Baffle Encryption Modes

All Baffle encryption modes can be implemented using a “no code” model via Baffle Data Protection Services

Field  Level EncryptionTable or column-based encryption using randomized or deterministic AES-CTR encryption
Record Level Encryption (RLE)Support for row by row encryption using different keys mapped to entities for multi-tenant or shared databases
Secure Data TokenizationUses deterministic AES encryption to generate a deterministic encrypted transform for a given value.  Can applied to support JOINs and foreign key constraints as well as preserve indexing and optimizer. Does NOT use code book method.
Format Preserving Encryption (FPE)Supports encryption where the cipher text output has the same form of the input.  Preserves length of the data type.  Cannot be used in conjunction with RLE or Advanced Encryption
Data-Centric File EncryptionSupports encryption and de-identification of data inside file and object stores to secure data in cloud storage such as AWS S3 or Azure Blob Storage and for use in data analytics pipelines and big data processing
Advanced Encryption (SMPC)Support for secure computation and secure data sharing on encrypted table or columnar data using randomized AES and secure multiparty compute (SMPC)



Encryption Standards

Baffle uses NIST approved cryptographic AES algorithms for the above encryption modes. For FPE, Baffle uses NIST approved FF1 and FF3-1 algorithms. The cryptographic implementations use a FIPS 140-2 validated cryptographic module.

Format Preserving Encryption

A view of clear text data

FPE Encrypted View

A view of data encrypted with FPE

Use Cases

See How Baffle Can Protect Your Data

Schedule a live demo and get answers to your questions

TiE Award

TiEcon Winner 2017

CRN Security Award

2017 Security 100

RSAC Award

RSAC 2017 Finalist