Skip to content

Baffle enables cloud-based apps to use encrypted data without breaking

silicon angle logo

UPDATED 10:00 EST . 27 NOVEMBER 2017

Data encryption-as-a-service company Baffle Inc. is beefing up its product suite with a new data protection service for applications running on Amazon Web Services and Microsoft Azure. The idea is to ensure those cloud-based applications can run while using encrypted data without breaking.

Baffle’s main encryption-as-a-service software is designed to ensure that data breaches remain irrelevant by keeping it encrypted, not only when it is stored on-premises or in the cloud, but also when it is processed by databases or cached in memory.

With the new BaffleManager Application Data Protection Service, the company is strengthening its main product by bringing its encryption to data running inside the applications themselves. It enables secure compute for cloud applications while simultaneously providing data access and controls. It’s essentially the missing ingredient for its data encryption-as-a-service, which ensures that back-end database layers never expose data, and that applications will not break.

The new capabilities are a significant achievement, because no one has been able to develop a solution that’s able to query encrypted data without leaving data exposed in some fashion, or breaking the application that’s trying to read the data, said one analyst.

“Baffle has been successful in solving a fundamental problem that plagues cloud workloads,” said Rik Turner, principal analyst at Ovum, an analyst firm owned by Informa PLC. “Their ability to have a commercial application querying encrypted data in a commercial database is truly ground-breaking and stands to have a profound impact on enterprise workload security as it moves to public clouds.”

Baffle said its secure compute capability works by using AES-256 encryption with customer-owned keys ensuring that even the company itself cannot access data that’s encrypted. The new service also provides dynamic access control to enforce control over data cryptographically, plus enhanced data access monitoring capabilities so companies can see who is accessing data, as well as when and where.

Baffle co-founder and Chief Executive Officer Ameesh Divatia said the new solution is timely with regulations such as Europe’s General Data Protection Regulation due to come into force from next year.

“The dirty little secret with traditional data protection services is that they expose data that is being processed, use a sub-standard encryption scheme, and break the app,” said Divatia. “We avoid all of those pitfalls and are excited to deliver a comprehensive data protection service with zero trade-offs for the customer.”

Baffle said the BaffleManager service is available now on both AWS and Microsoft Azure. The company is offering a free 90-day trial for starters, with pricing information being made available on request. Baffle said it will showcase the new product during Amazon’s re:Invent event, which is taking place in Las Vegas this week.

Original article can be found here.

Join our newsletter

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.


No application code modification required


Deploy in hours not weeks


One solution for masking, tokenization, and encryption


AES cryptographic protection


No impact to user experience