It's nowhere like Stripe's tokenization because all tokens are not equal. Their tokens have inherent patterns which aid frequency analysis. That is exactly the point of the SE discussion which got the DMCA notice.
Yeah, I've never looked at CipherCloud's security in depth, but you could do tokenization in a fairly secure way. There's essentially a triangle of security, functionality-of-SaaS-app, and complexity of the proxy.
One issue is access patterns might leak information, so if you wanted maximum security you'd end up doing crazy things like heavily caching or accessing extra "chaff records" periodically. Well before that point you'd probably just give up on the SaaS app entirely.
One issue is access patterns might leak information, so if you wanted maximum security you'd end up doing crazy things like heavily caching or accessing extra "chaff records" periodically. Well before that point you'd probably just give up on the SaaS app entirely.