Baffle is the only security platform that cryptographically protects the data as it's created, used, and shared across cloud-native data stores.

Baffle Manager is a web-based orchestration tool that enables the configuration, management and reporting of Baffle Shields. Baffle Manager is free.

Baffle Shields are reverse proxies placed in-line between your applications and databases. Data going into the databases is encrypted or tokenized and data coming out can be decrypted and/or masked according to role based access controls (RBAC). The proxies intercept SQL queries from the application and perform the key management, encryption/decryption, and RBAC masking in near real-time. This means no or minimal code changes to your applications for fast and easy implementation. The proxy architecture is modular, allowing you to scale with your performance and availability needs.

Baffle Shield offerings in the AWS Marketplace include:
-Baffle Shield for Postgres Static Data Masking to Lower Environments is for duplicating but anonymizing data from production into lower (pre-production) environments while maintaining the original data format and length.
-Baffle Shield for Postgres Dynamic Data Masking encrypts the database and then enables full or partial masking based on role-based access control (RBAC).
-Baffle Shield for Postgres Multi-tenant Data Security performs record-level encryption using a different key for every tenant. This allows your SaaS solution to scale while providing data isolation and security.

Baffle enables you to easily and safely unlock the value of your data, meet compliance and security controls, and eliminate the impact of data breaches even on infrastructure you don't control.