MVISION Cloud Tokenization for Sanctioned IT uses SHA-256 tokenization to protect user anonymity. Tokenization also fulfills use cases where some data must be kept obfuscated. For example, in many global, large enterprises Infosec teams do not have access to employee profiling information unless authorized by legal teams to investigate a potential or actual incident. In such cases, employee personally identifiable information (PII) must be protected and kept confidential until permission to access PII is received from Legal teams or such approving authorities.
In Europe, for example, employers cannot use any PII that profiles user activity without the explicit permission of European Labor Councils. Enterprises are required to protect employee PII. Using Tokenization, this workflow can be fulfilled without sacrificing security controls over enterprise data in the Cloud.
The tokenization process is as follows:
- The salt is uploaded from MVISION Cloud Connector to MVISION Cloud. This is a one-time upload, performed during tokenization setup.
- As data is ingested into MVISION Cloud from your Sanctioned IT Cloud Service Providers, the PII is tokenized using the salt in real-time before it is stored in MVISION Cloud’s databases and leveraged for display in the UI. When a customer enables this feature, no PII is stored untokenized in MVISION Cloud’s servers.
- By using MVISION Cloud Connector on-premise, it is possible to create a token table based on user information imported from an Active Directory. This database allows authorized users to detokenize users on an individual basis when required. The token table (MapDB) is stored locally alongside MVISION Cloud Connector within the customer premises and so MVISION Cloud does not have access to the MapDB file.