Baffle DPS on AWS simplifies tokenization and encryption of data stored in Amazon RDS

Baffle announced that its Data Protection Services (DPS) on AWS dramatically simplifies tokenization and encryption of data stored in Amazon Relational Database Service (Amazon RDS) environments without any application code modifications while supporting a Bring Your Own Key (BYOK) or Hold Your Own Key (HYOK) model.

Enterprises continue to race to the cloud and other modern platforms, but legacy encryption approaches that were not designed for the cloud continue to stumble and expose data. Cloud infrastructure providers, such as Amazon, specify a shared responsibility model in which enterprises are solely responsible for the security and compliance of their data in the cloud.

And some companies require additional data-centric protection measures to address more stringent privacy regulations and measures, which they cannot meet with common encryption at rest and transparent database encryption (TDE), which don’t obscure or protect the data values.

“As sensitive electronic data is stored, inadvertent exposure of personal data via analytics is a risk,” said Van Baker, research vice president for Gartner’s Application Innovation team.

“Additionally, hackers may gain access to more databases holding individual information that is potentially damaging if revealed or used against them. This increasingly puts enterprises at risk of legal liability if they don’t protect this data.”

As an AWS Select Technology Partner, Baffle DPS gives enterprises the ability to instantly apply data-centric security for data stored in AWS without any application changes. Baffle easily integrates with cloud native services where legacy solutions fail and can ensure compliance with data privacy regulations to help reduce the risk of data breaches and leaks.

Baffle supports the following data protection modes for RDS databases:

  • Seamless integration with AWS RDS databases and AWS cloud native services
  • NIST standard AES-256 encryption for field- or row-level protection
  • Format-preserving encryption (FPE)
  • Dynamic data masking
  • Role-based data masking

In this AWS Partner Network (APN) blog post, Jani Syed, principal solutions architect at AWS, and Harold Byun, vice president of products and marketing at Baffle, discuss the architecture for Baffle DPS and how it performs its tokenization and masking functions to establish a data-protection layer for data stored in Amazon RDS databases.

The authors also describe how to launch and test Baffle DPS from an AWS CloudFormation template with Amazon RDS databases to encrypt data at the column level.

“The continued move to [the] cloud is all about speed and agility,” said Byun. “Baffle DPS allows enterprises to protect their data in AWS in real-time without modifying applications or redesigning their architecture.

“The speed with which organizations can operationalize a security solution is critical in the cloud world. We’re excited to be working with AWS to show how the joint solutions can be enabled in a matter of minutes to deliver enhanced data protection.”

Don't miss