ShieldConex® FAQ

ShieldConex Frequently Asked Questions

This FAQ guide provides answers to frequently asked questions on Bluefin’s ShieldConex data security platform, and is broken out by general questions, compliance questions, implementation questions and terminology.

ShieldConex Menu

ShieldConex Data Security Questions

Does ShieldConex store any of my data?

ShieldConex is a “vaultless” token solution, so the actual data is never stored in a “vault” or database. Secured data can be unmasked at any time by calling the ShieldConex service using your assigned API key.

Does ShieldConex protect my organization from data breaches?

No, but it will make a data breach irrelevant. ShieldConex devalues your data by replacing it with meaningless values. Thus, if your system is ever breached, the breached data would be useless.

If one of my organization’s computers is stolen or compromised, can sensitive data be compromised?

No, the data on your computer would still be meaningless. Anyone trying to access the data would still need to detokenize or decrypt the data, which would be impossible because they would require API Authentication from Bluefin to do so.

Can ShieldConex protect my existing data?

Yes, ShieldConex is able to protect your existing data at rest by using the API to call the ShieldConex token service.

Can ShieldConex protect my webpage from being compromised?

No, that would be the responsibility of your organization. We recommend using a monitoring system to ensure that your web properties remain yours.

Can I use ShieldConex to protect data that is entered via a mobile application?

Yes, ShieldConex will also protect data in a mobile environment! If the app is written in a native app framework, the app would need to call Bluefin’s ShieldConex API. If the app is written within a web app framework, it will be able to either leverage the ShieldConex API or leverage the ShieldConex Secure iFrame, depending on your organization’s preference.

What does ShieldConex do that TLS and SSL don’t do?

TLS and SSL are for transport security.  The purpose of ShieldConex is to give organizations devalued data that they do not need to worry about protecting.  ShieldConex tokens protect data at rest and allow them to be shared internally and externally.

Using ShieldConex Tokens Questions

Can I search customer records (by customer’s name) if the data is anonymized?

ShieldConex is a flexible solution that can be implemented without disrupting your existing business processes.  You can integrate ShieldConex into specific business functions as needed.

EXAMPLE:  You can integrate ShieldConex with the specific functionality that supports your Data Analysis team where the data needs to an anonymized.  (This means, you do not need to integrate ShieldConex with the functionality that supports front desk staff who regularly need to access customer information.)

Will my database require an encryption or tokenization key if I need to access my original data?

No, you do not need to store any keys for this solution—key management is entirely managed by Bluefin. If you ever need to access your original data, your application will call Bluefin’s ShieldConex API.

Will there be any latency in processing tokenizations or detokenizing my data due to ShieldConex?

In legacy “vaulted” tokenization solutions, data is stored on a token server and must be retrieved to use.  These forms of tokenization require large databases to map tokens to their original data.

Unlike those legacy vaulted solutions, ShieldConex leverages Vaulted Tokenization. In this case, tokens are generated on the fly using Hardware Security Modules, eliminating the need for storing that sensitive data. Data transfers with ShieldConex take place asynchronously and in network, meaning that you will never notice any latency.

Do I need to re-encrypt/retokenize my data after requesting the original data?

No.  The data will remain in a secure state within your backend applications.

Can I update data that’s already been tokenized (or encrypted)?

Yes. You would update the original information as needed and then re-encrypt/retokenize it.

Compliance Questions

Which compliance standards will ShieldConex help me adhere to?

ShieldConex pseudonymizes sensitive data, removing it from GDPR and CCPA scope.

Are there compliance standards for PII and PHI?

Currently, there are numerous compliance standards for PII, including GDPR and CCPA. Most standards that protect PII follow GDPR’s definition of personal data, which include:

  • Name
  • Phone Number
  • Address
  • Identifying Numbers
  • Email Address
  • Photo
  • Geo-location data and IP Addresses
  • Mobile Device Identification
    Biometric information
  • Behavior profile
  • Demographic information

For PHI, the Health Insurance Portability and Accountability Act (HIPAA) sets the standards for protecting PHI in the US. HIPAA requires companies to have physical, network, and process methods for securing PHI.

Implementation Questions

What effort is required to implement ShieldConex for my organization?

ShieldConex requires little effort to implement for your organization.  There is no lengthy on-premise implementation process. ShieldConex is an entirely cloud-based product that leverages APIs configured through our ShieldConex Manager administration portal.  The implementation process consists of Bluefin giving your organization access to the ShieldConex APIs, login credentials for ShieldConex Manager, and user documentation. All your organization needs is a developer in order to leverage this product.

Are there software requirements for ShieldConex implementations?

To use our APIs, your application needs to be able to make API calls to ShieldConex.  Our Bluefin-Hosted iFrame feature works as any iFrame would. Simple as that.

Terminology Questions

What is Format Preserving Encryption (FPE)?

Encryption is the process of devaluing sensitive data by using an algorithm to encode sensitive data elements. In format-preserving encryption (FPE), the encoded data elements preserve the same alphabet as the original data. Bluefin leverages FPE to allow your tokenized data to exist within your legacy systems without requiring any refactoring.

What is Format Preserving Tokenization (FPT)?

Tokenization is the process of devaluing sensitive data by substituting sensitive data elements with randomly generated symbols that represent the original sensitive data. In format-preserving tokenization (FPT), the randomly generated symbols use the same alphabet as the original data. Bluefin leverages FPT to allow your tokenized data to exist within your legacy systems without requiring any refactoring.

What is Vaultless Tokenization?

Tokenization is the process of devaluing sensitive data by substituting sensitive data elements with randomly generated symbols that represent the original sensitive data. Vaultless Tokenization is performed using an algorithm, eliminating the need for token vaults, which pose breach risks and have longer latency.

Typically, tokenization is vault-based, which means a relational database (Token Vault) is used to create lookup pairs that associate a value with a token. Large token vaults can cause latency, and more importantly, if a token vault is compromised, then your data can also be compromised.