models •In-house software/hardware •Edge tokenization •Tokenization-aaS •FPE
Use Case #1: Big Box Retail Chain • Web and retail locations • Huge transaction volume • POS, Card-swipe and web payment options • Tightly integrated back office systems • Full PCI Audits
In-house Tokenization
Use Case #1: Buying Decision • Per-transaction cost overriding factor • Worried about modifying existing applications • Want to reduce audit costs • Want reduced complexity, and scope reduction through reduced card storage
Use Case #2: Small Service Provider • Small transaction volume • Handful of retail locations • POS & Web site • Need to comply with self-assessment • No in-house security staff
Tokenization-aaS
Use Case #2: Buying Decision • Have no idea what PCI is but must comply as credit cards are key to their business • Accept higher per-transaction costs for removal of all PAN/Mag stripe data • Provider supports repayments/remediation • Minimal modification to existing applications
Use Case #3 Giant Web Retailer • No physical stores • Huge transaction volume • Multiple payment providers, promotions • Web payment and shopping cart applications • Data and IT security expertise • COTS applications with customizations
Edge/Proxy Tokenization
Use Case #3 Buying Decision • Very minor software upgrade • Dramatically reduced audit scope • Far less chance of data breach • Supports multiple payment providers via single shopping cart application • Maintains customer relationship
Use Case #4 Mid-sized merchant • All in-store sales, small web presence • Sizable POS investment • Highly cost-conscious • COTS applications, no in-house software • No in-house IT security • Worried about liability, CC# theft
Tokenization with FPE
Encryption vs. Tokenization Encryption Key + Algorithm Tokenization Tokenization Server
Use Case #4 Buying Decision • Did not require application modifications • FPE built into existing infrastructure • Reduced scope through highly restricted key access and key management • Moderate per-transaction service fees
Buying decisions ... • How much are transaction costs? • How costly to integrate into my apps? • Does it reduce PCI scope? • Does it work with my systems? • Is it reliable? Is it fast? • Have I reduced my risk?
Selection Process
Summary • Reduces security risks • Reduces complexity • Minimal IT systems impact • Reduces compliance costs • Securosis Whitepaper’s for more details
Adrian Lane Securosis, L.L.C. alane@securosis.com Twitter: AdrianLane
Cloud Service Broker Capabilities Reduce PCI Scope, Lower Costs & Protect Cardholder Data Blake Dournaee, Product Management Application Security and Identity Products 39
Tokenization Strategies // Input data to be tokenized. String inputData = new String("1234 5678 9012 3456"); // Get new instance of tokenization server TS server = new TokenizationServer(“192. 167.1.1”, “443); // Tokenize data, and catch exceptions try { String token =Server.tokenize(inputDa ta); } catch (Exception e) { Monolithic “Big Bang” Tokenization API or SDK Tokenization Proxy Tokenization (Modify Everything) (Modify Point Applications) (Modify In Data in Transit) Costs reduced by rip and replace Costs reduced by point Costs reduced by altering of entire architecture application changes data online with minimal application changes 40
Tokenization Strategies Type Strategy Key Challenges Key Benefits Example Monolithic Strive to take the entire Time to value, requires Eventually results RSA/FirstData, Verifone, Voltage Tokenization datacenter out of scope POS retail upgrades, in cost savings (P2P Encryption+Tokenization) (Big Bang) bank/payment processor lock-in; inflexible to change API or SDK Remove individual Each application requires Results in modest Protegrity, nuBridges, Safenet, Tokenization applications from scope code changes, usually scope and risk Voltage through an SDK or agent; reduction structured vault is difficult to scale; each application changed must be assessed Modular or Proxy Remove data flows Applications must Faster time to Intel Expressway Tokenization Tokenization from scope using a redirect data flows to a value, Requires Broker proxy new IP address fewer application changes; data is tokenized on the wire; massive scalability; assessment is centralized to a security gateway 41
Typical Retail Architecture Settlement Engine Retail POS AuthZ Engine Syndication Channels (Amazon) Browser E-Commerce Website Engine 42
Typical PCI DSS Scope Settlement Engine Retail POS AuthZ Engine Syndication Channels (Amazon) Legend: Browser Outside of Retailer In PCI DSS Scope Out of PCI DSS Scope E-Commerce Website Engine 43
Scope with Expressway Tokenization Broker Settlement Engine Retail POS AuthZ Engine Syndication Channels (Amazon) Legend: Browser Outside of Retailer In PCI DSS Scope Out of PCI DSS Scope E-Commerce Website Engine 44
Product Details 45
Intel® Expressway Tokenization Broker – V2 (1H, 2012) Hardware or Software Broker • Tamper resistant appliance with redundant, solid state storage • Software on Linux AS5-64 Sample Tokenization Application • Token Exchange • Token Management • User-defined credit card lengths, including 19 digit cards SQL databases are fundamentally non- scalable, and there is no magical pixie Secure Token Vault dust that we, or anyone, can sprinkle on • Clustered, high performance secure vault with unlimited token capacity them to suddenly make them scale. • Base configuration supports 300M tokens -Adam Wiggins, Founder of Heroku Highly Scalable “NoSQL” Vault (Cloud APaaS, Acquired by Salesforce.com) • Horizontal scalability increases performance for each additional node • High availability provided by N-to-N/Active-Active HA Clustering • Full back-up and restore capabilities Hitless Key Rotation •Change vault encryption keys with zero downtime •Addresses PCI-DSS 3.6.4 without stopping a single transaction Intel® Services Designer & Web Interface • Policy Design and Deployment • Token Exchange / Management Actions • Policy Deployment & Monitoring Application Security and Identity Products 46
Goal: E-Commerce Order Processing Manual Invoice Processing Problem: Exception cases require manual review, bringing additional systems into scope Solution: Internal tokenization Payment Processor E-Commerce Invoice with Payment BPM Supply Web Server Supply Website Credit Card Number Application System Chain App Chain App Order Exception Manual review of invoice and re-entry Portal Additional … Data Store Post-Payment Applications PCI Scope Merchant Data Center 47
Goal: E-Commerce Order Processing Manual Invoice Processing Problem: Exception cases require manual review, bringing additional systems into scope Solution: Internal tokenization Payment Processor E-Commerce Invoice with Payment BPM Supply Web Server Supply Website Credit Card Number Application System Chain App Chain App Order Exception Manual review of invoice and re-entry Portal Additional … Data Store Post-Payment Applications PCI Scope Merchant Data Center 48
Goal: Bill Processing, Consolidation, Printing Financial Statement Processor Problem: Non-payment processing applications contain PAN information, increasing scoping costs Solution: Internal tokenization Customer Customized Bills Billing Information and Statements Documents Large Data with original PAN Feeds with PAN data Data Connected App. Databases Portals IBM WebSphere Middleware Invoicing, Bill Payment Bill Production and Printing Bank Statement Customization and Consolidation PCI Scope Service Provider Data Center 49
Goal: Bill Processing, Consolidation, Printing Financial Statement Processor Problem: Non-payment processing applications contain PAN information, increasing scoping costs Solution: Internal tokenization Data w/ Tokens Customer Customized Bills Billing Information and Statements Documents Large Data with original PAN Edge Security + Tokenization Feeds with PAN data Data Connected App. Databases Portals Invoicing, Bill Payment Bill Production and Printing Bank Statement Customization and Consolidation PCI Scope Service Provider Data Center 50
For Additional Information, go to: www.intel.com/go/identity Download Eval Data Sheet PCI White Paper Assessors Guide E-mail: intelsoainfo@intel.com 51

