Sheji Valiyakath

Managing Partner at Kreston SVP Chartered Accountants

Sheji Valiyakath is the Managing Partner at Kreston SVP Chartered Accountants, based in Doha, Qatar. He is a highly accomplished finance professional with extensive expertise across financial management, auditing, and advisory.

Data tokenisation – the key to cyber security

April 28, 2026

In a world where almost everything is digital, we use the internet for nearly all aspects of daily life. From shopping and banking to communication and entertainment, our personal and financial information is constantly being shared and stored online. Hence, protecting sensitive data has become more important than ever. Cybercriminals are constantly finding new ways to exploit vulnerabilities, and organisations must proactively protect the data of their customers and employees. This is where data tokenisation emerges as a powerful tool in strengthening cybersecurity.

What is data tokenisation and how does it protect sensitive information?

“Data tokenisation is a process that replaces sensitive information with a random string of characters called a token,” said Sheji Valiyakath, Managing Partner, Kreston SVP. “This token acts as a substitute for real data but has no value on its own. It allows organisations to continue processing and storing data without exposing the original information. Companies like Visa, Mastercard, Amazon, and PayPal, actively use tokenisation to handle millions of transactions daily to secure customer data and transactions.”

Challenges, costs, and best practices for effective tokenisation

While tokenisation is highly effective, there are a few challenges. Setting up a tokenisation system requires time, planning, and technical expertise. Organisations need to integrate it with their existing systems, which can be a complex process.

Maintaining a secure token vault and supporting systems can be expensive, especially for small businesses. The token vault is the only place where real data is stored. If it is compromised, the entire system could be at risk. Organisations must implement multiple layers of security to protect the vault.

“There are also performance considerations,” said Sheji. “In some cases, tokenisation slows down processes because data needs to be converted into tokens and retrieved when necessary. Tokenisation alone cannot guarantee full security. It must be combined with other cybersecurity measures. A cybersecurity audit is vital.”

But there is no question as to whether or not organisations should be implementing tokenisation, but how to implement it effectively. In today’s world of evolving cyber threats and strict global regulations, tokenisation, supported by continuous auditing, is no longer just a security tool; it is a foundational requirement for long-term organisational resilience and success.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	This cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
device_id	10 years	Cookie used to maintain a local copy of the user's unique identifier.
viewed_cookie_policy	11 months	This cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not a user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
currency	1 year	This cookie is used to store the currency preference of the user.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
ac_enable_tracking	1 month	This cookie is set by Active Campaign to denote that traffic is enabled for the website.
device_view	1 month	This cookie is used for storing the visitor device display inorder to serve them with most suitable layout.

Cookie	Duration	Description
__kla_id	2 years	Cookie set to track when someone clicks through a Klaviyo email to a website.
_ga	2 years	This cookie is installed by Google Analytics. It is used to calculate visitor, session and campaign data and it also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors.
_ga_M0XVMQMRZ1	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_188891991_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_gtag_UA_7661078_5	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. It is used to store information on how visitors use a website and helps to create an analytics report on how the website is performing. The data collected includes the number of visitors, the source of visitors and the pages visited in an anonymous form.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	16 years 5 months 19 days 16 hours 12 minutes	These cookies are set via embedded YouTube videos. They register anonymous statistical data e.g. how many times the video is displayed and what settings are used for playback. No sensitive data is collected unless you log in to your Google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
hl	1 year	No description available.
ln_or	1 day	No description
prism_800686921	1 month	No description
SFSESSIDPROD	2 days	No description
SFSESSIDPROD_SH	session	No description

Knowledge

Sheji Valiyakath

Managing Partner at Kreston SVP Chartered Accountants

Data tokenisation – the key to cyber security

What is data tokenisation and how does it protect sensitive information?

Challenges, costs, and best practices for effective tokenisation