Baffle Data Protection for Databases
The security of application-level encryption without all the work
Baffle’s no-code column-level encryption ensures database and infrastructure layers can’t compromise the security of your data, without the cost, complexity, and on-going maintenance of implementing encryption inside the application
Key Benefits
Secure
Production PII is anonymized on ingest and is protected, even from database and cloud admins
Easy
Without code changes to the application, the data is protected everywhere it flows
Performant
There is no perceived impact on application performance
Control
Your key controls access to your data
Key Capabilities
Cryptographically-enforced Protection
- Baffle ensures unauthorized users, including cloud or database administrators, cannot access sensitive data in clear text
- The data is kept in a “fail safe” security posture, minimizing the risk of data breaches
- Data is protected even when it is loaded into another database or data warehouse
No-Code Implementation
- Baffle is easily deployed and configured, without any modifications to applications
- No ongoing maintenance impact to applications
- Changes in data protection policies don’t impact application
High-Performance Architecture
- Baffle has been designed for performance and scalability, minimizing impact on application and database performance
- Architecture enables horizontal scaling, so application continues to meet SLAs
- Non-sensitive data is passed through with minimal overhead
Comprehensive Key Management
- Baffle handles all aspects of key management from creation, use, rotation and retirement of keys used for encryption
- BYOK / KYOK ensures companies control their own keys, which in turn gives them full control over their data, even in cloud data stores
- Destroying the key “shreds” the data making it inoperable no matter where it is located (eg BC/DR)
Role-Based Access Control
- Baffle’s policy based controls specify which authorized users can access specific fields and columns in a database
- Granular policies determine how much of the data authorized users can see in clear text (their level of anonymization)
- Policies are declarative and auditable