SaaS Providers

Baffle provides BYOK and record level encryption for multi-tenant SaaS

The SaaS Business vs. Security Trade-off

The shift to cloud-based software delivery has revolutionized how enterprises use software. Software-as-a-service (SaaS) has become the predominant mode of adopting software for companies resulting in huge amounts of data being entrusted to respective SaaS providers.

You may be in the business of delivering a SaaS service, and key customers are demanding enhanced security measures or auditors are breathing down your neck or your legal or risk team or board has concerns over pending privacy regulations.  All the while, your customers are asking for this feature and that feature and competition is heating up.

This leaves you with the business dilemma of building out features and functionality to delight your customers and compete in the market or building out security platform capabilities.  Alternatively, you could attempt to do both if you have a bottomless budget and can get developers, or you could opt to dedicate instances for big clients, which is operationally and cost inefficient.

Or, you could implement an off-the-shelf BYOK service that supports multiple keys in multi-tenant environments, while requiring no architectural or application code changes.  The transition can be isolated and you can remain focused on running your core business and service.

Simplified BYOK for SaaS

What if there was an easier way to deliver a solution to the above scenario?  What if you could satisfy enterprise customers with stringent security requirements without having to modify your applications, hundreds of microservices or dedicate instances to that customer?

Baffle provides a BYOK platform for SaaS providers that supports customer-owned keys and secures data at the record level in a multi-tenant environment, without requiring application and architectural changes or dedicated instances.  The solution is in production globally with SaaS providers in environments in excess of several billion records, with virtually no discernible performance overhead (1 - 2ms overhead in measured environements).

This satisfies the compliance requirements of your largest customers, gives them ownership of their key, gives them a right of data revocation, and frees you up to do what you do best — build a world-class application and service.

Baffle’s key virtualization layer integrates with HSMs, cloud key managers, and secrets managers to easily source customer-owned keys.  This key integration can be integrated into cloud native services with no redesigns or application code changes.

With Baffle Data Protection Services, you can avoid being forced into trade-offs around product development and features versus building out core platform security capabilities.  You can simplify your security implementation at a lower operational, and perhaps more importantly, opportunity cost.

And finally, in the words of one of our customers, "after we looked at the performance numbers, it was game over."  In other words, our solution has been highly optimized and has been measured at one to two millisecond overhead in a global deployment with hundreds of microservices.

SaaS Providers

Interested in a headless deployment — pull our Docker image to get up and running in minutes.  Contact [email protected] for more info.

Useful Links

Our Solution

Baffle delivers application level encryption on a per field basis via a “no code” model. The technology supports “homomorphic-like” capabilities — the ability to perform mathematical operations on AES encrypted data without ever decrypting the underlying values. Data stays protected in memory, in use and at-rest.

Icon Simplified

Simple

No application code modification
required

Icon Fast

Fast

Virtually no performance
impact

Icon Seamless

Seamless

Integrates easily into your
infrastructure

Icon Secure

Secure

AES encryption in memory, in use,
and at-rest

See How Baffle Can Protect Your Data

Schedule a live demo with one of our solutions experts to get answers to your questions