Baffle seeks to provide easy data protection for apps, analytics and AI
Customers in every industry worldwide right now are migrating data to the cloud. But it’s no secret that there are some challenges involved in that process, with various companies proposing solutions to solve them.
What are the problems that need particular focus? To understand the challenges, it’s important to first talk about all of the personas involved, according to Ameesh Divatia (pictured), co-founder and chief executive officer of Baffle Inc.
“When it comes to data, the data scientists and the data analysts are the ones that are initiating these requests,” Divatia said. “What they have to do is to make sure that they can get security to sign off on a project before they actually move the data around. Then the last piece of it is the operations aspect of it … what has made this even more complicated now is that not all three of these entities are even the same organization because of the fact that you are moving data to the cloud.”
Divatia spoke with theCUBE industry analyst Lisa Martin at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how to manage the personas involved and dove into why data protection is becoming even more important now with cloud and generative artificial intelligence in the picture. (* Disclosure below.)
The challenges at hand
For data scientists juggling the personas involved, they must first start the process by identifying sensitive data, according to Divatia. That means they must get security to approve and then move that data to a different infrastructure, typically the cloud, where it can be analyzed.
“Therein lies the challenge. Sensitive data, if it’s exposed in the cloud, can create significant liabilities thanks to privacy regulations that fine them if they lose their data,” Divatia said.
Historically, data-centric protection has been challenging to implement. That’s because of the fact that an organization is changing the actual workflow and changing the way the data looks when it is transformed, according to Divatia.
“Existing applications will not be able to process the data if it is in encrypted form. There are different approaches to solving these problems. One of them is known as format-preserving encryption, or tokenization, where the transformed data looks like the original data,” he said. “Those are some of the controls that have to be put in place, so when you transform the data, you want to make sure that existing applications continue to work.”
From there, when one computes the query they are creating from a business perspective versus a logic perspective, one wants to restore the result to its original form, according to Divatia. Those are some of the challenges that do happen, which is where these controls have been difficult to adopt.
“Everybody understands this is the last stand, right? They say if you can protect the data at the record level, you don’t have to worry about anything. But it’s been historically very difficult to implement,” Divatia said.
On data sprawl
Though data is the lifeblood of every organization, data sprawl is a real thing. When it comes to helping customers whose data is so spread out, Baffle offers solutions in a couple of different ways.
“We make sure that we work very closely with data discovery vendors who can find data that is sensitive. So we have ways of integrating with these vendors so that the data itself is very clearly understood to be sensitive,” Divatia said. “We can protect the data as soon as it’s created, number one.”
Secondly, the company protects it in such a way that the existing application workflows are not impacted. The company likes to say that it is merely a “bump in the wire,” Divatia noted.
“We are a network proxy that sits between at the place where the data is originated and where it’s being migrated to,” he said. “The migration tool is thinking that it’s writing to the cloud database, but it’s actually going through our transformation engine to make sure that no sensitive data ever leaves the firewall.”
Storage-level compliance also isn’t enough for most organizations to meet compliance regulations, according to Divatia. It’s important to remember what storage-level compliance does and why it was invented.
There used to be a time when data centers were not secure, when everyone had their own data center and a disc itself would get stolen or misplaced, Divatia noted. That was a massive problem because sensitive data might be lost, which prompted the industry to come up with a way to protect the media itself.
“The database vendors built on it by creating what is known as transparent data encryption. But the definition of transparent data encryption is that as soon as the data is accessed, it is decrypted and delivered to the database in the clear,” he said. “Every day, we come across these hacks, where hackers are getting into enterprise environments and compromising credentials of the administrators of those databases. What we are doing is protecting exactly against that threat.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity” AWS Startup Showcase event:
(* Disclosure: Baffle Inc. sponsored this segment of theCUBE. Neither Baffle nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU