Baffle is the only security platform that cryptographically protects data as it's created, used, and shared across cloud-native data stores.

Baffle Shield for Postgres Dynamic Data Masking is a proxy between your applications and Postgres databases. Data in databases is encrypted or tokenized for protection of data-at-rest. Data-in-use is decrypted and/or masked according to role-based access controls (RBAC) for protection. The masking can vary based on the data itself and the role of the applications or users. Marketing might see credit card numbers (CCN) as "confidential" but the payment applications get the CCN in the clear. Support is able to see the first six and last four digits (4444-44XX-XXXX-4444) for customer verification. This is the solution for compliance to security and privacy regulations such as PCI-DSS, HIPAA, GDPR, and CCPA.

The Baffle proxy intercepts SQL queries from the application and performs the key management, encryption/decryption, and RBAC masking in real-time. This means no or minimal code changes to your applications for easy implementation. A two-tiered key system means you control the key encryption keys, but do not have to manage the data encryption keys. The proxy architecture is modular, allowing you to scale with your performance and availability needs.

Note! Baffle Manager is a web-based GUI to configure, manage, and report on Baffle Shields. Baffle Manager is free and must be installed first.