Data Protection Services
The Baffle Data Protection Service seamlessly de-identifies sensitive data in the cloud to mitigate the risk of data breaches while enabling privacy-preserving analytics.
We help you move more data to the cloud faster without compromising data privacy allowing you to take advantage of the flexibility of the cloud, and responsibly use and share that data for advanced analytics such as AI and machine learning.
Data Protection Services
The Baffle Data Protection Service provides a transparent data-centric security layer that offers several data protection modes. Capabilities include data de-identification, tokenization, field level encryption, record level encryption, format preserving encryption (FPE) BYOK for SaaS, dynamic data masking, database encryption solutions such as file encryption, file content encryption, encryption API services, role-based access control (RBAC), privacy preserving analytics and secure data sharing.
Usage Monitoring
Monitor access to databases to identify patterns or anomalous behavior and profile applications
Role-Based Access Control
Define which systems, users or groups can access data stores and dynamically entitle who can see what data
Dynamically mask data at the presentation layer to obscure data values from specific users or groups
De-identify and tokenize data using format preserving encryption or deterministic encryption modes
Data-centric protection at the field or record level in data stores secures the actual data values
Provides an off-the-shelf BYOK service for SaaS vendors to support multiple customer-owned keys in multi-tenant environments
Encrypt files and de-identify data in cloud data lakes to enable AI and privacy preserving analytics
Utilizes Secure Multiparty Compute (SMPC) to enable operations on encrypted data such as wildcard and sort in MySQL, Postgres, SQL Server and other databases
Enable secure sharing of data across multiple parties without revealing private values to other participants
How It Works
Baffle Data Protection Services
The Baffle Data Protection Service provides a transparent data-centric security layer that offers several data protection modes. Capabilities include data de-identification, tokenization, field level encryption, record level encryption, format preserving encryption (FPE), BYOK for SaaS, dynamic data masking, privacy preserving analytics and secure data sharing.
Application Tier
The solution simplifies encryption implementation by delivering application level encryption via a “no code” abstracted data model that does not require any application tier code changes. This enables support for commercial off-the-shelf (COTS) applications, custom apps, and cloud migrations without modifying code.
Baffle Shield
Baffle Shield is an encryption engine that integrates with customer owned keys to encrypt data. Baffle Shield operates in a manner that is invisible to applications which enables Baffle to support virtually any application with no code modification. The flexible architecture model allows support for complex encryption scenarios such as API-based communications, machine to machine traffic, and automation workflows.
Database Tier
The database tier stores encrypted data with no encryption key present. Baffle’s security contract ensures that the key and encrypted data are never co-mingled to reduce the risk of insider threat, privileged access and side channel attacks.
That database communicates with Baffle’s Secure Multi-party Compute (SMPC) to execute operations on the encrypted data values. This patented database encryption method prevents the data from being decrypted in memory or in process, but still allows for mathematical operations to occur on the encrypted data.
The benefit is stronger data protection for security teams and no breakage in application functionality for the business.
See How Baffle Can Protect Your Data
Schedule a live demo with one of our solutions experts to get answers to your questions