Baffle Helps Develop IBM’s Groundbreaking Data Security Broker
Baffle is collaborating with IBM on something really transformative. In a yearlong project, IBM chose us to be the core of their new IBM Cloud Security and Compliance Center Data Security Broker solution. Powered by Baffle’s innovative data protection capabilities, IBM Cloud is now the first public cloud provider to deliver privacy-enabled data protection across hybrid and multi-cloud environments.
That a trusted tech company like IBM trusts Baffle to help develop such a critical solution reinforces what our customers and partners already know: Baffle provides a unique, market-leading enterprise solution that eases the adoption of cryptographic data protection and, in turn, makes compliance an infinitely less daunting task.
Compliance is a genuine concern for enterprises
A 2022 EMA study sponsored by Baffle found that compliance concerns forced 93% of companies to shift their security strategies. Managing multiple IT environments and the controls that govern them is the most common challenge for IT audit and compliance.
And privacy regulations grow more complex by the day. GDPR remains the gold standard for data privacy compliance, and more countries across the globe are adopting similar regulations. While the US does not currently have a national data privacy standard, more than a dozen states have enacted or are close to legally signing data privacy regulations. It can be even more challenging when you combine these with industry-specific regulations like those in the financial services industry (PCI, for example).
The emergence of hybrid and multi-cloud environments further increases the complexity. IBM research indicates that more than 77% of global business leaders have adopted a hybrid cloud approach. However, more than half of respondents are still concerned about security and believe compliance in the cloud is too difficult to maintain. Simply put, current cloud security solutions do not address evolving compliance requirements.
Why IBM is using Baffle
It is clear that enterprises need to operate with greater agility and scale to modernize the complexities of multi-cloud environments. Baffle’s data-centric security approach—combined with IBM Cloud’s stringent security posture—allows IBM Cloud customers to confidently secure their highly sensitive, valuable data as it enters the cloud and is shared across the entire application environment and the analytics pipeline. This is why IBM chose to work with Baffle to develop its Data Security Broker. Let’s look at how we powered this exciting data protection breakthrough.
Role-based encryption. One of the clearest lapses in traditional database security is access control. Protection methods Transparent Data Encryption (TDE) and Full Disk Encryption (FDE), which protect data at the file level at the storage tier, are no longer sufficient to maintain compliance because anyone with access to the database could retrieve and see the data in clear text. In fact, PCI DSS points out that companies that accept credit card payments must supplement TDE/FDE with additional protections to maintain compliance.
BYOK/KYOK implementation. Baffle implements IBM’s Bring Your Own Key (BYOK) and Keep Your Own Key (KYOK) capabilities, making IBM the only cloud service provider that can cryptographically guarantee that IBM Cloud administrators cannot see their clients’ data when using DSB. This capability is paramount to Data Security Broker’s ability to enable data movement across cloud environments and outside the organization.
DSPM focus. With data security posture management (DSPM), data is viewed as an organization’s most valuable non-human asset. Value extraction from data is found in the ability to analyze it to uncover new insights and make the most informed data-based decisions.
Baffle has built its solutions with a focus toward integration with DSPM tools, understanding that data security requires protecting the data itself—regardless of how it is being used, who is using it or where it is going.
Baffle was able to help IBM’s Cloud’s Data Security Broker to implement on-the-fly encryption, de-identification, masking and tokenization of data with “no code” deployment without application changes. This will support IBM Cloud customers who are looking to enable more advanced data protection for workloads and AI data repositories.
The goal is that IBM customers will have more control over data, clearer sightlines into where data is and where it is going, and continuous protection that will avoid non-compliance. And they can rest assured that only those with access to cloud data will ever see it in the clear.
Data privacy regulations will continue to expand globally, and maintaining continuous compliance will remain one of the biggest challenges enterprises will face in the coming years. However, with the proper assistance, compliance can be drastically simplified.