See Full Story
The encryption vs. tokenization battle sometimes seems as fierce as the war between Pepsi and Coke, or the Cubs versus the White Sox. A lot has been written recently about securing data in the cloud, and the merits of the two methodologies are constantly being debated. The good news is that an argument over which is superior is far better than the alternative -- no data protection in the cloud. Securing data while in storage or in transit is mandatory in today's business climate. Implementing data security to protect sensitive information is becoming the norm.
Is it really either/or? You hint at a hybrid approach at the end of the article, but I'd argue that this is a permanent solution rather than a way of A/B-ing both products. Obviously the cost of using both may be too high for some businesses, but the plain fact is that only a multi-pronged approach will protect against all security holes (due to issues with browser implementation, neither ssl nor two-factor authentication are infallible). As an evangelist for VeriSign's extended validation ssl program -- which requires a more robust background check than regular certs and in turn protects sites with an unspoofable green url bar -- I'm often discussing how these products can be paired together. Also: Don't forget about problems with malware, which neither ssl nor tokenization will properly safeguard against. Point being: security is a many splendored thing.