common Misconceptions with Encryption
Across the industry from security professionals to auditors, there are some common misconceptions about encryption methods that a lot people get confused about in terms of the threat model and risks that are actually being mitigated.
Without understanding the methods and what you are protecting against, it’s difficult to ensure the appropriate data protection model. Further, actually implementing encryption can be quite complex with several interdependencies.
Read our article on the threat model and how these gaps do not stop attackers in “Why you can’t stop data breaches – Part I”
Read the article by our CTO, PD Kolte, on “Why data tokenization is insecure”
Below is an overview of some of the different methods that are commonly available.
On the right is an example of Transparent Data Encryption (TDE).
As you can see, anyone with access to the database sees the data in the clear.
- It does nothing to protect against a modern day hack or breach. (most recent breaches had TDE in place and data was still stolen)
- Data in the logs are in the clear, which violates compliance regulations such as PCI
- Data in memory is in the clear
- Attackers moving laterally in the network gain access to data in the clear
The following is an example of Application Level Encryption or Field Level Encryption.
- Privileged users and insiders with access to the system see the data encrypted
- Attackers accessing the system laterally through the network see encrypted data
- Data in logs are encrypted
- Data in memory are encrypted
How Baffle Helps
Baffle simplifies field level encryption
Application level encryption is difficult to implement leaving businesses with some tough choices -- leave your high value data exposed or undertake a costly and error-prone approach to data protection. Baffle provides a better way.
Simplify encryption implementation
Baffle’s “no code” encryption method eliminates code changes to the application tier. Virtually any application or API call can be encrypted without any code modification.
Save on costs
Make your CFO and your developers happy. Eliminate costly development projects to re-write applications and focus developers on what they want to do — build and release core functionality.
Minimize application breakage
Baffle’s encryption method allows for sort, wildcard search and mathematical operations on encrypted data. This eliminates breakage of application functions and business processes.