Cloud Data Protection Platform

Baffle helps protect your data in the cloud

Baffle provides a comprehensive Cloud Data Protection Platform

Baffle provides a comprehensive Cloud Data Protection Platform (CDPP) to help protect your data in the cloud. Within the context of the Shared Responsibility Model, the cloud provider is responsible for protecting the infrastructure that runs all of the services offered by the provider. The customer is responsible for protecting the data that they put in the cloud provider’s environment.

Baffle’s solution integrates seamlessly with cloud native infrastructure services and vastly simplifies encryption to enable a data-centric security model. CDPP builds upon the foundation of encrypting data at-rest, which most security practitioners mistakenly believe is adequate to protect their data. Read more here on at-rest encryption and TDE do absolutely nothing to protect your data against a modern day hack.

The data-centric approach combines access monitoring and field-level encryption with data exfiltration control to provide you with an end-to-end security channel to protect against large-scale data breaches.

Baffle’s unique Record Level Encryption (RLE) protects data in multi-tenant SaaS environments and provides granular entitlements to data in co-mingled data stores.

CDPP control hierarchy


Baffle supports the following infrastructure-as-a-service (IaaS) providers.

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Compute Platform (GCP)

Within AWS, Baffle supports the following platforms and services:

  • AWS Aurora MySQL and Postgres
  • AWS RDS - MS SQL, MySQL, MariaDB, Postgres
  • AWS S3 Object Encryption
  • AWS S3 Data Pipeline Encryption
  • AWS CloudHSM
  • AWS Lambda
  • AWS ECS Fargate
  • AWS Secrets Manager
  • AWS Elastic Load Balancer

Equivalent support is offered on other cloud providers.

Related Resources

Join us for our upcoming webinar on September 22 at 12 PM PST. The session will cover key tenets of modern data privacy regulations within the context of security controls that are currently available and can be operationalized to improve your company's security posture.

Register Now

Enterprises continue to migrate their workloads to the cloud with the promise of lower costs, increased agility and greater flexibility. But cloud migration also brings risks, as misconfigured cloud services are one of the fastest-growing sources of data breaches.

Read More

Weaving Privacy And Security Into Cloud Migration Is Not Negotiable:

A recent study of CIOs offered good news for those concerned about data protection. It reported that 86% of respondents are now viewing security as a higher budget priority, with 68 percent placing the cloud as a higher budget priority.

Read More

Our Solution

Baffle delivers application level encryption on a per field basis via a “no code” model. The technology supports “homomorphic-like” capabilities — the ability to perform mathematical operations on AES encrypted data without ever decrypting the underlying values. Data stays protected in memory, in use and at-rest.

Icon Simplified


No application code modification

Icon Fast


Virtually no performance

Icon Seamless


Integrates easily into your

Icon Secure


AES encryption in memory, in use,
and at-rest

See How Baffle Can Protect Your Data

Schedule a live demo with one of our solutions experts to get answers to your questions