AppEncryption-icon

Encryption Complexity
equifax1

Data Breaches
hacker icon

Insider Threat
lock icon

Spectre-class Vulnerabilities

Advanced Data Protection

Baffle’s solution goes beyond legacy encryption to truly close gaps in the data threat model. Baffle provides an advanced data protection solution that protects data in memory, in process and at-rest to reduce insider threat and data theft risk.

Our Product

Finance

Financial Services
Healthcare

Healthcare
CDPP_blue

Cloud Data Protection
Securecloud

Secure Cloud Migrations
serverlessB

Serverless Architecture

Saas

SaaS Providers
Request a Demo
AppEncryption

common Misconceptions with Encryption

Across the industry from security professionals to auditors, there are some common misconceptions about encryption methods that a lot people get confused about in terms of the threat model and risks that are actually being mitigated.

Without understanding the methods and what you are protecting against, it’s difficult to ensure the appropriate data protection model.  Further, actually implementing encryption can be quite complex with several interdependencies.

Below is an overview of some of the different at-rest encryption methods that are commonly available.

  1. Disk Level Encryption — Encrypts data at the physical disk layer and protects against physical data theft of a hard drive or laptop.  Operating system access provides full access to the data in the clear.
  2. Transparent Data Encryption (TDE) — Provides encryption of a database as a container on the file system.  This protects against  physical data theft and against access from a non-DBA who may have access to a system where the database resides.  Access to the database provides full access to the data in the clear.
  3. Field Level Encryption – Encrypts columns or fields of data in a structured data environment.  This protects against privileged users and DBAs with access to a database, insider threat, 3rd party developers, and attackers moving laterally (east-west) in an environment from seeing sensitive data in the clear. This method is sometimes referred to as Application Level Encryption (ALE)
  4. Record Level Encryption – Encrypts data on a per row or record basis in a structured data environment using different keys for different rows.  This helps prevent oversharing of data in co-mingled data stores or multi-tenant SaaS environments and can also be applied to segment data based on classification. This method is sometimes referred to as Record Level Encryption (RLE)

All of these methods are commonly referred to as Encryption At-Rest. Perhaps part of the issue is with the term “Encryption At-Rest”, because technically, all of these methods are at-rest encryption options.  But, clearly the risk mitigation provided is different based on the data protection method.

Download the white paper on “Simplifying Application Level Encryption”

Download White Paper

Learn More About Simplified Encryption

Below is an example of Transparent Data Encryption (TDE).

As you can see, anyone with access to the database sees the data in the clear.

  • It does nothing to protect against a modern day hack or breach. (most recent breaches had TDE in place and data was still stolen)
  • Data in the logs are in the clear, which violates compliance regulations such as PCI
  • Data in memory is in the clear
  • Attackers moving laterally in the network gain access to data in the clear

 

TDE2

 

The following is an example of Application Level Encryption or Field Level Encryption.

  • Privileged users and insiders with access to the system see the data encrypted
  • Attackers accessing the system laterally through the network see encrypted data
  • Data in logs are encrypted
  • Data in memory are encrypted
Field_Level_Encryption

Download the white paper on “Simplifying Application Level Encryption”

Download White Paper

Learn More About Simplified Encryption

How Baffle Helps

Baffle simplifies field and record level encryption

Application level encryption is difficult to implement leaving businesses with some tough choices -- leave your high value data exposed or undertake a costly and error-prone approach to data protection. Baffle provides a better way.

Simplify encryption implementation

Baffle’s “no code” encryption method eliminates code changes to the application tier.  Virtually any application or API call can be encrypted without any code modification.

Save on costs

Make your CFO and your developers happy.  Eliminate costly development projects to re-write applications and focus developers on what they want to do — build and release core functionality.

Minimize application breakage

Baffle’s encryption method allows for sort, wildcard search and mathematical operations on encrypted data. This eliminates breakage of application functions and business processes.

Related Posts

Encryption graphic

The Future of Database Encryption

In order for encryption to be more broadly deployed, it must become easier to consume and interfere less with how applications process data. CIOs and  CISOs are starting to recognize that database encryption is a critical need and are scrambling to adopt it before their…

Read More

RLE-webinar-cover

Ensure Data Privacy for SaaS

Implementing Record Level Encryption to Ensure Data Privacy for SaaS September 17, 2019 | 11:00 AM PST Watch this webinar and learn about the following: Common security and operational challenges in SaaS and shared data environments Architectural and design considerations for building a Bring Your…

Read More

Intellyx screenshot

Baffle: Making Application and Database Encryption Easy

There is nothing worse than having a solution to a problem that people don’t know they have. That may be the classic definition of database encryption. The challenge is that most databases have their own baked-in encryption model. As a result, most organizations just assume…

Read More