Baffle AWS Data Masking Services

Baffle Data Protection Services for AWS - The Fastest, Easiest, and Most Secure Dynamic Data Masking (DDM) Platform

Baffle Data Protection Services is supported by a wide array of AWS Applications and Services. While AWS environments and Redshift clusters are secured with SSL, IAM and other network/data access controls, field-level encryption is not included which can potentially lead to serious breaches of your organization’s data. You also want to ensure your data is not accessible to the cloud operators. This is where Baffle’s AWS Data Masking services come in.

Key Benefits to Baffle’s AWS Data Masking

  • On-The-Fly Data Masking as it moves to AWS
  • Policy-based field-level control to allow views based on personas
  • No-code approach using highly performant proxies
  • Simplify encryption deployment without breaking functionality
  • Seamless integration with AWS Data Migration Services, AWS Glue or other ETL solutions
  • Utilize Amazon Redshift clusters to query Amazon S3 data
  • Safe Harbor in the event of data breaches
  • Reporting and operations on protected data in the cloud
  • Maintain the highest performance as your cloud data footprint grows
  • Leverage Amazon Redshift in VPC configuration for large datasets
  • BYOK/HYOK capability to control sensitive data in the cloud
Baffle and AWS

How Baffle’s AWS Redshift Data Masking Works

  1. Select the data from your on-premises data source which has potentially sensitive cleartext data.
  2. Using Baffle Shield as a proxy, we can move data from an SQL on-premises data source to de-identify on-the-fly as it lands in an S3 cloud data lake, with no performance lag in the query.
  3. The data can then be staged in the S3 bucket for Redshift Queries where it will be in a de-identified state, at rest in the cloud.
  4. The de-identified data can be securely stored in the AWS environment in any data schema. This ensures that if any data breach were to occur, this potentially sensitive data is protected by encryption.
  5. Using Baffles AWS data masking platform, you can then perform selective role-based re-identification operations to access the data you need for analytics and reporting purposes.

Baffle AWS Data masking makes is simple for customers to access their data safely and securely, whether they’re using DMS, AWS Glue or other AWS applications and services. Below are additional resources to learn more about Baffle Data Protection Services. Request a Demo to speak with one of our solutions architects, today.

Learn more about Baffle’s Data Protection Services here.


Our Solution

Baffle delivers an enterprise-level transparent data security platform that secures databases via a "no code" model at the field or file level. The solution supports tokenization, format-preserving encryption (FPE), database and file AES-256 encryption, and role-based access control. As a transparent solution, cloud-native services are easily supported with almost no performance or functionality impact.

Icon Cubes


No application code modification required

Icon Stopwatch


Deploy in hours
not weeks

Icon Bolt


No impact to user

Icon Command


Bring your own key

Icon Padlock


AES cryptographic

Schedule a live demo with one of our solutions experts to get answers to your questions