Inside Databolt’s deployment model

As enterprises grapple with managing massive amounts of data, and rising expectations around data privacy and data security, the challenge isn’t just securing sensitive data, but doing so without slowing down innovation. Too often, security and agility seem like opposing forces. 

Capital One understands this balance well. Despite a complex regulatory landscape, Capital One has continued to innovate, becoming the first U.S. bank to go all in on the cloud and pioneering advancements in data management, analytics, and AI. With deep experience in managing complex data environments and stringent security demands, it’s no surprise that Capital One’s latest innovation is a product focused on protecting sensitive data.

Capital One Databolt is a vaultless tokenization solution that delivers the best of both security and performance. Databolt uses a deployment model that combines the convenience of web-based configuration and monitoring capabilities with the performance and control of running directly in a customer's own cloud environment.

So why did Capital One Software choose this deployment model for Databolt? 

To answer that question, we’ll explore the typical deployment models used for delivering data tokenization solutions, how they work, the pros and cons of each, and then take a deeper dive into Databolt and why it makes sense to leverage this deployment model.

As we explore the common models used for tokenization solutions, we will focus on the pros, cons, and typical usage for each, with a viewpoint from a customer's perspective.

The Software as a Service (SaaS) deployment model refers to software that is fully hosted and managed by a software vendor. Customers can access the software via a web browser, smartphone app, or API. In this model, the vendor has full control over the user experience, API contracts, and the underlying infrastructure to support the product.

Tokenization solutions that leverage the SaaS model, are typically vaulted and API based. In these solutions, the vendor hosts a web interface for customer configuration and observability, while also maintaining a secure vault that maps customer tokens to their original values. 

• Automatic updates: Since the software is hosted by the vendor, customers receive automatic updates to the product without having to leverage internal resources.

• Availability and scalability: Vendors typically have near zero downtime SLAs, as well as the ability to scale their infrastructure to meet the needs of their customers.

• Time to value: Customers can access and onboard with the product quickly.

• Observability: With a web interface, customers are able to manage configurations, view insights into how the product is being used and how it is bringing them value.

• Support: Observability and insights into their customers’ integrations allow vendors to offer faster support when troubleshooting issues, as well as offer recommendations to customers on how to best use their product.

• Loss of data sovereignty: While vendors may encrypt their customers sensitive data, customers have to rely on their vendor's data security posture, as well as accept the fact that their data may be siloed or even locked in the vendors data stores.

• Less flexible: Customers have limited customization options, with no say in where the application is run or how it's managed. If customers want something tailored to their needs, the vendor can charge a premium for supporting these requests and customers must work closely with the vendor’s engineering team to ensure the customization is done correctly.

• Bottlenecks and latency: If a vendor's solution involves an API interface to perform tokenization, calls to vendors can introduce bottlenecks or latency due to the reliance on internet connectivity.

You will typically see the SaaS model used by organizations where rapid deployment, scalability, agility, and cost-efficiency are most important. 

The On-premises (On-prem) deployment model refers to software that is installed and operated within the customer’s own environment. In this model, the software provider delivers an installable integration package and a license key (when applicable) to the customer. The customer is then responsible for installing, deploying, and managing the software on their own infrastructure. 

Tokenization solutions that use the On-prem model must be installed in environments that the customer either hosts and manages within their own data centers or within their managed cloud environments. Since Databolt is built to run in cloud environments, we will focus primarily on the managed cloud use case.

• Full control: The customer is not dependent on the vendor's system availability, and has control over what, how and to whom data is shared.

• Performance: Customers can leverage their own cloud infrastructure to support and optimize performance for resource-intensive use cases.

• Customization: Since the software is hosted by the customer, they have the freedom to configure their platform, tweak system settings, or modify business logic to customize their integration to meet their specific business needs.

• Support: It can be difficult and time consuming for software vendors to pin point customer problems when things go wrong due to lack of access to infrastructure or customer instances of the product.

• Self-managed deployments & updates: Customers typically do not want to dedicate time and resources to deploy software or manage updates, which also tends to delay the speed in which these updates occur. 

• Cost: Customers bear infrastructure and operational cost of running and maintaining the software.

You will typically see On-prem models used by organizations where performance, data control, data security, and/or regulatory oversight is paramount. Industries that meet this criteria can include financial institutions, government agencies, healthcare providers, and legal firms to name a few.

The hybrid deployment model aims to leverage certain elements of both the SaaS and On-prem model, and is delivered in two main components:

Control plane: This includes a web interface hosted by the vendor for configuration and user management, and access policies. The web interface is also used for viewing key insights such as  health checks, analytics and reporting. The control plane also typically includes an API interface to securely transmit instructions to the data plane as well as capture metadata related to the operations performed. Think of this as the SaaS part of the hybrid model.

Data Plane: This is where the processing and data storage happens, deployed and managed in the customer’s own infrastructure. The data plane uses the customer defined business logic from the control plane to delegate actions that need to happen on the data plane. Think of this as the On-prem part of the hybrid model.

• Data sovereignty: The customer's data stays within the customer's environment, which allows them to control what data is shared, who it is shared with, and how it is shared. 

• Performance: With the core processing occurring in the customer's environment, they can leverage the power and scalability of their own cloud infrastructure to support and optimize performance for resource-intensive use cases.

• Observability: With a web interface, customers are able to manage configurations, view insights into how the product is being used and how it is bringing them value.

• Customization: Since the software is hosted by the customer, they have the freedom to configure their platform, tweak system settings, or modify business logic to customize their integration to meet their specific business needs.

• Self-managed deployments: Since the Data Plane is hosted by the customer, the customer needs to deploy the software within their environment. 

You will typically see hybrid models used by organizations that want to balance ease of use with an emphasis on performance and data ownership.

Now that we’ve explored the different deployment models, let’s take a closer look at why Databolt embraced the hybrid model. At the core of the decision to use the hybrid model, was the goal of delivering the most secure, flexible, and highly performant tokenization solution possible for our customers. We didn’t just consider industry trends, but also looked inward at what we value in our own platform and how it can empower customers to better protect the data in theirs. 

High performance, no bottlenecks: Performance is critical for customers when protecting data without disrupting business operations. With the hybrid model, Databolt’s tokenization service runs as close to the data as possible, within the customer's environment, ensuring peak performance and minimal latency. This is also beneficial when it comes to processing large volumes of data using as little or as much computing power necessary to process the datasets. By contrast, the pure SaaS approach introduces potential latency from API calls over the internet. 

Data sovereignty: The hybrid model allows Databolt customers to have full control of their own data as it never leaves their environment. This can reduce potential data leakage, prevent data silos, and help create strong data governance.  With the pure SaaS approach, customers are handing off sensitive data to vendors.

Flexible deployments, customizable solution: The hybrid model allows Databolt customers the flexibility they need to deploy the solution throughout their organization and even customize how it’s used to solve their specific use cases or business needs. 

Web Interface For Configuration & Observability: While the purely On-prem approach would check many of the boxes above, this is where the hybrid approach truly stands out. With a web interface, Databolt enables customers to easily manage their configurations and gain insights into usage and value. This accelerates customer onboarding and decreases their time to value.

By leveraging the best of both worlds of on-premise control, flexibility, and performance with the convenience and observability of SaaS, the hybrid model helps keep the customer at the forefront of the solution