Classic encryption technologies have a long history as a means for protecting sensitive data.
When encrypting data, plaintext values are obscured and thereby protected. Whoever holds the proper keys gets access sensitive information. But this can also present a challenge.
With classic encryption, you can't configure the format of the protected element. Furthermore, it has a different length and typically contains values of a completely different character set.
All this sounds good until you go about trying to work with encrypted data in your business workflows. Changing the format of data elements causes problems.
How? Existing infrastructures are often designed in a way that the format of each data element is predeﬁned and limited to the typical maximum length.
Format Preserving Encryption extends classic-encryption algorithms (typically AES) in a way that makes them format-preserving.
This results in data that doesn't break existing databases, message formats, and applications. That means you can still process and analyze the data while it is encrypted.
Note: Some FPE algorithms are declared to be not secure. comforte is ensuring that our protection methods are verified by independent cryptoanalysts.
Classic encryption is well known for requiring the sharing of protection secrets, which often necessitates complex key management.
Sharing a protection secret with unsecured entities increases the risk of sensitive information being breached. It's another attack vector.
comforte’s format-preserving protection is implemented with a central system that comes with various layers of isolation to protect access.
Yes. Protection methods not only vary in how they change the data. You should consider far more when choosing the right mechanism for a specific use case.
Read this e-book to learn more about protection methods and their use cases.Download E-Book