Baffle Data Protection for Databases

The security of application-level encryption without all the work

Baffle’s no-code column-level encryption ensures database and infrastructure layers can’t compromise the security of your data, without the cost, complexity, and on-going maintenance of implementing encryption inside the application

Key Benefits

Icon Padlock

Secure

Production PII is anonymized on ingest and is protected, even from database and cloud admins

Icon Cubes

Easy

Without code changes to the application, the data is protected everywhere it flows

Icon Lightning Bolt

Performant

There is no perceived impact on application performance

Icon Key

Control

Your key controls access to your data

Encryption Diagram

Key Capabilities

Cryptographically-enforced Protection

  • Baffle ensures unauthorized users, including cloud or database administrators, cannot access sensitive data in clear text
  • The data is kept in a “fail safe” security posture, minimizing the risk of data breaches
  • Data is protected even when it is loaded into another database or data warehouse

Zoom

Zoom

No-Code Implementation

  • Baffle is easily deployed and configured, without any modifications to applications
  • No ongoing maintenance impact to applications
  • Changes in data protection policies don’t impact application

High-Performance Architecture

  • Baffle has been designed for performance and scalability, minimizing impact on application and database performance
  • Architecture enables horizontal scaling, so application continues to meet SLAs
  • Non-sensitive data is passed through with minimal overhead

Zoom

Zoom

Comprehensive Key Management

  • Baffle handles all aspects of key management from creation, use, rotation and retirement of keys used for encryption
  • BYOK / KYOK ensures companies control their own keys, which in turn gives them full control over their data, even in cloud data stores
  • Destroying the key “shreds” the data making it inoperable no matter where it is located (eg BC/DR)

Role-Based Access Control

  • Baffle’s policy based controls specify which authorized users can access specific fields and columns in a database
  • Granular policies determine how much of the data authorized users can see in clear text (their level of anonymization)
  • Policies are declarative and auditable

Zoom

Compatibility

Cloud Service Providers

AWS

Amazon Web Services

Microsoft Azure

Microsoft Azure

Databases

Postgre SQL

PostgreSQL

Amazon RDS

Amazon RDS

MySQL

MySQL

MariaDB

MariaDB

Key Management / HSM

AWS CloudHSM

AWS CloudHSM

AWS KMS

AWS KMS

Azure Key Vault

Azure Key Vault

Hashicorp

Hashicorp

Gemalto SafeNet KeySecure

Gemalto SafeNet KeySecure

Book a Demo