Recomendados

Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Zach Gardner
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to TokenizationNabeel Yoosuf
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudIntel - API Security & Tokenization
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationVasanth Mca
 
CREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityCREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityRahul Tyagi
 
Experiment
ExperimentExperiment
Experimentjbashask
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalAlex Tan
 
Integrating blockchain and traditional web
Integrating blockchain and traditional webIntegrating blockchain and traditional web
Integrating blockchain and traditional webMichael Coon
 

Recomendados

Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Zach Gardner
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to TokenizationNabeel Yoosuf
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudIntel - API Security & Tokenization
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationVasanth Mca
 
CREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityCREDITSEC - Next Generation Credit Card Security
CREDITSEC - Next Generation Credit Card SecurityRahul Tyagi
 
Experiment
ExperimentExperiment
Experimentjbashask
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalAlex Tan
 
Integrating blockchain and traditional web
Integrating blockchain and traditional webIntegrating blockchain and traditional web
Integrating blockchain and traditional webMichael Coon
 
P8 a blockchain framework for insurance processes
P8 a blockchain framework for insurance processesP8 a blockchain framework for insurance processes
P8 a blockchain framework for insurance processesdevid8
 
Access control
Access controlAccess control
Access controlRickyadhikari
 
Blockchain
BlockchainBlockchain
BlockchainAnil Chaurasiya
 
IRJET- Blockchain-A Secure Mode for Transaction
IRJET- Blockchain-A Secure Mode for TransactionIRJET- Blockchain-A Secure Mode for Transaction
IRJET- Blockchain-A Secure Mode for TransactionIRJET Journal
 
Distributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilDistributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilmustafa sarac
 
Factographic significance
Factographic significanceFactographic significance
Factographic significanceNadya_0802
 
Price PRedictions for Crypto-Assets Using Deep Learning
Price PRedictions for Crypto-Assets Using Deep LearningPrice PRedictions for Crypto-Assets Using Deep Learning
Price PRedictions for Crypto-Assets Using Deep LearningJesus Rodriguez
 
Trondheim20070508_OECDf
Trondheim20070508_OECDfTrondheim20070508_OECDf
Trondheim20070508_OECDffnfzone
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice SectorPatrick Cormier
 
Int Lecture 4
Int Lecture 4Int Lecture 4
Int Lecture 4uccwebcourses
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection onlineBozhidar Bozhanov
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloudrahulmonikasharma
 
Blockchain-Based Data Preservation System for Medical Data
Blockchain-Based Data Preservation System for Medical DataBlockchain-Based Data Preservation System for Medical Data
Blockchain-Based Data Preservation System for Medical DataSwarup Saha
 
Applying Blockchain Technology for Digital Transformation
Applying Blockchain Technology for Digital TransformationApplying Blockchain Technology for Digital Transformation
Applying Blockchain Technology for Digital TransformationGokul Alex
 
Overview
OverviewOverview
Overviewitsvineeth209
 
SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)Priyanka Aash
 
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1Gilbert Verdian
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven Architectureandreaskallberg
 
Blockchain testing strategy
Blockchain testing strategyBlockchain testing strategy
Blockchain testing strategyrajni singh
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011Ulf Mattsson
 
Event Driven-Architecture from a Scalability perspective
Event Driven-Architecture from a Scalability perspectiveEvent Driven-Architecture from a Scalability perspective
Event Driven-Architecture from a Scalability perspectiveJonas Bonér
 
BlockChain-1.pptx
BlockChain-1.pptxBlockChain-1.pptx
BlockChain-1.pptxBiswaranjanSwain19
 

Más contenido relacionado

La actualidad más candente

P8 a blockchain framework for insurance processes
P8 a blockchain framework for insurance processesP8 a blockchain framework for insurance processes
P8 a blockchain framework for insurance processesdevid8
 
IRJET- Blockchain-A Secure Mode for Transaction
IRJET- Blockchain-A Secure Mode for TransactionIRJET- Blockchain-A Secure Mode for Transaction
IRJET- Blockchain-A Secure Mode for TransactionIRJET Journal
 
Distributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilDistributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilmustafa sarac
 
Factographic significance
Factographic significanceFactographic significance
Factographic significanceNadya_0802
 
Price PRedictions for Crypto-Assets Using Deep Learning
Price PRedictions for Crypto-Assets Using Deep LearningPrice PRedictions for Crypto-Assets Using Deep Learning
Price PRedictions for Crypto-Assets Using Deep LearningJesus Rodriguez
 
Trondheim20070508_OECDf
Trondheim20070508_OECDfTrondheim20070508_OECDf
Trondheim20070508_OECDffnfzone
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice SectorPatrick Cormier
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection onlineBozhidar Bozhanov
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloudrahulmonikasharma
 
Blockchain-Based Data Preservation System for Medical Data
Blockchain-Based Data Preservation System for Medical DataBlockchain-Based Data Preservation System for Medical Data
Blockchain-Based Data Preservation System for Medical DataSwarup Saha
 
Applying Blockchain Technology for Digital Transformation
Applying Blockchain Technology for Digital TransformationApplying Blockchain Technology for Digital Transformation
Applying Blockchain Technology for Digital TransformationGokul Alex
 

La actualidad más candente (15)

P8 a blockchain framework for insurance processes
P8 a blockchain framework for insurance processesP8 a blockchain framework for insurance processes
P8 a blockchain framework for insurance processes
 
