Baffle Encryption as a Service

End-to-end encryption for the sensitive data in your database with no risk of breach

Baffle is pioneering a solution that makes data breaches irrelevant by ensuring that data remains encrypted, not only when it is stored on-premise or in the cloud, but also when it is processed by databases or cached in memory. In doing so, Baffle offers organizations a way of eliminating or mitigating the risks of a data breach due to compromised IT administrator credentials by restricting access to sensitive data only through authorized applications. Baffle’s software solution is delivered as a cloud-centric service where it deploys and manages all aspects of enterprise data encryption including key management. Furthermore, it requires no changes to the client application and supports all popular enterprise databases to integrate seamlessly with existing enterprise operational workflows and reduce the time and cost of encrypting your data. By making it simple to always encrypt your sensitive data, Baffle ensures that any attempts to steal data, even if done with legitimate IT administrator credentials, will only yield encrypted data that’s useless to the hacker.

Baffle’s Solution

Baffle addresses this insider threat by providing an easy way to keep data encrypted on database servers. This solution protects data irrespective of whether the data is on disk, in memory, or being processed in the database. Baffle’s Encryption As A Service consists of two major components, BaffleShield and BaffleManager:


BaffleShield is a SQL layer reverse proxy deployed on the application host that encrypts application data at a columnar level as it is sent to the database and decrypts query results when it is returned by the database to the application. It uses industry standard encryption algorithms and manages the encryption key for users while giving them the option of choosing from among the most popular key stores for secure key storage. Because BaffleShield can intercept the data to perform encryption and decryption on behalf of the application, no application changes are needed to enable application-level encryption.


BaffleManager is an intuitive management console that allows application and database administrators to automate encryption deployment and management in the enterprise. It also gives security administrators the ability to define and enforce security compliance policies for encryption. Deployable on-premise or in the cloud, BaffleManager can manage native database server encryption and Baffle’s application encryption capabilities. This provides administrators a single view of all data encryption usage in a heterogeneous environment and unparalleled flexibility to align their encryption deployments to the data’s sensitivity and risk.


At the core of Baffle’s encryption solution is Baffle’s groundbreaking patent-pending technology that enables arbitrary computation on encrypted data and was filed by the company at its inception. This is used on the database server to perform operations on encrypted data allowing for end-to-end data protection in enterprise workflows.


Baffle’s product is available now allowing customers to migrate their data into encrypted databases. To learn more, please contact us.