Have We Found the Holy Grail of Privacy?

By Ameesh Divatia, CEO and co-founder | June 24, 2019

Here at Baffle, we have been beating the data protection privacy drum for years. I have enjoyed writing about the latest in the encryption industry, regulations and who should take the lead and how.

We have always believed that data collection is inevitable, but data collectors and aggregators are responsible for storing and processing that data responsibly. So how can we help ensure companies can balance their need for data with privacy and be able to process the data responsibly?


From day one, Baffle has been offering a unique approach to help ensure data privacy while still allowing businesses to perform analytics and mine the data for intelligence. And I am pleased to announce that today we launched the Cloud Data Protection Platform for AWS (CDPP), a simplified encryption solution specifically designed to help customers secure their data in AWS. With no code changes, integration with DMS, KMS, RDS, and Lambda, single-click secure migration and deployment, it removes much of the backbreaking, tedious and expensive work often required with legacy encryption systems that ultimately do nothing to protect customers’ data. And as part of the Baffle Advanced Data Protection platform, CDPP helps accelerate the “lift and shift” to cloud and serverless computing.

New technologies let companies work on data without impacting encryption and privacy. It’s not just about compliance anymore, but rather a philosophy that treats data with extreme care and with prevention of data breaches in mind.

We welcome approaches, such as Google’s Private Join and Compute, that allow businesses to gain insights from their customer’s data without compromising their privacy. Private Join and Compute combines two fundamental cryptographic techniques to protect individual data: Private set intersection and Homomorphic encryption.

Our approach is much simpler, general purpose and much more scalable. Simple because we require no application or driver changes. It is general purpose because we have no prior knowledge of what the application will query and infinitely scalable because our proxy layer can use widely available load balancing techniques to never be the bottleneck in the application to database workflow. As we have previously discussed, homomorphic encryption is still too slow for today’s modern enterprise. There are open questions about the underlying encryption strength. Enterprises cannot run ad-hoc/discovery-based queries with its methodology.

One of the most significant disadvantages is that homomorphic encryption requires either application modifications or dedicated and specialized client-server applications in order to make it work functionally. This increases your total cost of ownership and distracts your organization from more important and strategic initiatives.

Enterprises should not have to choose between security and speed. It’s not an either-or proposition.

The key takeaway is that we stick with a framework that helps maintain security and preserve privacy without compromising data utility. And if we do that, we just might have found the holy grail of privacy.