Baffle

Baffle’s mission is to make data breaches irrelevant by seamlessly integrating data security into every data pipeline. The company aims to simplify cloud data protection, enabling organizations to easily secure sensitive data wherever it is stored or used. Baffle provides a data protection platform designed to simplify cloud-centric encryption without requiring application changes.

Baffle’s goal is to make data security easy and straightforward through a no-code, simple-to-deploy platform. This platform takes a data-centric approach at cloud scale. Baffle is known for its focus on application-level encryption, offering solutions for data masking, tokenization, and encryption with role-based access controls. The company has established a reputation for empowering large enterprises to protect billions of records, helping them meet compliance and security mandates.

Offerings, Capabilities, and Integrations

Baffle, Inc. provides a data protection platform focused on simplifying cloud-centric, application-level encryption. Its core offering is the Baffle Data Protection Service, which allows for the de-identification of sensitive data without application code changes. This “no-code” approach is a key competitive differentiator, enabling faster and easier implementation of data security measures. Baffle’s capabilities include data masking, tokenization, and format-preserving encryption, which can be applied at the field, row, or file level. A significant feature is the support for “Bring Your Own Key” (BYOK) and “Keep Your Own Key” (KYOK), allowing customers to maintain control over their encryption keys. This is particularly valuable for SaaS providers and their customers who require data isolation and control. Baffle’s platform is designed for a Zero Trust environment, ensuring data remains encrypted not only at rest and in transit, but also while in use for processing and analytics. Baffle integrates with major cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and IBM Cloud, as well as a variety of databases and data warehouses including PostgreSQL, MySQL, Amazon Redshift, and Snowflake.

Products and Services

Baffle’s primary offering is its comprehensive data protection platform, often referred to as Baffle Data Protection Services (DPS). This platform delivers a suite of services to secure sensitive data across various environments.

• Baffle Data Protection for Analytics: This service provides end-to-end data protection for analytics pipelines. It encrypts, tokenizes, or masks data as it is ingested into analytics databases and data warehouses, and enforces access control policies when data is queried.
• Baffle Data-Centric File Protection: This service secures sensitive information within unstructured data files, such as those stored in Amazon S3. It enables anonymized or de-identified analytics on this data as it is ingested into data warehouses like Snowflake and Amazon Redshift.
• Baffle DPS Transform for Apache Kafka: This is a Confluent-verified transform that provides automated data de-identification and protection for data streams in Apache Kafka and Confluent Cloud. It allows for on-the-fly data transformation as it moves through the data pipeline without requiring application changes.
• Real Queryable Encryption: A key feature of Baffle’s platform that allows for processing and analytics to be performed on encrypted data without ever decrypting it.
• Data Masking and Tokenization: Baffle offers both static and dynamic data masking to obscure sensitive data from unauthorized users. Its tokenization service uses format-preserving encryption to de-identify data.
• Bring Your Own Key (BYOK): This capability allows customers of SaaS providers to use and manage their own encryption keys, ensuring data isolation and control.

Target Customers

Baffle’s target customers are organizations that handle sensitive data and need to comply with data privacy regulations such as GDPR, CCPA, and PCI DSS. These are often companies in data-intensive and highly regulated industries.

• Financial Services: This sector benefits from Baffle’s ability to provide row-level encryption and logical segmentation of customer data, as well as BYOK capabilities to meet the security demands of large financial institutions.
• Healthcare: The healthcare industry can leverage Baffle’s solutions to protect patient data and maintain compliance with privacy regulations.
• SaaS Providers: Baffle is particularly beneficial for multi-tenant SaaS companies that need to ensure data isolation and provide their customers with control over their own data through BYOK.
• Data Scientists and Analysts: These professionals benefit from Baffle’s platform as it allows them to perform analytics on sensitive data that would otherwise be inaccessible due to compliance and security policies. By enabling privacy-preserving analytics, Baffle allows for the use of AI and machine learning on anonymized data.

Cloud Integrations and Marketplaces

Baffle provides a cloud data protection platform that integrates with major cloud providers. Baffle has a presence on the AWS and Microsoft Azure marketplaces, offering solutions to secure data in cloud environments.

• Amazon Web Services (AWS): Baffle is an AWS Partner and its solutions have been validated by AWS. Baffle offers several listings on the AWS Marketplace, designed to protect data for services like Amazon S3, Amazon RDS, and Amazon Aurora. These solutions provide capabilities such as field-level encryption, tokenization, and masking without requiring application code changes. The offerings aim to secure data during migration to AWS and within the AWS environment.
• Microsoft Azure: Baffle’s Data Protection Services are supported on Microsoft Azure, particularly for its database Platform as a Service (PaaS) offerings. This integration is designed to secure “lift and shift” cloud migrations to Azure. Baffle is available for procurement through the Azure Marketplace.
• Google Cloud: Baffle’s Cloud Data Encryption Platform is supported on Google Cloud Platform (GCP). However, there are no specific product listings for Baffle currently available on the Google Cloud Marketplace.

Key People

• Co-Founder & CEO: Ameesh Divatia
• Co-Founder & CTO: Priyadarshan Kolte
• EVP Sales: Joe Dillon
• SVP Marketing: Sushant Rao
• VP Product Management: Min-Hank Ho
• VP Engineering: Rajan Palanivel
• VP Customer Success: Prasad Rallapalli
• Chief Product Architect: Sumandra Majee
• Chief Software Architect: Spence Jackson

Key Facts

• Headquarters: Santa Clara, California
• Number of Employees: 60
• Annual Revenue: $7.6M
• Parent Company: None
• Subsidiary Companies: None
• Publicly Listed: No

Analyst Recognition

Baffle has been recognized by Gartner in several of its publications.

• Gartner: Baffle was named a Sample Vendor in the 2022 Gartner Hype Cycle for Privacy in the categories of Format Preserving Encryption (FPE) and Secure Multiparty Computation (SMPC). Baffle was also recognized as a Sample Vendor in the 2022 Gartner Hype Cycle for Data Security in the category of Multicloud Key Management as a Service. Additionally, Baffle was listed as a Sample Vendor for SMPC in the 2022 Gartner Hype Cycle for Digital Identity and the Gartner Hype Cycle for Blockchain and Web3. In 2019, Gartner named Baffle a “Cool Vendor” in Privacy Preservation in Analytics.

There is no information available regarding analyst recognition for Baffle from Forrester, IDC, or Everest Group.