Ameesh Divatia appears on theCUBE at AWS re:Inforce to talk about proxy architecture and the future of data… – Security Boulevard

Baffle CEO Ameesh Divatia talks with John Furrier of theCUBE at the AWS re:Inforce 2022 Security Conference for Amazon Web Services. Since compliance is driving data owners to adopt data-centric protection measures, security should be incorporated into data pipelines.

John Furrier:

Welcome back everyone in live coverage here, theCUBE, Boston, Massachusetts for AWS reInforce 2022 Security Conference for Amazon Web Services. Im John Furrier, host with a great guest Ameesh Divatia, co-founder and CEO of Baffle. You guys are hot right now, but youre in an area thats going to explode, we believe. The super cloud is here. Weve been covering that on theCUBE, that people are building on top of the Amazon hyperscalers and without the CAPEX theyre building platforms. The application tsunami has come and still coming, its not stopping. Modern applications are faster, theyre better and theyre driving a lot of change under the covers. And youre seeing structural change happening in real time and in ops, and the network. You guys got something going on in the encryption area, data. Talk about what you guys do.

Ameesh Divatia:

We believe very strongly that the next frontier in security is data. Weve had multiple waves in security. The next one is data because data is really where the threats will persist. If the data shows up in the wrong place, you get into a lot of trouble with compliance. So, we believe in protecting the data all the way down at the field or record level.

John Furrier:

And you guys doing all kinds of encryption or other things?

Ameesh Divatia:

Yes. we do data transformation, which encompasses three different things. It can be tokenization, which is format preserving. We do real encryption with counter mode, or we can do masked views. So tokenization, encryption and masking all with the same platform.

John Furrier:

So, pretty wide ranging capabilities with respect to having that kind of safety?

Ameesh Divatia:

Yes. Because it all depends on how the data is used down the road. Data is created all the time. Data flows through pipelines all the time. You want to make sure that you protect the data, but dont lose the utility of the data. Thats why we provide all that flexibility.

John Furrier:

So, Kurt was on stage today on one of the keynotes. Hes the VP of the platform at AWS, he was talking about encrypt everything. He said we need to rethink it encryption. Good job, we like that. But then he said, we have encryption at rest.

John Furrier:

Thats kind of been there, done that.

Ameesh Divatia:

Yes-

John Furrier:

And in flight.

Ameesh Divatia:

Yeah, thats been there.

John Furrier:

But what about in use?

Ameesh Divatia:

So, thats exactly what we plug. What happens right now is that data at rest is protected because of disks that are already self encrypting, or you have transparent data encryption that comes native with the database. You have data in flight that is protected because of SSL, but when the data is actually being processed, its in the memory of the database or data store, it is exposed. So, the threat is if the credentials of the database are compromised as happened back then with Starwood, or if the cloud infrastructure is compromised with some sort of an insider threat like a CapitalOne, that data is exposed. Thats precisely what we solve by making sure that the data is protected as soon as its created. We use standard encryption algorithms, AES, and we either do format preserving or through encryption with counter mode and that data it doesnt really matter where it ends up because its always protected.

John Furrier:

Well, thats awesome. And I think this brings up the point that we want been covering on SiliconANGLE in theCUBE, is that theres been structural change thats happened called cloud computing and then hybrid. Scale, role of data, higher level abstraction of services, developers are in charge, value creation, startups and big companies. That success is causing now a new structural change happening now. This is one of them. What areas do you see that are happening right now that are structurally changing thats right in front of us? One is more cloud native so the success has become now the problem to solve, to get to the next level. So what are some of those?

Ameesh Divatia:

What we see is that instead of security being an afterthought something that you use as a watchdog you create ways of monitoring where data is being exposed or data is being exfiltrated, you want to build security into the data pipeline itself. As soon as data is created, you identify what is sensitive data and you encrypt it or tokenize it as it flows into the pipeline using things like Kafka plugins or what we are very clearly differentiating ourselves with is proxy architectures so that its completely transparent. You think youre writing to the data store, but youre actually writing to the proxy, which, in turn, encrypts the data before its stored.

John Furrier:

Do you think thats an efficient way to do it or is the only way to do it?

Ameesh Divatia:

It is a much more efficient way of doing it because of the fact that you dont need any app dev resources. There are many other ways of doing it, in fact, the cloud vendors provide development kits where you can just go do it yourself. So, that is actually something that we completely avoid and what makes it really interesting is that once the data is encrypted in the data store or database, we can do what is known as Privacy Enhanced Computation. So, we can actually process that data without decrypting it.

John Furrier:

And so proxies then with cloud computing can be very fast, not a bottleneck.

Ameesh Divatia:

In fact, the cloud makes it so. Things in static infrastructure. In the cloud, theres infinite amount of processing available and theres containerization.

John Furrier:

And you have good network?

Ameesh Divatia:

You have very good network, you have load balancers, you have ways of creating redundancy. So, the cloud is actually enabling solutions like this.

John Furrier:

In the old way proxies were seen as an architectural fail, in the old antiquated static web.

Ameesh Divatia:

And this is where startups dont have the baggage. We looked at the problem and said, of course, were going to use a proxy because this is the best way to do this in an efficient way.

John Furrier:

Well, you bring up something thats happening right now that I hear a lot of CSOs and CIOs and executives, say CXOs, say all the time, our stuff has gotten complicated. So, now I have tools sprawl, I have skill gaps and on the rise, all these new managed services coming at me from the vendors who have never experienced my problem. And their reaction is they dont get my problem and they dont have the right solutions, its more complexity. They solve the complexity by adding more complexity.

Ameesh Divatia:

Yes. I think again, the proxy approach is a very simple.

John Furrier:

That youre solving that with that approach.

Ameesh Divatia:

Exactly, very simple. And again, we dont get in the way. Thats really the biggest differentiator. The forcing function really here is compliance because compliance is forcing these CSOs to actually adopt these solutions.

John Furrier:

So, show about the on premise versus the cloud workload dynamic right now. Hybrid is a steady state right now. Multi-cloud is a consequence of having multiple vendors, not true multi-cloud but like, they have Azure I get that, but hybrid really is the steady state cloud operations. How are the workloads and the analytics, the data being managed on-prem and in the cloud? Whats the relationship? Whats the trend? What are you seeing happening there?

Ameesh Divatia:

I think the biggest trend we see is pipelining. The new ETL is streaming. You have these Kafka and Kinesis capabilities that are coming into the picture where data is being ingested all the time. It is not a one time migration, its a stream. So, plugging into that stream is very important from an ingestion perspective.

John Furrier:

So, its not just a watchdog?

Ameesh Divatia:

No, its built in.

John Furrier:

Its built in, its real time thats where streaming its another diverse access to data. You got data lakes, you have pipeline, you got streaming you mentioned that. So, talk about the old school OLTP, the old BI world. I think Power BI is a $30 billion product and you got Tableau built on, OLTP building cubes, arent we just building cubes in a new way or is there any relevance to the old school?

Ameesh Divatia:

I think there is some relevance and in fact thats again, another place where the proxy architecture really helps because it doesnt matter when your application was built. You can use Tableau which nobody has any control over and still process encrypted data and so can with Power BI. Any SQL application can be used and thats actually exactly what we like to promote.

John Furrier:

See the original post here:
Ameesh Divatia appears on theCUBE at AWS re:Inforce to talk about proxy architecture and the future of data... - Security Boulevard