Access control
Access controlAccess control
Access control
 
Blockchain
BlockchainBlockchain
Blockchain
 
IRJET- Blockchain-A Secure Mode for Transaction
IRJET- Blockchain-A Secure Mode for TransactionIRJET- Blockchain-A Secure Mode for Transaction
IRJET- Blockchain-A Secure Mode for Transaction
 
Distributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazilDistributed ledger technical research in central bank of brazil
Distributed ledger technical research in central bank of brazil
 
Factographic significance
Factographic significanceFactographic significance
Factographic significance
 
Price PRedictions for Crypto-Assets Using Deep Learning
Price PRedictions for Crypto-Assets Using Deep LearningPrice PRedictions for Crypto-Assets Using Deep Learning
Price PRedictions for Crypto-Assets Using Deep Learning
 
Trondheim20070508_OECDf
Trondheim20070508_OECDfTrondheim20070508_OECDf
Trondheim20070508_OECDf
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
 
Int Lecture 4
Int Lecture 4Int Lecture 4
Int Lecture 4
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection online
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
 
Blockchain-Based Data Preservation System for Medical Data
Blockchain-Based Data Preservation System for Medical DataBlockchain-Based Data Preservation System for Medical Data
Blockchain-Based Data Preservation System for Medical Data
 
Applying Blockchain Technology for Digital Transformation
Applying Blockchain Technology for Digital TransformationApplying Blockchain Technology for Digital Transformation
Applying Blockchain Technology for Digital Transformation
 
Overview
OverviewOverview
Overview
 

Similar a Tokenization Webinar featuring Securosis - Intel

SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)Priyanka Aash
 
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1Gilbert Verdian
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven Architectureandreaskallberg
 
Blockchain testing strategy
Blockchain testing strategyBlockchain testing strategy
Blockchain testing strategyrajni singh
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011Ulf Mattsson
 
Event Driven-Architecture from a Scalability perspective
Event Driven-Architecture from a Scalability perspectiveEvent Driven-Architecture from a Scalability perspective
Event Driven-Architecture from a Scalability perspectiveJonas Bonér
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEGreg Stone
 
Quiterian analytics
Quiterian analyticsQuiterian analytics
Quiterian analyticsMode Baldeh
 
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)TokenEx
 
Block chain fundamentals and hyperledger
Block chain fundamentals and hyperledgerBlock chain fundamentals and hyperledger
Block chain fundamentals and hyperledgersendhilkumarks
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelJon Todd
 
Logical Data Fabric and Industry-Focused Solutions by IQZ Systems
Logical Data Fabric and Industry-Focused Solutions by IQZ SystemsLogical Data Fabric and Industry-Focused Solutions by IQZ Systems
Logical Data Fabric and Industry-Focused Solutions by IQZ SystemsDenodo
 
The Evolution of Customer License Management
The Evolution of Customer License ManagementThe Evolution of Customer License Management
The Evolution of Customer License ManagementFlexera
 
IBM Blockchain Platform - Architectural Good Practices v1.0
IBM Blockchain Platform - Architectural Good Practices v1.0IBM Blockchain Platform - Architectural Good Practices v1.0
IBM Blockchain Platform - Architectural Good Practices v1.0Matt Lucas
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2Anne Starr
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchJonathan LeBlanc
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITPeter HJ van Eijk
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 

Similar a Tokenization Webinar featuring Securosis - Intel (20)

SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)SACON - Beyond corp (Arnab Chattopadhayay)
SACON - Beyond corp (Arnab Chattopadhayay)
 
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1
Quant Overledger for Mobility, IOT and Automotive sectors - MOBI 20190220 v1
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven Architecture
 
Blockchain testing strategy
Blockchain testing strategyBlockchain testing strategy
Blockchain testing strategy
 
PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011PCI DSS Conference in London UK 2011
PCI DSS Conference in London UK 2011
 
Event Driven-Architecture from a Scalability perspective
Event Driven-Architecture from a Scalability perspectiveEvent Driven-Architecture from a Scalability perspective
Event Driven-Architecture from a Scalability perspective
 
BlockChain-1.pptx
BlockChain-1.pptxBlockChain-1.pptx
BlockChain-1.pptx
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PE
 
Quiterian analytics
Quiterian analyticsQuiterian analytics
Quiterian analytics
 
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)
 
BlockChain-1.pptx
BlockChain-1.pptxBlockChain-1.pptx
BlockChain-1.pptx
 
Block chain fundamentals and hyperledger
Block chain fundamentals and hyperledgerBlock chain fundamentals and hyperledger
Block chain fundamentals and hyperledger
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate Level
 
