From a security perspective, doing compute in the cloud is a bit like leaving teenaged children home alone while you go away for the weekend. You hope they’re doing their homework, but you really have no idea what’s going on. You could call your nosy neighbor and ask him to look through the window and report what he sees, but that is just the problem. You don’t know what’s happening because you’re not there, but it’s easy enough to spy on them.
So it goes with cloud computing. Encryption is typically for data at rest, not for data that’s in the compute cycle. Today’s threats, however, enable malicious actors to breach your data when it’s in the compute stage, especially in the cloud. And, like the nervous parents who suspects the kids are drinking beer and listening to suspicious, alternative rock music while they’re on their golfing weekend, Gartner has warned that businesses should assume they are in a “state of constant compromise.”
This is the vulnerability that Baffle is addressing. Baffle prevents data breaches by securing the end-to-end data access model for applications and databases. With this approach, Baffle offers protection against threats like Spectre and Meltdown.
Baffle is a provider of what CEO Ameesh Divatia calls “Opaque Computing.” The data is impossible to view while in compute or anywhere else. Baffle achieves opaque computing through a patent-pending technology that enables encryption of data at-rest, in use, in memory and in the search index. It does this without affecting the application using AES (advanced encryption standard) encryption. According to Divatia, Baffle is the first company to enable secure data processing on a commercial application and database to guarantee data protection
The data protection capabilities available in Baffle help companies secure “lift and shift” cloud migrations. They also mitigate the risk of insider threat by minimizing exposure to sensitive data. In this way, the solution helps with GDPR Article 25, which requires strong technical controls to ensure data privacy for in use and in memory data as well. The company also reports that it is the only provider that can enable secure data processing for third party commercial applications and databases without modifying the application.