From the C-suite executives down the corporate ladder, cybersecurity and the general enterprise threat surface are top-of-mind concerns. A secure, gapless infrastructure to house the data is usually the popular route that companies take.

But, what if acting on the data itself is the missing puzzle piece? That’s where Baffle Inc. comes in with its data security approach. That approach secures data during cloud migration and allows the seamless use of data analytics tools and transformative technologies, such as generative artificial intelligence, according to Ameesh Divatia (pictured), co-founder and chief executive officer of Baffle.

“Baffle is what we call the next big thing in security, because we focus on the data itself,” Divatia said. “Security has had a lot of different approaches in terms of how data is protected and how compliance is achieved. We believe the next thing that’s going to happen is that the data is going to be protected at the record level, which ensures that in spite of all kinds of bad things that can happen … the data itself is still protected because of the fact that it is either encrypted or tokenized, so it’s not in its original form.”

Divatia spoke with theCUBE industry analyst Lisa Martin, during a CUBE Conversation ahead of the “Cybersecurity” AWS Startup Showcase event on September 14, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the gaps that Baffle sees in the data protection market and how it’s set out to plug them. (* Disclosure below.)

Securing data in use

In the world of cybersecurity, the threats are as diverse as they are insidious. Thus, what sets Baffle apart is its focus on the core element of security: the data itself, according to Divatia. While conventional security approaches have tackled data protection from various angles, the company safeguards data at the record level. Even when data is stolen during a breach, it remains impenetrable due to encryption or tokenization.

Historical data protection strategies primarily focused on securing data at rest, a necessity when data centers were vulnerable. However, with the advent of secure, centrally-hosted cloud data centers, the threat landscape shifted. Baffle recognized this shift and saw a gap in the protection boundary: No database vendor offered the means to secure data in use or in memory, Divatia explained.

“The cloud is where the data center is, so you don’t have the same kind of threats,” he said. “You need a different type of control because of the fact that the hackers do not go and look for discs that are being discarded. The Baffle solution is all software can be hosted in any cloud and can even be on-premise.”

The company’s approach also overcomes the pitfalls of traditional encryption methods, which can be cumbersome, requiring intricate key management and data transformation, and leading to operational friction, Divatia added.

Gapless cloud data migration plus that analytics sprinkle

As companies increasingly migrate their data and applications to the cloud, new challenges emerge. Traditional migration methods often involve extracting data from on-premises environments and transferring it to the cloud in an unprotected state before cloud-based data protection measures take effect.

Baffle recognized this vulnerability and integrated seamlessly with data migration services such as AWS Database Migration Service. By acting as an encryption “bump in the wire,” Baffle ensures that data is encrypted in transit to the cloud, eliminating any exposure to risk outside the enterprise firewall, according to Divatia.

“Traditionally, what customers do is they go in there and talk to the cloud vendor and ask them to migrate their data to the cloud,” he said. “Most of these cloud solutions actually are hosted in the cloud — so the data is extracted from on-premise requirements.”

Essentially, this automatic, end-to-end encryption process ensures data remains protected from the moment it leaves the source until it lands safely in the cloud.

Cloud-based analytics tools are becoming increasingly essential for organizations seeking to harness the power of their data. Baffle not only protects data during migration but also facilitates secure data analysis in the cloud, according to Divatia.

“The reason the data is moving to the cloud is because of sophisticated analytics tools that are available in the cloud,” he noted. “Gen AI capabilities are just the latest, but traditionally all new analytics tools are always available much more easily in the cloud. And that’s what is driving customers to move the data there.”

Baffle’s solution offers three transformation options: encryption, tokenization (format-preserving encryption) and masking. The choice of transformation depends on the downstream use case, ensuring that data can be analyzed and manipulated while preserving its security.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s pre-event coverage of the “Cybersecurity” AWS Startup Showcase event:

(* Disclosure: Baffle Inc. sponsored this segment of theCUBE. Neither Baffle nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE