IBM Adds Data Security Broker to Encrypt Data in Multiclouds

The data security broker from Baffle brings field- and file-level encryption of sensitive data to new IBM Cloud Security Compliance Center.

Encrypting personally identifiable information (PII) in distributed multicloud environments is a complex endeavor, with enterprise security teams navigating various risk and compliance requirements. IBM says its new IBM Cloud Security Compliance Center Data Security Broker can reduce those complexities and protect PII at the database field- and file-levels.
The upgraded IBM Cloud Security Compliance Center provides format-preserving encryption (FPE) to protect PII from anyone — including threat actors, cloud providers, and privileged insiders. IBM licensed the data security broker technology used in Cloud Security Compliance Center from Baffle. The database encryption company describes its data security broker as cloud-native software that supports AES-256 encryption, FPE, tokenization, masking, de-identification, and role-based access control.
Baffles software provides file and database field security without requiring changes to an applications code, one of the leading barriers to migrating from on-premises data stores to multicloud.
Every app, every service, every team needs to make those changes, and it is not scalable, says Nataraj Nagaratnam, an IBM Fellow and CTO of IBM Cloud Security. With this mechanism, they dont need to make those code changes. We understand how to connect to the database based on this policy. We will encrypt or decrypt and tokenize as it goes to the database and comes back.
The IBM Cloud Security and Compliance Center is embedded in the IBM Cloud management platform.
According to a recent
Harris Poll
commissioned by IBM, 77% of IT and business leaders are implementing hybrid cloud technology to enable their digital transformation initiatives. However, 53% believe an increase in regulations adds to their compliance challenges, while nearly one-third reported that the increased regulations have posed a considerable barrier in their efforts to migrate their workloads to hybrid environments.
Organizations seeking to implement advanced data encryption in transit, a necessity for distributed cloud environments, have alternatives, though Baffle founder and CEO Ameesh Divatia says they all require application development resources or infrastructure changes. Among them are key management systems and hardware security modules from providers including Thales, Entrust, and HashiCorp.
Another alternative is Intels
Software Guard Extensions (SGX)
, which adds
confidential computing to servers
that run its
Xeon Scalable Processors
.
That requires a pretty big overhaul of the infrastructure, where they have to replace the existing processors with the latest Intel processors and enable these enclaves so that the data inside that processor memory is not visible, Divatia says. Ours is a pure software solution. We dont need any hardware assistance. It is completely portable. And thats what makes it compelling.
Building on the existing key management capability of IBM Cloud Security and Compliance Center, Baffles data security broker gives customers more control of how sensitive data is encrypted, including who has access to keys.
Customers can have not only complete control of the keys, which we have been doing for a while, but now they have complete control of the specific sensitive data, and they can be confident in how they manage it, Nagaratnam says.
Baffles tool invokes IBMs Bring Your Own Key (BYOK) and Keep Your Own Key (KYOK)
capabilities
. Divatia believes IBM is currently the only cloud service provider that can cryptographically guarantee that its administrators cant see their clients data when using its Data Security Broker.
The keys are controlled by the customer, and the data itself is in their virtual private cloud, Divatia explains. The database itself is hosted by IBM, but the contents of the database are encrypted at all times, including when they are being processed.
Baffle is built to enable modern user-defined functions (UDF) supported in open source databases, such as PostgreSQL and MySQL, as well as cloud data services Snowflake and
Amazon Redshift
. The current implementation of the data security broker from Baffle provided to IBM runs in a PostgreSQL server.
We will continue to expand the database and object store support moving forward, Nagaratnam says.
Frank Dickson, IDCs group VP for security and trust, says hes unaware of any comparable offering that currently addresses the expanding slate of risk and compliance requirements.
The complexity of evolving data privacy, sovereignty, and compliance standards for organizations is punishing, Dickson says.
Because every country has different legal frameworks, multinational enterprises can quickly and unwittingly fall out of compliance with new regulatory standards, especially as they migrate sensitive data among hundreds of software-as-a-service (SaaS) applications, as well as various platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS), and on-premises environments, according to Dickson.
The expansion of the IBM Cloud Security and Compliance Center looks to provide multinationals with tools to address the problem, he says.
Given the cloud migration imperative, Baffles Divatia emphasizes the implications of encrypting field-level data when moving from on-premises databases to these distributed multicloud environments. Organizations have historically relied on transparent data encryption (TDE) for on-premises databases. But that only protects data at the infrastructure layer. According to Divatia, TDE doesnt protect data once its extracted from the infrastructure.
Anytime a database is not encrypted at the application layer, you have this vulnerability, he says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
IBM Adds Data Security Broker to Encrypt Data in Multiclouds