Baffle Extends Data Protection Service to AWS Lambda Serverless

A new capability from Baffle will enable better protection and encryption for data that is being read or written from a data source by an AWS Lamdba serverless function.

Baffle Lambda

Although serverless compute functions are short-lived, the data sources and information that they connect with are often not, potentially opening up a new avenue of risk for unprotected data.

On Feb. 19, Baffle announced that its data protection platform has now been extended to support the Amazon Web Services (AWS) Lambda serverless compute platform. With serverless, which is also referred to as functions-as-a-service, events trigger functions to execute, without the need for a long-running, persistent server.

"The fact that we have application transparency lends itself really well to this new transformation where you don't even have a traditional app server," Ameesh Divatia, CEO and co-founder of Baffle, told eWEEK. "Because of the fact that serverless just accesses a data repository, we're able to provide a layer of abstraction in that particular environment."

Baffle's Advanced Data Protection Service provides a layer of encryption for application data. The system encrypts data with a component known as Baffle Shield that sits in between the application and data layer. The cloud-based BaffleManager console provides organizations with a dashboard for managing data encryption and key management, as well as providing audit reporting and compliance capabilities. In June 2018, Baffle released an update for its platform that enables organizations to run search and operations on encrypted data without the need to first decrypt the data.

"One of the things that over time has become more apparent is that the architectural flexibility of the Baffle platform allows us to become a pervasive data protection or data control layer for virtually any environment, whether that's on premises or in cloud," Harold Byun, vice president of products and marketing at Baffle, told eWEEK.

AWS Lambda

Byun said that Baffle's new capability enables the platform to intercept ephemeral code that doesn't actually have a physical server presence, which is what AWS Lambda is all about. 

"We basically become the data control plane for data as it's being written and read out of any structure by virtually any function call," Byun said. "Anybody that wants to read or write in or out of the data structure, whether it's in cloud or on premises, will pass through the Baffle Shield component."

AWS Lambda is somewhat different from a traditional application infrastructure as it relies on a code function to execute, rather than a long running server compute instance. Lambda will often connect the function event with a data bus layer. Byun explained that Baffle sits below the API or REST services layer in the application flow. As such, the Baffle platform can intercept triggered calls from AWS Lambda and then encrypt the data at a field level, on the fly as it is read, or written into an AWS Relational Database System (RDS) or other data construct.

According to Divatia, organizations are interested in serverless but are concerned about a lack of control. Divatia said that in many situations, organizations don't even know where the application or its functions are located, which is a challenge for many traditional enterprises that are just getting into the cloud. By extending Baffle to support AWS Lambda, Divatia is looking to help organizations tackle a key challenge for serverless adoption.

"The biggest issue they have is that they're giving up control of their infrastructure and security is by far the biggest barrier," Divatia said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.