Logical Data Fabric and Industry-Focused Solutions by IQZ Systems
Logical Data Fabric and Industry-Focused Solutions by IQZ SystemsLogical Data Fabric and Industry-Focused Solutions by IQZ Systems
Logical Data Fabric and Industry-Focused Solutions by IQZ Systems
 
The Evolution of Customer License Management
The Evolution of Customer License ManagementThe Evolution of Customer License Management
The Evolution of Customer License Management
 
IBM Blockchain Platform - Architectural Good Practices v1.0
IBM Blockchain Platform - Architectural Good Practices v1.0IBM Blockchain Platform - Architectural Good Practices v1.0
IBM Blockchain Platform - Architectural Good Practices v1.0
 
dtechnClouologyassociatepart2
dtechnClouologyassociatepart2dtechnClouologyassociatepart2
dtechnClouologyassociatepart2
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 

Último

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Tokenization Webinar featuring Securosis - Intel

  • 1. Choosing From 3 Core PCI-DSS Tokenization Models A. Tokenize 100% B. Modify Apps C. Proxy-data in transit Adrian Lane – Securosis PCI-DSS Analyst Blake Dournaee, Intel Application Security & Identity Products 1
  • 2. Today’s Agenda • Basic tokenization flows- recap • Differing tokenization needs based on volume & merchant type • Pros/cons outsource vs on-prem • Proxy & encryption models Scope • 3 core solution deployment patterns Reduction • Use cases Application Security and Identity Products 2
  • 3. Presents Tokenization Use Cases Adrian Lane, CTO alane@securosis.com Twitter: @AdrianLane
  • 5. One key question: Why use tokenization?
  • 6. Tokenization means: - Fewer controls - Less complexity - Reduced audit scope - Fewer systems to review To make data security easier ...
  • 8. And to save money. • Fewer security products for fewer systems • Fewer reports • Auditors have less to do
  • 9. How does it work?
  • 10. By removing confidential data • Replace with low value token • Reduce CC#/PAN access • Reducing system interdependence • Fewer checks, controls and reports Here’s how:
  • 11. 2 Minute Tokenization Primer: • Tokenization replaces sensitive data with a random value. • Sensitive data is kept encrypted in a data vault. • The real data is only exposed when absolutely necessary. • Applications function as normal as token preserves format and data type.
  • 12. The Tokens • Should be random or semi-random. • Same format as original value (e.g. 16 digits, passes LUHN check). • Some characteristics may carry-over (e.g. last 4 digits of a credit card number). • Single or multi-use.
  • 14. Integration Options • Application API Calls • Proxy Agents • Database Queries • Back-office Systems
  • 15. Non-CDE Cardholder Data Environment Token Database Token Server Authorized Tokenized Application databases out Tokenized of scope systems in De-tokenization request scope
  • 16. Failover & Performance • Distributed • Replicated • Code books
  • 17. You can’t steal what’s not there!
  • 19. Is it right for me? • Answer: It depends • Your type of business • Your application environment • The size of your business • Your goals
  • 20. Deployment Models •In-house software/hardware •Edge tokenization •Tokenization-aaS •FPE
  • 21. Use Case #1: Big Box Retail Chain • Web and retail locations • Huge transaction volume • POS, Card-swipe and web payment options • Tightly integrated back office systems • Full PCI Audits
  • 23. Use Case #1: Buying Decision • Per-transaction cost overriding factor • Worried about modifying existing applications • Want to reduce audit costs • Want reduced complexity, and scope reduction through reduced card storage
  • 24. Use Case #2: Small Service Provider • Small transaction volume • Handful of retail locations • POS & Web site • Need to comply with self-assessment • No in-house security staff
  • 26. Use Case #2: Buying Decision • Have no idea what PCI is but must comply as credit cards are key to their business • Accept higher per-transaction costs for removal of all PAN/Mag stripe data • Provider supports repayments/remediation • Minimal modification to existing applications
  • 27. Use Case #3 Giant Web Retailer • No physical stores • Huge transaction volume • Multiple payment providers, promotions • Web payment and shopping cart applications • Data and IT security expertise • COTS applications with customizations
  • 29. Use Case #3 Buying Decision • Very minor software upgrade • Dramatically reduced audit scope • Far less chance of data breach • Supports multiple payment providers via single shopping cart application • Maintains customer relationship
  • 30. Use Case #4 Mid-sized merchant • All in-store sales, small web presence • Sizable POS investment • Highly cost-conscious • COTS applications, no in-house software • No in-house IT security • Worried about liability, CC# theft
  • 32. Encryption vs. Tokenization Encryption Key + Algorithm Tokenization Tokenization Server
  • 33. Use Case #4 Buying Decision • Did not require application modifications • FPE built into existing infrastructure • Reduced scope through highly restricted key access and key management • Moderate per-transaction service fees
  • 34. Buying decisions ... • How much are transaction costs? • How costly to integrate into my apps? • Does it reduce PCI scope? • Does it work with my systems? • Is it reliable? Is it fast? • Have I reduced my risk?
  • 36. Summary • Reduces security risks • Reduces complexity • Minimal IT systems impact • Reduces compliance costs • Securosis Whitepaper’s for more details
  • 37. Adrian Lane Securosis, L.L.C. alane@securosis.com Twitter: AdrianLane
