Baffle’s Data Privacy Cloud Protects Data for Amazon Redshift Customers


Baffle, the startup that wants to
make data breaches “irrelevant,” announced its latest data security
offering for Amazon Redshift customers: Data Privacy Cloud.

Baffle aims to prevent data breaches in public and private
clouds by encrypting data wherever it may be. Most data protection schemes
encrypt data while in transit or at rest in storage, but not while it is in
use. In many cases, the data gets decrypted before the application can use it —
which is why many attacks target the application. Baffle’s goal is to keep the
data encrypted while it’s being processed by databases and application. This
way the data is still unavailable and unusable even if the attackers breach the
database or application.

Baffle’s data protection portfolio — which supports
tokenization, masking, and encryption — provides end-to-end protection of the
modern data pipeline. Baffle is cloud-native for Snowflake, Amazon Web
Services, Microsoft Azure, Google Compute Platform, and IBM Cloud, and offers
seamless integration with Amazon Redshift, AWS Database Migration Services, AWS
Glue, and AWS Simple Storage Service (S3). Baffle Data Privacy Cloud, which
organizations can run in their own virtual private cloud or private cloud,
currently has integration support just for Redshift.

“Baffle gives Amazon Redshift users the confidence to
proceed with critical data analytics projects by ensuring their data is
protected, no matter where it is in the analytics pipeline,” Baffle’s
co-founder and CEO Ameesh Divatia said in a statement.

Data Privacy Cloud runs on AWS Lambda serverless functions,
which allows organizations to establish their own data protection service for
any data store and for any application for their application groups and
business units, the company says. AWS Lambda supports virtually infinite
scalability and exposes developer interfaces for integration with pretty much
any application.

Baffle relies on a “security mesh” that reveals data
only to authorized accesses. The no-code platform makes it easy to deploy the
mesh without requiring extensive code changes, the company says. As data gets
consumed into data warehouses and analytics environments, Baffle selectively
enables access depending on role and policy.

Developers can invoke application calls into the Data Privacy
Cloud to protect data with a cloud-native service. The service offloads the
integration work with key management solutions and integrates data-centric
privacy and security methods into complex distributed service and data

The startup raised $20 million in Series B funding over the
summer. Over the past year, the startup has added more integration support to
its Data Protection Services. DPS protects data from any source to any
destination as it moves from on-premises to cloud, or between cloud-native
services, the company says.

Read more about Data Privacy Cloud here.