Launch of Baffle Manager v2

By Billy VanCannon, Director of Product Management | June 20, 2023

Baffle is constantly striving to be the easiest way to protect sensitive data.  We do this with a data-centric approach that protects data as it is created, used, and shared across the enterprise, from on-premises data centers to the cloud. The Baffle suite includes a no-code solution to mask, tokenize, and encrypt data for applications, analytics, and AI.

Baffle Manager provides the configuration, management, and auditing of the other Baffle services.  As customer needs have grown to protect data across the enterprise, Baffle Manager has evolved along with them.

Faster deployments and the ability to scale:

  • Improved user interface with a modular approach that is consistent across our services and makes it easy to reuse policies.
  • An application programming interface (API) for automation and the ability to scale. Anything that can be done through the GUI can be automated.
  • Controllers to track and configure containers as they are autoscaled with Kubernetes deployments including OpenShift, Azure Kubernetes Services and AWS Elastic Kubernetes Services.

Multi-Tenant Options:

Tenant encryption refers to the ability to use a different encryption key for every user or organization in a multi-tenant environment. Baffle enables this in multiple ways.

  • Record-level encryption (RLE) enables every row of a relational database to be encrypted with a unique key.  This provides logical isolation and security for every tenant, but allows the host to scale cost-effectively by using the same database for all their tenants.
  • Database-level encryption (DLE) enables every database of a given database server to be encrypted with a separate key.  This provides logical isolation and security for every tenant, but allows the host to scale by using the same database server for all their tenants.
  • Outside of relational databases, Baffle’s API and Object services provide each tenant with a key and the data is encrypted and decrypted accordingly per every API call or Object

In all these cases, the tenants of Baffle customers can then select their own encryption keys and even provide access to their own key management services – extending “bring your own key” or “hold your own key” (BYOK/HYOK) abilities to the end customers.

Security Integrations:

  • High availability and disaster recovery (HA/DR) integrations with AWS to ensure you are always available.
  • Secrets store integrations for centralized control of password and other credentials enterprise-wide
  • Certificate store containing all the most popular public certificate authorities and the ability to add your own root and intermediate certificates.  Make TLS/SSL connections with ease.
  • Single sign-on (SSO) with almost any OIDC provider for rapid user onboarding and privilege assignments.

Across finance, healthcare, retail, and manufacturing industries, Baffle is helping to safely put more data to work while finally eliminating the impact of data breaches.  Through our data-centric approach to protecting the data itself, Baffle reduces the cost and impacts of compliance and security mandates even on infrastructure our customers don’t control.