We tend to think of security as a matter of building walls to keep intruders out and important items safe. But the fact is, walls can be breached. Even the best security perimeter has holes that can be exploited, allowing thieves and hackers to make off with valuable data.
We read about it every day — in part, because regulations, such as the European Union’s General Data Protection Regulation (GDPR), require that companies disclose when they’ve been hacked. It gets worse as we move more of our critical data and applications to the cloud, because your data is now outside the walls. Yet, companies are still required to ensure the security of your data when it is in the hands of a third party and out of your, or their, control.
But what if there were a way to ensure that stolen data was worthless to thieves, even if they manage to penetrate the network perimeter or breach the cloud? In a world where data underlies just about everything we do, moving to a better security model can end the drumbeat of stories that undermine confidence in companies and governments, while protecting the privacy of consumers and citizens.
A Silicon Valley startup called Baffle is pioneering a new approach to data security that provides foolproof protection for data, whether it resides on internal systems or public cloud platforms like Microsoft Azure, AWS, or the multitude of SaaS/PaaS providers that are used by most organizations for critical functions.
Data Security, Not Perimeter Security
The concept of data encryption has been around for a long time, but practical considerations have hindered its adoption. The computational power required to decrypt data can drag down system performance, and integration into enterprise application workflows can slow down end users who want responsive performance. Consequently, organizations depend on flawed perimeter security regimes and cloud providers to protect their data, or forgo the benefits of more open, cloud-based platforms and solutions entirely because of concerns about security. These approaches leave them vulnerable to attacks, breaches and lost data.
Baffle’s solution? A software-only solution that provides encryption for any application running on any database. It encrypts at the record level with cryptographically-enforced access control and monitoring of access to sensitive data for compliance. Once the data is encrypted, Baffle harnesses the power of the cloud to enable any query to be executed securely in the database with no appreciable loss of performance. As a result, data is never in the clear while stored or in process by the database both on-premise or in the cloud.
Security in the Cloud by Default
For customers who want to leverage the cloud, Baffle performs a one-time encryption process on the entire database before it is uploaded to the cloud. That does away with the vulnerability associated with migrating sensitive data to a public cloud environment like Microsoft Azure or Amazon AWS, and provides durable protection for the data no matter where it resides.
Applications that use the encrypted data use the data as it usually would, performing decryption on the fly using the massively scalable processing power of the cloud itself to keep performance at the same levels that users would expect using off-the-shelf security from database vendors.
Applications access the encrypted data using their familiar SQL-based queries and visualization tools. This means that Baffle supports custom-developed apps or standard packages like Tableau or Microsoft PowerBI, despite the fact that these applications were not built to operate on encrypted data.
Encryption is the gold standard for data safety compliance in regulated industries from finance to pharmaceuticals. In fact, most regulators do not even require companies to report the theft of encrypted data, and insurers dramatically lower premiums on data liability policies for organizations that use encryption.
Why steal what you can’t use?
Encrypted data is useless without the services layer that renders it intelligible to higher level applications. Even if hackers are able to penetrate the network security and download confidential files, the bits themselves will be hopelessly scrambled and of no use.
“There have been multiple attempts to do this, from enterprises to academics to startups,” says Baffle co-founder and CEO Ameesh Divatia. “We’re ahead of everyone else in terms of using secure multiparty compute technology, and our implementation is patented and uniquely focused on a practical integration path into existing IT workflows.”
Divatia says many customers see ROI purely on the basis of these reduced insurance costs, while others are attracted by the prospect of not having to worry about the business and PR consequences of disclosing data breaches, which can exceed the damage caused by the breach itself.
Off to a Fast Start
Divatia and co-founder/CTO Priyadarshan “PD” Kolte launched the company in late 2015, combining Kolte’s pedigree in developing massive multiprocessor engineering solutions with Divatia’s experience as a serial entrepreneur with a track record of turning technologies that are difficult to build into successful businesses, selling three companies for more than $425 million combined in the service provider and enterprise datacenter infrastructure market. They hired a team of security specialists, filed patents for their technologies, and began developing their product.
The company expanded to 12 employees in the Santa Clara, California office, and is deployed in mission-critical production environments for large clients in the healthcare, financial technology, and SaaS sectors. In fall 2017, Baffle was invited to participate in the Microsoft Accelerator in Seattle, an exclusive program for B2B startups developing the next generation of cloud, data, AI, and machine-learning technologies.
Divatia says he sees great mutual benefit in working with Microsoft to streamline Azure migration, optimize technical issues, and work in concert with Microsoft enterprise sales teams to create solutions that benefit customers. The BaffleManager™ product is available for deployment on the Microsoft Azure Marketplace with a free 90-day trial.
Those benefits are already being seen. But in the end, Baffle remains motivated by its transformational mission. “We don’t want to make data theft more difficult,” says Divatia. “We want to make it irrelevant.”