Baffle Data Protection Services for AWS
The Fast, Easy, and Secure Cloud Data Protection Platform
Secure the data pipeline and migrate databases to AWS with zero application changes and high performance
Baffle seamlessly protects your data inside Amazon Relational Database Service (Amazon RDS) instances, Amazon Redshift and Amazon Simple Storage Service (Amazon S3) buckets. The solution enables data-centric tokenization, de-identification, dynamic data masking, encryption and access control at the field or column-level without requiring any application code changes. Baffle integrates with AWS Key Management Services (AWS KMS), AWS CloudHSM, AWS Database Migration Service (AWS DMS), AWS Fargate ECS, AWS Secrets Manager and Amazon S3 to fully support your cloud native deployments. Baffle also supports a BYOK model for SaaS providers to enable tenant-specific encryption in a multi-tenant database using customer-owned keys. The solution has minimal performance overhead and has been proven at-scale in deployments with Fortune 50 customers.
- Encrypt data on-the-fly as it moves to AWS
- Simplify encryption deployment without breaking application functionality
- Integrate seamlessly with AWS Data Migration Services, AWS Glue, or other ETL solutions
- Ensure high performance and scale as your cloud data footprint grows
- Ability to utilize Amazon Redshift Clusters to query Amazon S3 data
- Leverage Amazon Redshift in VPC configurations for large datasets
- Safe Harbor in event of data breaches
- BYOK / HYOK capability for control of sensitive data in the cloud
- Reporting and operations on protected data is preserved
- Policy-based field-level control to allow for views based on personas
Below are additional resources if you're interested in learning more.
- Get a technical overview of Baffle’s HYOK implementation and how it can be applied to provide RLE in multitenant or shared data stores
- Learn about Baffle Data Protection Services for AWS Redshift
- Read our AWS Blog on Tokenizing Data in AWS RDS
- Learn more about AWS S3 File Encryption
Watch this demonstration of how Baffle DPS can de-identify data on-the-fly as it is migrated to a cloud data lake and staged in Amazon Redshift
Cloud Data Protection Platform
Baffle’s solution simplifies protection of your data in the cloud without requiring any application code modification or embedded SDKs.
Data Protection Services
Enterprises continue to battle cybersecurity threats such as ransomware, as well as breaches and losses of their data assets in public and private clouds. New data management restrictions and considerations on how it must be protected have changed how data is stored, retrieved and analyzed.
Baffle’s aim is to render data breaches and data losses irrelevant by assuming that breaches will happen. We provide a last line of defense by ensuring that unprotected data is never available to an attacker. Our data protection solutions protect data as soon as it is produced and keep it protected even while it is being processed.
Baffle's transparent data security mesh for both on-premises and cloud data offers several data protection modes. Capabilities include:
Protect data on the fly as it moves from a source data store to a cloud database or object storage, ensuring safe consumption of sensitive data by downstream applications
De-identify and tokenize data using Format Preserving Encryption (FPE) or deterministic encryption modes
Data-centric protection at the field or record level in data stores secures the actual data values
Simplified dynamic data masking plus role-based access control to control who can see what data. Irreversible static masking to devalue data for test/dev environments or production clones
No-code field or row-level encryption in Postgres, MySQL, Snowflake, Amazon Redshift, Microsoft SQL Server, Kafka, and more
Encrypt files and de-identify data in cloud data lakes to enable AI and privacy-preserving analytics
Provides an off-the-shelf BYOK service for SaaS vendors to support multiple customer-owned keys in multi-tenant environments
Define which systems, users or groups can access data stores and dynamically entitle who can see what data
Run AI and ML algorithms against encrypted data without ever decrypting the underlying values. Baffle DPS supports any mathematical operation on encrypted data in memory and in process
Multi-party data sharing without compromising privacy. Allow multiple parties to submit data with a HYOK model and allow aggregate analytics to execute on co-mingled data stores
Enable secure sharing of data across multiple parties without revealing private values to other participants
How to De-Identify Apache Kafka Data Streams
Learn how modern data protection technologies can be used to easily de-identify & re-identify Kafka data streams to share sensitive data securely between internal and external audiences & data domains.
De-identifying Data in Snowflake and Amazon Redshift
Watch this webinar to learn how data can be easily de-identified as part of your data pipeline as it is staged for use in Snowflake or Amazon Redshift.
Tokenize Your Data in AWS RDS with AWS KMS
Watch this webinar to learn about different tokenization and data encryption techniques and see how you can stand up a demo of Baffle's Data Protection Services in conjunction with AWS RDS and AWS KMS in a matter of minutes.