Baffle Data Protection for Databases

The security of application-level encryption without all the work

Product overview

Baffle’s no-code column-level encryption ensures database and infrastructure layers can’t compromise the security of your data, without the cost, complexity, and on-going maintenance of implementing encryption inside the application

Key benefits

Secure

AES cryptographic protection

Easy

No application code modification required

Fast

Deploy in hours not weeks

Comprehensive

One solution for masking, tokenization, and encryption

Flexible

No impact to user experience

Key Capabilities

No-code Implementation

No Code Implementation
  • No application code changes are required to deploy and use, enabling even 3rd party apps to continue functioning
  • Changes in data protection policies don’t impact applications
  • Protect your data in days (not months) with the least costly, least risky, and least disruptive approach

High-Performance and Scalable Architecture

High Performance And Scalable Architecture
  • No perceived impact on application performance
  • Enables vertical and/or horizontal scaling as load increases, and applications continue to meet SLAs
  • Accommodate changing workloads, ensuring elasticity without major disruptions

Data-in-Use Protection

Data In Use Protection
  • When data is accessed and used, it is cryptographically protected, even from admin accounts (unlike data-at-rest only protection)
  • Meet privacy requirements for GDPR, NIST, CCPA, PCI DSS v4.0, and more
  • Even with data sprawl, the data is protected and meets compliance requirements regardless where it flows downstream

Role-Based Access Control

Role Based Access Control
  • Restricts use of data based on fine-grained policies by individual or group
  • Combine permissions at data level (field, row, column, or logical database) with access type (clear text, partially masked, fully encrypted, etc.)
  • Integrate with existing IAM systems for easier administration of access control policies

Additional Features

Real Queryable Encryption

Real Queryable Encryption

Enables each tenant to have control over their own data (at the row or logical database level)

Shield

Centralized management platform

Unified policy engine and admin console ensures consistency and enforcement across all data stores

Blocks With Shield

Deploy anywhere software

Choose between on-premises or your own VPC, no internet access or “call home” telemetry required

Compatibility

Cloud Service Providers

Amazon Web Services
Amazon Web Services
Microsoft Azure
Microsoft Azure
IBM Cloud
IBM Cloud
Google Cloud
GCP

Databases

PostgreSQL
PostgreSQL
Amazon RDS
Amazon RDS
MySQL
MySQL
MariaDB
MariaDB

Key Management / HSM

AWS CloudHSM
AWS CloudHSM
AWS KMS
AWS KMS
Azure Key Vault
Azure Key Vault
Hashi Vault
Hashi Vault
Gemalto Thales
Gemalto Thales

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.

Easy

No application code modification required

Fast

Deploy in hours not weeks

Comprehensive

One solution for masking, tokenization, and encryption

Secure

AES cryptographic protection

Flexible

No impact to user experience

Case Study

Saxo Bank

ON-DEMAND WEBINAR

Modernize your database with PostgreSQL in the cloud

BLOG

Transparent data encryption is not enough

Data protection for all of your use cases