CYBERTEC PostgreSQL Logo

PostgreSQL Security

SUPERIOR SECURITY FOR YOUR POSTGRESQL DATABASE

Enterprise Security includes all the techniques and strategies used to secure central database deployments against unauthorized access, and against risks that may infringe the confidentiality, integrity or availability of these systems. Enterprise database security therefore extends to all aspects of modern data processing, and paves the way for a more secure future. It relies on fundamental pillars to ensure maximum security and scalability at every level of data processing. We at CYBERTEC help clients to integrate these tools to ensure maximum efficiency and superior security using PostgreSQL.

Security Overview  - PostgreSQL Security

Full data encryption: TDE

Encryption is one of the key cornerstones of every security strategy. That is why both PostgreSQL TDE as well as CYBERTEC PostgreSQL Enterprise Edition (PGEE), support “transparent data encryption” which allows you to store data on the disk encrypted. You can keep deep data safe on the disk, encrypt your database files on the disk and enjoy the benefits of fully encrypted storage.

Full Data Encryption  - PostgreSQL Security

If you want to encrypt single columns, PostgreSQL TDE and PGEE provide support for pgcrypto, which is an easy-to-use mechanism to directly call encryption functions on the database level.

ENCRYPTION & REPLICATION

PostgreSQL TDE not only encrypts data on disk, it also ensures that replication is encrypted in the most secure way possible. The data transfer between primary and secondary as well as the transaction log are encrypted at all times, ensuring maximum security for your replication setups and for your PostgreSQL high availability clusters.

Encryption Replication - PostgreSQL Security

Client / server encryption

In any secure network setup, both the client and server should support reliable encryption. The same is true for a PostgreSQL database made ready for enterprise use. Using modern SSL encryption, PostgreSQL is fit to serve critical applications around the world.

PostgreSQL provides various levels of SSL encryption which can be summed up as follows:

Protect againstCompatible with server set toPerformance
Client ModeEavesdropMITMSSL requiredSSL disabledoverhead
disablenonoFAILworksno
allownonoworksworksif necessary
prefernonoworksworksif possible
requireyesnoworksFAILyes
verify-cayesyesworksFAILyes
verify-fullyesyesworksFAILyes

If you want to learn more about client server encryption using SSL to make your database enterprise ready, check out our blogpost on SSL authentication for PostgreSQL.

Single sign-on and user management

PostgreSQL SSO (= single sign-on) is the key if you are aiming for enterprise grade security and professional data protection. Connect PostgreSQL directly to your favorite Identity Provider (IAM) and ensure centralized user management across your entire organization. We at CYBERTEC help clients to integrate those tools to ensure maximum efficiency and superior security.

PostgreSQL allows you to connect to all commonly used enterprise authentication tools including but not limited to:

  • ActiveDirectory (AD)
  • LDAP
  • Radius
  • Kerberos

Synchronize LDAP with PostgreSQL to get the most out of single sign-on:

LDAP Synchronize - PostgreSQL Security

Data masking and obfuscation

Data masking is a procedure to obscure the meaning of data and to substitute the content of a database, in order to be able to safely pass on data to a third party. There is no longer a need to use production data for testing purposes. Rely on obfuscated data to protect your most valuable asset: your data.

CYBERTEC provides a powerful tool to protect your data and to ensure maximum safety: Data Masking. Simply extract obfuscated data using our obfuscation server and pass it safely to your development team without putting important data at risk.

Stored procedure encryption

PostgreSQL stores the code of a PL/pgSQL function on the server in plain text (pg_proc). In many cases it is not acceptable to expose your business logic and your intellectual property to curious eyes.

PL/pgSQL_sec is a module allowing you to encrypt your procedures on the server and hide it from potential attackers. Keep your intellectual property safe and make sure that code is only accessible to those who are really supposed to see it.

Fully Encrypt Source Code - PL/pgSQL_sec

PGEE uses PL/pgSQL_sec by default and therefore adds additional security for your enterprise.

Advanced security policies

Enterprise grade security cannot be achieved using a single technique. An entire workflow is needed to constantly make your databases more secure and to maintain this level of database security. The PostgreSQL ecosystem has all the tooling to achieve this goal.

We at CYBERTEC provide expertise to clients to secure their databases in the most professional way possible.

Advanced Security Policies - PostgreSQL Security

Contact us today to receive your personal offer from CYBERTEC. We offer timely delivery, professional handling, and over 20 years of PostgreSQL experience.

CYBERTEC Logo white
CYBERTEC PostgreSQL International GmbH
Römerstraße 19
2752 Wöllersdorf
Austria

+43 (0) 2622 93022-0
office@cybertec.at

Get the newest PostgreSQL Info & Tools


    This site is protected by reCAPTCHA and the Google Privacy Policy & Terms of Service apply.

    ©
    2024
    CYBERTEC PostgreSQL International GmbH
    phone-handsetmagnifiercrosscross-circle
    linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram