Apache Kafka® Support

Secure the Data Pipeline with Field Level Encryption and Tokenization

Request A Demo

Apache Kafka® Encryption

Apache Kafka is a powerful platform for streaming big data in real time for multiple providers and use cases, including data analysis downstream. Thousands of enterprises rely on Apache Kafka, as an open-source distributed event streaming platform, for high-performance data pipelines, streaming analytics, and data integration. It is often used to move data from a traditional database or file storage into a modern analytic data warehouse like Snowflake® or Amazon Redshift or Apache Pinot™.

However, putting sensitive data in the clear can create massive security and compliance issues. The challenge is that legacy data encryption methods are not sufficient as they do not allow control over who can see what data and can also impede downstream data analytics and third party applications.

Baffle® Data Protection Services (DPS) Transform for Kafka is a purpose built software solution designed to simplify end-to-end security of the modern data pipeline.

Baffle DPS allows you to deploy a transparent data security mesh that encrypts or tokenizes sensitive data while it is being moved from a traditional database to a modern analytic data warehouse. This data-centric security approach ensures that no cleartext data is exposed in the analytics pipeline preventing the possibility of sensitive data from being stolen. With Baffle DPS, Kafka can implement functionality that provides end to end encryption of messages - with the consumer only being able to decrypt the Kafka topic from the Kafka broker if they have been granted the proper access.

Baffle Data Protection Services

Baffle’s solution simplifies protection of your data in the cloud without requiring any application code modification or embedded SDKs.

Learn More

How Baffle for Kafka Works

Kafka Connect ingests data into a Kafka Cluster from traditional database and dumps the data into modern analytic data warehouses. Kafka Connect enables connectivity between a source data store and a Kafka cluster or between a Kafka cluster and a destination data store.

The Simple Message Transform (SMT) capability allows a custom transformation engine to be plugged into a Kafka connector to transform data from its original value as it is being ingressed/egressed from Kafka. The Baffle Transform using SMT provides a way to encrypt or tokenize the Kafka stream, or sensitive data, while it is being moved from a traditional database to a modern analytic data warehouse. This data-centric security approach ensures that no cleartext data is exposed in the analytics pipeline preventing the possibility of sensitive data from being stolen.

Data is transported from a data source to the Confluent Kafka cluster through Kafka Connect where the Baffle Transform plug-in tokenizes sensitive data at a field level granularity.

For consumption, the encrypted data is transported from a Confluent Kafka cluster to a data store through Kafka Connect where the Baffle Transform plug-in restores sensitive data at a field level granularity with de-tokenization or decryption to its original values.

Kafka

The Baffle Single Message Transform can be integrated with:

  • Kafka Connect

All Sink and Source Connectors are supported:

  • Sources and Sinks: Reads and writes data to the Confluent Platform (using the consumer/producer API)

Baffle SMT is compatible with the following:

  • Confluent 5.0.X and above
  • Kafka 2.0.x and above
  • Kafka Connect 5.0.X and above

download iconDownload the white paper on “Simplifying Application Level Encryption”

Our Solution

Baffle delivers an enterprise-level transparent data security platform that secures databases via a "no code" model at the field or file level. The solution supports tokenization, format-preserving encryption (FPE), database and file AES-256 encryption, and role-based access control. As a transparent solution, cloud-native services are easily supported with almost no performance or functionality impact.

Icon Cubes

Easy

No application code modification required

Icon Stopwatch

Fast

Deploy in hours
not weeks

Icon Bolt

Powerful

No impact to user
experience

Icon Command

Flexible

Bring your own key

Icon Padlock

Secure

AES cryptographic
protection

See How Baffle Can Protect Your Critical Data and Avoid Costly Data Breaches

Schedule a live demo with one of our solutions experts to get answers to your questions

Request A Demo

Related Resources

How to De-Identify Apache Kafka Data Streams
Webinar: How to De-Identify Apache Kafka Data Streams

Learn how modern data protection technologies can be used to easily de-identify & re-identify Kafka data streams to share sensitive data securely between internal and external audiences & data domains.

Watch Now!
De Identifying Data In Snowflake And Amazon Redshift
Webinar: De-identifying Data in Snowflake and Amazon Redshift

Watch this webinar to learn how data can be easily de-identified as part of your data pipeline as it is staged for use in Snowflake or Amazon Redshift.

Watch Now!
tokenize your data in aws ads with aws kms
Webinar: Tokenize Your Data in AWS RDS with AWS KMS

Watch this webinar to learn about different tokenization and data encryption techniques and see how you can stand up a demo of Baffle's Data Protection Services in conjunction with AWS RDS and AWS KMS in a matter of minutes.

Watch Now!
Case End-to-end Data Encryption in the Cloud
Case Study: End-to-End Data Encryption in the Cloud

A SaaS that is an industry pioneer in anti-financial crime management solutions encrypts their data end-to-end, at rest and in use.
Case Study: BYOK to protect customer data
Case Study: BYOK to protect customer data

A leading provider of fraud and risk management solutions uses BYOK to ensure their customer data is cryptographically protected and isolated
Case Study: Migrate and Secure Data in the Cloud
Case Study: Migrate and Secure Data in the Cloud

One of the largest makers of energy technologies in the world migrated their application to the cloud while ensuring their data was protected
Case Study: Protect Sensitive Data in Multi-Tenant Cloud
Case Study: Protect Sensitive Data in Multi-Tenant Cloud

FinTech Software-as-a-Service gives their customers control over their data in a multi-tenant architecture with BYOK