Cloud Data Protection Platform
Baffle enables data-centric protection at the field and row level to protect your data in the cloud
Baffle provides a comprehensive Cloud Data Encryption Platform
Within the context of the Shared Responsibility Model, the cloud provider is responsible for protecting the infrastructure that runs all of the services offered by the provider. The customer is responsible for protecting the data that they put in the cloud provider’s environment.
Baffle provides a comprehensive Cloud Data Protection Platform (CDPP) to help protect your data in the cloud. Baffle’s solution simplifies encryption of your data in the cloud without requiring any application code modification or embedded SDKs. The technology integrates seamlessly with cloud native services and vastly simplifies tokenization and encryption to enable a data-centric security model. CDPP goes beyond at-rest encryption, which many security practitioners mistakenly believe is adequate to protect their data.
Read more here on how at-rest encryption and TDE do absolutely nothing to protect your data against a modern day hack.
The data-centric approach combines access monitoring and field-level encryption to provide you with an end-to-end security model to protect against large-scale data breaches.
Baffle’s unique Record Level Encryption (RLE) protects data in multi-tenant SaaS environments and provides granular entitlements to data in co-mingled data stores.
The listing to the right is a partial listing of cloud services that Baffle supports.
Watch this webinar to learn how data can be easily de-identified as part of your data pipeline as it is staged for use in Snowflake or Amazon Redshift.
Baffle supports the following Infrastructure-as-a-Service (IaaS) providers and deployments:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Compute Platform (GCP)
- Docker, Kubernetes and container-based deployments
Within AWS, Baffle supports the following platforms and services:
- AWS Aurora MySQL and Postgres
- AWS RDS - MS SQL, MySQL, MariaDB, Postgres
- AWS S3 Object Encryption
- AWS S3 Data Pipeline Encryption
- AWS KMS
- AWS CloudHSM
- AWS Lambda
- AWS ECS Fargate
- AWS Secrets Manager
- AWS Elastic Load Balancer
- AWS Auto Scaling
Equivalent support is offered on other cloud providers.
“Customers are demanding support for Bring Your Own Key (BYOK) to enable ownership of their encryption key material and have control over their data with revocation rights. Workiva is building AWS KMS key management into the core of our platform, where customers can bring in encryption key material and manage it, and then use those keys in conjunction with Baffle. The joint solution requires no large-scale architectural overhauls or application changes, or dedicated databases per tenant. As a result, development time is instead being spent adding even higher value add enhancements instead of modifying the architecture and application, and Baffle allows us to execute on that vision.”
Security Architect, Workiva
Cloud Data Risk: How to Better Protect Your Data in the Cloud
Watch the webinar on Cloud Data Risk: How to Better Protect Your Data in the Cloud. It will cover key tenets of modern data privacy regulations within the context of security controls that are currently available and can be operationalized to improve your company's security posture.
Cloud Misconfigurations: A Surging, but Overlooked Threat
Enterprises continue to migrate their workloads to the cloud with the promise of lower costs, increased agility and greater flexibility. But cloud migration also brings risks, as misconfigured cloud services are one of the fastest-growing sources of data breaches.
Weaving Privacy And Security Into Cloud Migration Is Not Negotiable
Baffle delivers a transparent data protection service layer that secures data at the field or file level via a "no code" model. The solution supports tokenization, format preserving encryption (FPE), database and file AES-256 encryption, privacy preserving analytics and access control. As a transparent solution, cloud native services are easily supported with almost no performance impact.
No application code modification
Virtually no performance
Integrates easily into your
AES encryption in memory, in use,