Presented by Capital One Software
Tokenization is rapidly becoming a foundation of modern data security, enabling organizations to decouple the value of their data from the risk it carries. In this VB in Conversation, Ravi Raghu, president, Capital One Software, explains how tokenization can diminish the value of compromised data while preserving the original data’s format and usability — including how Capital One has implemented tokenization at massive scale.
Raghu describes tokenization as a significantly more effective technology. It transforms sensitive information into a nonsensitive stand-in, known as a token, which is mapped back to the original data stored securely in a digital vault. This token retains the structure and functional characteristics of the underlying data and can be used across systems and applications — including AI models. Because tokenization eliminates the overhead of managing encryption keys and constantly encrypting and decrypting data, it becomes one of the most scalable approaches for safeguarding an organization’s most sensitive information, he noted.
"The killer part, from a security standpoint, when you think about it relative to other methods, if a bad actor gets hold of the data, they get hold of tokens," he said. "The actual data is not sitting with the token, unlike other methods like encryption, where the actual data sits there, just waiting for someone to get hold of a key or use brute force to get to the real data. From every angle this is the ideal way one ought to go about protecting sensitive data."
The tokenization differentiator
Many companies are only beginning to address data security, often layering controls at the very end of the process — when data is read — to block end users from seeing it. At a minimum, organizations should secure data on write, as it’s being stored. Leading organizations, however, go further and protect data at birth, the instant it’s created.
On one side of the security spectrum is a basic lock-and-key model that limits access but leaves the raw data unchanged. More sophisticated techniques, such as masking or altering data, can permanently change its meaning and reduce its analytical value. File-level encryption offers broad protection for large data sets, but when you move to field-level encryption (such as a Social Security number), it becomes far more complex. Encrypting and then decrypting individual fields consumes substantial compute resources. And it still has a core weakness: the original data remains present, only a key away from exposure.
Tokenization sidesteps these issues by substituting the original data with a surrogate that has no inherent value. If that token is intercepted — by an unauthorized user or system — the underlying data remains protected.
The business value of tokenization
"Fundamentally you’re protecting data, and that’s priceless," Raghu said. "Another thing that’s priceless – can you use that for modeling purposes subsequently? On the one hand, it’s a protection thing, and on the other hand it’s a business enabling thing."
Because tokenization maintains the structure and ordinality of the original data, it can still power analytics and modeling, turning security into a strategic advantage. Consider sensitive health information regulated by HIPAA: tokenization allows that data to be used for pricing models or gene therapy research while remaining compliant.
"If your data is already protected, you can then proliferate the usage of data across the entire enterprise and have everybody creating more and more value out of the data," Raghu said. "Conversely, if you don’t have that, there’s a lot of reticence for enterprises today to have more people access it, or have more and more AI agents access their data. Ironically, they’re limiting the blast radius of innovation. The tokenization impact is massive, and there are many metrics you could use to measure that – operational impact, revenue impact, and obviously the peace of mind from a security standpoint."
Breaking down adoption barriers
Historically, the main obstacle to traditional tokenization has been performance. AI workloads demand unprecedented scale and speed. That’s a key issue Capital One set out to solve with Databolt, its vaultless tokenization solution, which can generate up to 4 million tokens per second.
"Capital One has gone through tokenization for more than a decade. We started doing it because we’re serving our 100 million banking customers. We want to protect that sensitive data," Raghu said. "We’ve eaten our own dog food with our internal tokenization capability, over 100 billion times a month. We’ve taken that know-how and that capability, scale, and speed, and innovated so that the world can leverage it, so that it’s a commercial offering."
Vaultless tokenization is an advanced approach that removes the need for a central vault to store token mappings. Instead, it relies on mathematical algorithms, cryptographic methods, and deterministic mapping to generate tokens on the fly. This design is faster, more scalable, and avoids the security and operational risks tied to maintaining a vault.
"We realized that for the scale and speed demands that we had, we needed to build out that capability ourselves," Raghu said. "We’ve been iterating continuously on making sure that it can scale up to hundreds of billions of operations a month. All of our innovation has been around building IP and capability to do that thing at a battle-tested scale within our enterprise, for the purpose of serving our customers."
While legacy tokenization techniques can be complex and introduce latency, Databolt integrates directly with encrypted data warehouses, enabling organizations to keep strong security controls without sacrificing performance or operational efficiency. Tokenization runs within the customer’s own environment, eliminating the need to call out to an external network for tokenization operations, which can also slow things down.
"We believe that fundamentally, tokenization should be easy to adopt," Raghu said. "You should be able to secure your data very quickly and operate at the speed and scale and cost needs that organizations have. I think that’s been a critical barrier so far for the mass scale adoption of tokenization. In an AI world, that’s going to become a huge enabler."
Don't miss the whole conversation with Ravi Raghu, president, Capital One Software, here.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.