Baffle, Inc. announced that Saxo Bank is deploying Baffle Data Protection Services to protect sensitive customer data, ensure compliance with stringent regulations, and support the bank’s migration to a highly scalable cloud and microservices architecture.
Saxo Bank will also be integrating Baffle into its customer-facing products.
With the threat of breaches and the potential for significant non-compliance fines, Saxo Bank must ensure the high volume of data under management is available on demand to its internal and external stakeholders, and secure.
As a first step, Paul Makkar, Saxo’s director of data, and his team adopted an ‘event-driven’ operations approach powered by Confluent Kafka on Microsoft Azure and AWS cloud platforms. Along with that, Makkar needed to implement a new data mesh architecture. Data encryption was tedious and difficult to manage in the past, especially considering that the bank has many different legal entities worldwide, each with unique privacy requirements.
A Data Mesh is Born
In selecting the Baffle Data Protection Services platform, Saxo Bank now runs a data-centric security platform that includes the following:
• Protection for each of its 25 data domains, using a centralized and standardized encryption service.
• A record-level data mesh to securely publish and consume data via Kafka data streams.
• Format-preserving encryption (FPE) capabilities to avoid breaking any applications that were unauthorized consumers of the Kafka data streams.
• Multiple data encryption keys to create the appropriate segregation and fine-grained authorization.
“With Baffle, we could successfully collaborate and influence the short-term and long-term roadmap,” said Makkar. “Baffle enabled us to securely transform to a modern event-driven cloud data mesh. For the first time, we could use multiple encryption keys seamlessly and provide our internal applications a simplified, centralized way to de-identify sensitive data.”
“Saxo Bank sets the bar for adopting a more proactive approach to data-centric security. As the bank continues to modernize its architecture, it is not only protecting data at rest but also as it moves in the cloud and is shared across the entire analytics pipeline,” said Ameesh Divatia, co-founder and CEO of Baffle. “Privacy by design emerged as a key tenet of this new architecture, ensuring security and privacy is baked in from the start. Paul and his team illustrate how organizations should be considering their internal security posture and ways in which they can help their own end users differentiate with their customer base.”