Data Protection Services

Baffle Data Protection Services (DPS) protects data in the cloud via a “no code” and “low code” data security mesh. The solution provides universal data protection by de-identifying sensitive data and restricting access to the information. In a Zero Trust world where one must assume they are already breached, this data security layer allows companies to easily control who can see what data.

Baffle DPS eliminates the security trade-off with strong data protection by supporting privacy preserving analytics and secure computation that allows businesses to perform AI and ML analytics on anonymized data, all without modifying business applications or processes.

Request A Demo

Data Protection Services

Data protection data sheet

Enterprises continue to battle cybersecurity threats such as ransomware, as well as breaches and losses of their data assets in public and private clouds. New data management restrictions and considerations on how it must be protected have changed how data is stored, retrieved and analyzed.

Baffle’s aim is to render data breaches and data losses irrelevant by assuming that breaches will happen. We provide a last line of defense by ensuring that unprotected data is never available to an attacker. Our data protection solutions protect data as soon as it is produced and keep it protected even while it is being processed.

Baffle's transparent data security mesh for both on-premises and cloud data offers several data protection modes. Capabilities include:

Data Pipeline De-Identification

Protect data on the fly as it moves from a source data store to a cloud database or object storage, ensuring safe consumption of sensitive data by downstream applications

Learn More

Tokenization / FPE

De-identify and tokenize data using Format Preserving Encryption (FPE) or deterministic encryption modes

Learn More

Field & Record Level Encryption

Data-centric protection at the field or record level in data stores secures the actual data values

Learn More

Dynamic & Static Data Masking

Simplified dynamic data masking plus role-based access control to control who can see what data. Irreversible static masking to devalue data for test/dev environments or production clones

Learn More

Database Encryption

No-code field or row-level encryption in Postgres, MySQL, Snowflake, Amazon Redshift, Microsoft SQL Server, Kafka, and more

Learn More

File and Object Encryption

Encrypt files and de-identify data in cloud data lakes to enable AI and privacy-preserving analytics

Learn More

BYOK for SaaS

Provides an off-the-shelf BYOK service for SaaS vendors to support multiple customer-owned keys in multi-tenant environments

Learn More

REST API Data Protection Services

Easily deploy tokenization and data protection service for virtually any application or data store

Role-Based Access Control

Define which systems, users or groups can access data stores and dynamically entitle who can see what data

Learn More

Privacy-Enhanced Computation and Analytics

Run AI and ML algorithms against encrypted data without ever decrypting the underlying values. Baffle DPS supports any mathematical operation on encrypted data in memory and in process

Learn More

Secure Data Sharing

Multi-party data sharing without compromising privacy. Allow multiple parties to submit data with a HYOK model and allow aggregate analytics to execute on co-mingled data stores

Learn More

Governance and Compliance

Enable secure sharing of data across multiple parties without revealing private values to other participants

Learn More

How It Works

SQL Proxy Data Proxy REST API Service

SQL Proxy

Baffle’s SQL Proxy offers a transparent “no code” approach to enable field or row level encryption of data. The solution appears to applications and clients as the original database and always presents the original data schema to the application. It functions by creating a key mapping to data fields and performing encrypt and decrypt operations on-the-fly for any application query.

Applications or entire app tiers are redirected to the SQL proxy via a simple connection string change. This can also be implemented by a DNS hostname change. Application connections are proxied to the database on a one-to-one basis and the solution is deployed inline with several Fortune 100 organizations at scale.

Baffle DPS provides a key virtualization layer (KVL) to allow for integration with virtually any key management solution. The KVL enables orchestration of key generation, key rotation and mapping to application fields without embedding SDKs or figuring out key exchange and storage protocols. Baffle supports a two tier key management hierarchy with a master key (e.g. CMK, KEK) and a data encryption key (DEK). The DEKs are encrypted with the master key for protection and simplified key rotation.

At no time are any keys or data persisted by the Baffle solution.

Data Proxy

Baffle’s Data Proxy offers a transparent “no code” approach to enable field or row level encryption of data for data pipelines, ETL, file and object storage and modern data stores that rely on HTTP protocols or REST APIs.

The solution appears to applications and clients as the original data store and can transparently intermediate between the application and data structure. Baffle Data Proxy allows for simplified de-identification of data inside flat files, CSV and other formats to easily de-identify data on-the-fly as it is migrated to the cloud.

These methods support continuous change data capture (CDC) modes and event-based publishing methods to reduce the amount of data pipeline engineering work that your teams need to perform in order to stage data for cloud analytics.

Data Connectors offer support for specific data stores or messaging protocols. Baffle offers connectors for Kafka data streaming, SFTP data transmission, and other protocols to eliminate or minimize application and operational changes and facilitate an on-the-fly method for data protection.

REST API Service

Baffle’s REST API service can be easily deployed by organizations to provide their own tokenization and data protection service for virtually any application or data store. The solution offers encryption, format preserving encryption (FPE), and tokenization to easily transform data via flexible policies and support application development teams and custom applications or data environments.

All of Baffle’s solutions support high availability operational models via load balancing and auto-scaling or deployment in kubernetes pods. The solution supports SSL/TLS connections, mutual certificate-based authentication, IP whitelist support, and role-based access controls to restrict unauthorized access to data.

See How Baffle Can Protect Your Critical Data and Avoid Costly Data Breaches

Schedule a live demo with one of our solutions experts to get answers to your questions

Request A Demo