Saxo Bank enhances security with Baffle’s Data Protection Services
Saxo Bank has deployed Baffle’s Data Protection Services to protect sensitive customer data, ensure compliance with stringent regulations, and support the bank’s migration to a highly scalable cloud and microservices architecture. The bank and trading platform provider will also be integrating Baffle into its customer-facing products.
Baffle provides data protection in the cloud via a “no code” and “low code” data-centric security approach. The firm allows companies to control who can see what data with this security layer, with no performance impact on the user experience
The Denmark-headquartered financial services and fintech provider has tapped Baffle to ensure the high volume of data under management is available on demand to its internal and external stakeholders. The final goal is to reduce the risk of breaches and non-compliance fines.
Saxo Bank adopted event-driven’ operations approach
Paul Makkar, Director of Data at Saxo Bank, commented: “With Baffle, we could successfully collaborate and influence the short-term and long-term roadmap. Baffle enabled us to securely transform to a modern event-driven cloud data mesh. For the first time, we could use multiple encryption keys seamlessly and provide our internal applications a simplified, centralized way to de-identify sensitive data.”
The team led by Saxo’s Paul Makkar has adopted an ‘event-driven’ operations approach powered by Confluent Kafka on Microsoft Azure and AWS cloud platforms.
Baffle facilitates the implementation of a new data mesh architecture. Data encryption was tedious and difficult to manage in the past, especially considering that the bank has many different legal entities worldwide, each with unique privacy requirements.
Saxo Bank now runs a data-centric security platform that includes the following:
- Protection for each of its 25 data domains, using a centralized and standardized encryption service.
- A record-level data mesh to securely publish and consume data via Kafka data streams.
- Format-preserving encryption (FPE) capabilities to avoid breaking any applications that were unauthorized consumers of the Kafka data streams.
- Multiple data encryption keys to create the appropriate segregation and fine-grained authorization.
Ameesh Divatia, co-founder and CEO of Baffle, said: “Saxo Bank sets the bar for adopting a more proactive approach to data-centric security. As the bank continues to modernize its architecture, it is not only protecting data at rest but also as it moves in the cloud and is shared across the entire analytics pipeline. Privacy by design emerged as a key tenet of this new architecture, ensuring security and privacy is baked in from the start. Paul and his team illustrate how organizations should be considering their internal security posture and ways in which they can help their own end users differentiate with their customer base.”
