Thales Partners



Baffle provides an advanced data protection solution that simplifies encryption implementation while enabling secure computation on encrypted data in memory, in use and at-rest. The technology allows customers to enable application level encryption via a “no code” model and supports mathematical operations on AES encrypted data including wildcard searches and sorting.


Baffle Encryption: Encryption Key Management with SafeNet KeySecure

Baffle’s solution ensures that data remains encrypted, not only when it is stored at-rest, but also when it is processed by databases or cached in memory. The Baffle solution consists of two components: BaffleShield and Baffle Manager. BaffleShield is a SQL layer reverse proxy that is deployed as a data abstraction layer to encrypt application data as it is sent to the database. Baffle Manager is a management console that allows application and database administrators to automate encryption deployment and management in the enterprise. By restricting access to sensitive data to only authorized applications, Baffle helps organizations mitigate the risks of a data breach due to insider threat or privileged access users. Delivered as an advanced data protection service, it does not require any code changes to client applications and supports all popular enterprise databases. Baffle’s easy integration with existing operational workflows reduces the time, cost and effort organizations spend on encrypting their data.

To enable simplified encryption, streamline on-going management, and facilitate regulatory compliance, Baffle integrates with Thales CipherTrust Manager. CipherTrust Manager, available in FIPS 140-2 level 1 or 3 validated options, is an encryption and key management platform that provides secure, centralized key and policy management for distributed environments. CipherTrust Manager lets administrators manage Baffle encryption keys’ lifecycle and their associated policies from a single point along with keys from a broad ecosystem of vendors also present in their organization – from databases to applications to stored data residing in the cloud. Available as a hardware or as a virtual appliance, CipherTrust Manager is adapted to a wide range of environments to support both traditional on-premises deployments and new Cloud architecture. And, with CipherTrust Manager’s comprehensive logging and reporting functionality, administrators readily have the information they need to demonstrate control of their data and their corresponding regulatory compliance.