  • 38. Cloud Service Broker Capabilities Reduce PCI Scope, Lower Costs & Protect Cardholder Data Blake Dournaee, Product Management Application Security and Identity Products 39
  • 39. Tokenization Strategies // Input data to be tokenized. String inputData = new String("1234 5678 9012 3456"); // Get new instance of tokenization server TS server = new TokenizationServer(“192. 167.1.1”, “443); // Tokenize data, and catch exceptions try { String token =Server.tokenize(inputDa ta); } catch (Exception e) { Monolithic “Big Bang” Tokenization API or SDK Tokenization Proxy Tokenization (Modify Everything) (Modify Point Applications) (Modify In Data in Transit) Costs reduced by rip and replace Costs reduced by point Costs reduced by altering of entire architecture application changes data online with minimal application changes 40
  • 40. Tokenization Strategies Type Strategy Key Challenges Key Benefits Example Monolithic Strive to take the entire Time to value, requires Eventually results RSA/FirstData, Verifone, Voltage Tokenization datacenter out of scope POS retail upgrades, in cost savings (P2P Encryption+Tokenization) (Big Bang) bank/payment processor lock-in; inflexible to change API or SDK Remove individual Each application requires Results in modest Protegrity, nuBridges, Safenet, Tokenization applications from scope code changes, usually scope and risk Voltage through an SDK or agent; reduction structured vault is difficult to scale; each application changed must be assessed Modular or Proxy Remove data flows Applications must Faster time to Intel Expressway Tokenization Tokenization from scope using a redirect data flows to a value, Requires Broker proxy new IP address fewer application changes; data is tokenized on the wire; massive scalability; assessment is centralized to a security gateway 41
  • 41. Typical Retail Architecture Settlement Engine Retail POS AuthZ Engine Syndication Channels (Amazon) Browser E-Commerce Website Engine 42
  • 42. Typical PCI DSS Scope Settlement Engine Retail POS AuthZ Engine Syndication Channels (Amazon) Legend: Browser Outside of Retailer In PCI DSS Scope Out of PCI DSS Scope E-Commerce Website Engine 43
  • 43. Scope with Expressway Tokenization Broker Settlement Engine Retail POS AuthZ Engine Syndication Channels (Amazon) Legend: Browser Outside of Retailer In PCI DSS Scope Out of PCI DSS Scope E-Commerce Website Engine 44
  • 45. Intel® Expressway Tokenization Broker – V2 (1H, 2012) Hardware or Software Broker • Tamper resistant appliance with redundant, solid state storage • Software on Linux AS5-64 Sample Tokenization Application • Token Exchange • Token Management • User-defined credit card lengths, including 19 digit cards SQL databases are fundamentally non- scalable, and there is no magical pixie Secure Token Vault dust that we, or anyone, can sprinkle on • Clustered, high performance secure vault with unlimited token capacity them to suddenly make them scale. • Base configuration supports 300M tokens -Adam Wiggins, Founder of Heroku Highly Scalable “NoSQL” Vault (Cloud APaaS, Acquired by Salesforce.com) • Horizontal scalability increases performance for each additional node • High availability provided by N-to-N/Active-Active HA Clustering • Full back-up and restore capabilities Hitless Key Rotation •Change vault encryption keys with zero downtime •Addresses PCI-DSS 3.6.4 without stopping a single transaction Intel® Services Designer & Web Interface • Policy Design and Deployment • Token Exchange / Management Actions • Policy Deployment & Monitoring Application Security and Identity Products 46
  • 46. Goal: E-Commerce Order Processing Manual Invoice Processing Problem: Exception cases require manual review, bringing additional systems into scope Solution: Internal tokenization Payment Processor E-Commerce Invoice with Payment BPM Supply Web Server Supply Website Credit Card Number Application System Chain App Chain App Order Exception Manual review of invoice and re-entry Portal Additional … Data Store Post-Payment Applications PCI Scope Merchant Data Center 47
  • 47. Goal: E-Commerce Order Processing Manual Invoice Processing Problem: Exception cases require manual review, bringing additional systems into scope Solution: Internal tokenization Payment Processor E-Commerce Invoice with Payment BPM Supply Web Server Supply Website Credit Card Number Application System Chain App Chain App Order Exception Manual review of invoice and re-entry Portal Additional … Data Store Post-Payment Applications PCI Scope Merchant Data Center 48
  • 48. Goal: Bill Processing, Consolidation, Printing Financial Statement Processor Problem: Non-payment processing applications contain PAN information, increasing scoping costs Solution: Internal tokenization Customer Customized Bills Billing Information and Statements Documents Large Data with original PAN Feeds with PAN data Data Connected App. Databases Portals IBM WebSphere Middleware Invoicing, Bill Payment Bill Production and Printing Bank Statement Customization and Consolidation PCI Scope Service Provider Data Center 49
  • 49. Goal: Bill Processing, Consolidation, Printing Financial Statement Processor Problem: Non-payment processing applications contain PAN information, increasing scoping costs Solution: Internal tokenization Data w/ Tokens Customer Customized Bills Billing Information and Statements Documents Large Data with original PAN Edge Security + Tokenization Feeds with PAN data Data Connected App. Databases Portals Invoicing, Bill Payment Bill Production and Printing Bank Statement Customization and Consolidation PCI Scope Service Provider Data Center 50
  • 50. For Additional Information, go to: www.intel.com/go/identity Download Eval Data Sheet PCI White Paper Assessors Guide E-mail: intelsoainfo@intel.com 51

