Data-Centric Security for MongoDB

Solution Overview:

Baffle has developed a data-centric encryption solution for MongoDB that effectively functions as an abstraction layer for virtually any application or data access function interacting with the back-end data tier.

Without modifying applications, Baffle can support search and aggregation as well as automated workflows and machine-to-machine processing on AES encrypted data without decrypting the underlying values.

The solution goes beyond native table or database encryption methods by mitigating privileged access or insider threat risk.

Baffle supports on-premise deployments as well as AWS, Azure and managed provider MongoDB environments. The solution integrates with existing enterprise key management and HSM solutions to support customer-owned keys.

Key Benefits:

  • Secures data in use, in memory and at-rest for MongoDB environments
  • Mitigates insider threat and data theft risk
  • Encrypts data without breaking application functionality
  • Ensures compliance with data privacy regulations

Architecture:

 

Key Capabilities:

Advanced Data Protection
Data is encrypted using AES encryption and protected end-to-end: in memory, in use, in search indices, and at-rest.

Support for Customer Owned Keys
Customers always own the keys and integration with enterprise key management, cloud key management and HSMs is supported

Comprehensive Application Support
Application functionality is preserved with Baffle’s solution and no code modification or rewrites are required.

Secure Compute
Baffle supports wildcard search, mathematical operations, and analytics on AES encrypted data.

Flexible Architecture
The deployment model supports traditional multi-tier applications, microservices architecture, and API-based access models

Features and integrations:

Learn more about our secure computation capabilities here

Download the Baffle MongoDB Data Sheet

Download Here