Simplified Data Masking. Simplified Compliance.


Last week, we announced a new offering in Baffle Data Security’s product portfolio — simplified data masking and exfiltration control. The solution provides organizations with an end-to-end data control mechanism that restricts views of sensitive data at the application tier, while also supporting encryption at the field or record level in the back-end tier. Baffle’s simplified static and dynamic data masking mitigates the risks of data leakage and bulk data breaches for all types of data – credit card numbers, production environments, financial information and social security numbers.

We believe that the data breaches of today continue to happen because the strategies that people are using to protect against a data theft threat model are incomplete or protecting against outdated threats

Baffle’s Data Masking and Exfiltration Control does not require any code changes for data sets and allows companies to easily protect their non-prod environments and comply with the latest data privacy regulations such as PCI, HIPAA, GDPR and CCPA. The solution enables data protection and also policy-based controls to mitigate bulk data exfiltration risks.

Here’s a quick demo of data masking capabilities and how simply it can be implemented:

A brief listing of capabilities is listed below:

Baffle Data Masking Tools and Exfiltration

Simplified Data Masking – Baffle’s Data Masking process enables field-level and record-level masking of original data with no application code changes. Which allows organizations to protect data faster and without over- hauling their architecture. Our data masking techniques also simplify the cloning of the original data process by enabling masked clones of production data to be created in real-time which can help protect sensitive data in lower test and dev environments.

Flexible Data Formats – Support for variable formats, fixed string or numeric replacement, date and timestamp, bit or binary length fields, and random generation of characters or numbers. Broad flexibility in data formats helps ensure applications are easily supported and business processes remain intact. Baffle’s Exfiltration Control capabilities extend data access controls by enabling Dynamic Data Entitlements — automated masking of data by data owner and policy-driven masking to mitigate bulk data exfiltration.

Secure Third Party Data Sharing – Easily mask and control access to specific fields to minimize the exposure of data to third party suppliers and collaborators.

Dynamic Data Entitlements (DDE) – A policy-based method to automatically apply masking algorithms based on specified parameters or data owner identification. DDE enables additional contextual controls to be applied to access to data.

Data Exfiltration Control – This Data Masking Process can be applied based on policies and in bulk data exfiltration scenarios, can automatically mask data as it is exfiltrated. This method helps mitigate data breach risk and reduces penalties incurred under the latest data privacy regulations.

Some useful links


Join our newsletter

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.


No application code modification required


Deploy in hours not weeks


One solution for masking, tokenization, and encryption


AES cryptographic protection


No impact to user experience