Notas del editor

  1. Title: Enterprise API Best Practices (John) – ~15 slides – Talk for 25-30 minutes I. API Evolution – Where did they come from? (6-8 slides)  a. APIs evolved from SOA as services  b. Now they are pervasive – REST/JSON is king  c. 2011 API growth was huge – what will 2012 look like? d. API business model slides – which types of businesses benefit the most from APIs? (Blake to help with this) e. Comparison to website – APIs are the new “website” II. Categories: Open APIs versus Private APIs (4 slides)  a. Open APIs focus on developer on-boarding and platform enablement – name examples b. Private APIs (Enterprise APIs) focus on security, scalability, and availability – name examples of these (if you have some)  c. For Enterprise APIs, developer on-boarding is less of an issueIII. Hosted vs On-Premise (1-2 slides)  a. What are the pros and cons of hosting an API through an enabler service (Mashery/APIgee) versus doing it yourself.b. Hosted – Good for open APIs, as the developer community is more importantc. On-Premise – Good for private/enterprise grade APIs, as security and scalability are paramount   (Blake) – 8 to 10 slides – Talk for 10-15 minutes III. Enterprise Use cases – Types of things an Enterprise wants to do (1-2 slides)IV. The value of the gateway pattern – abstraction (consuming APIs) and security (protecting APIs) – (2 slides)V. Security overview – threats, trust, anti-malware, data loss prevention (1 slide)VI. Intel Expressway Product Pitch (2 slides)VII. Customer Examples (2 slides)
  2. Embedded Secure Vault – Clustered, high performance secure vault with unlimited token capacityHorizontal Scalability – Additive, Load scalability increases performance for each additional nodeHigh Availability – N-to-N/Active-Active HA Clustering. Hitless Key Rotation – Change vault encryption keys with zero downtimeHardware Upgrade – 10G Ethernet, Dual Disks, 32GB Memory, Dual SSD drives (300GB)Log Privacy and Security – RedactionCustom Credit Card Support – User-defined credit card length support, including 19 digit cardsVault Back-Up & Restore – Supports manual back-up and restore for archival.
  3. Resources on the PCI Solutions page of DP include the following: Eval Version of Tokenization Broker Data Sheet PCI DSS White Paper Gateway Tokenization Webinar Playback QSA Assessors Guide (New content’s being added on a regular basis- Please keep posted!)