Baffle Data Security for Amazon S3

Comprehensive data security with fine-grained access control at the field level.

Product overview

When data in a S3 bucket is accidentally exposed, it’s typically due to a misconfiguration or misuse. Baffle Data Security for AWS S3 protects your data from human errors causing unintended disclosure.

Key benefits

Secure

AES cryptographic protection

Easy

No application code modification required

Fast

Deploy in hours not weeks

Comprehensive

One solution for masking, tokenization, and encryption

Flexible

No impact to user experience

Key Capabilities

Client-Side Encryption

Data In Use Protection
  • Data is cryptographically protected before it lands in a S3 bucket, even from admin accounts (unlike data-at-rest only protection)
  • Meet privacy requirements for GDPR, NIST, CCPA, PCI DSS v4.0, and more
  • Even with data sprawl, the data is protected and meets compliance requirements regardless where it flows downstream

Field-Level Anonymization

Real Queryable Encryption
  • Unstructured and semi-structured data is encrypted at the field level
  • Data is protected at the field and object level
  • Much more flexibility to use the data without requiring decryption of PII

Role-Based Access Control

Role Based Access Control
  • Restricts use of data based on fine-grained policies by individual or group
  • Combine permissions at object or field level with access type (clear text, partially masked, fully encrypted, etc.)
  • Integrate with existing IAM systems for easier administration of access control policies

No-Code Changes

No Code Implementation
  • Encrypt data stored by your tools and applications in S3 buckets without any modifications
  • Changes in data protection policies don’t impact applications
  • Protect your data in days (not months) with the least costly, least risky, and least disruptive approach

Data Isolation for Multi-Tenant BYOK

Database With Keys
  • Each tenant’s data is encrypted with their key
  • Leverages native controls and makes it easy to use and manage
  • The tenant has full control over their data, including digitally shredding by removing their key

Additional Features

Shield

Centralized management platform

Unified policy engine and admin console ensures consistency and enforcement across all data stores

Blocks With Shield

Federated Key Management

Consolidates encryption keys for structured (databases) and unstructured/semi-structured (object store) data, making it easy to manage and avoiding key proliferation

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.

Easy

No application code modification required

Fast

Deploy in hours not weeks

Comprehensive

One solution for masking, tokenization, and encryption

Secure

AES cryptographic protection

Flexible

No impact to user experience

Discover more

Solution Brief

Data Security for Amazon S3

LIVE WEBINAR

Comprehensive Data Security for Amazon S3

BLOG

Introducing Fine-Grained Data Security for Amazon S3

Data protection for all of your use cases