SUPERIOR SECURITY FOR YOUR POSTGRESQL DATABASE

Enterprise Security includes all the techniques and strategies used to secure central database deployments against unauthorized access, and against risks that may infringe the confidentiality, integrity or availability of these systems. Enterprise database security therefore extends to all aspects of modern data processing, and paves the way for a more secure future. It relies on fundamental pillars to ensure maximum security and scalability at every level of data processing. We at CYBERTEC help clients to integrate these tools to ensure maximum efficiency and superior security using PostgreSQL.

postgresql security

Full data encryption: TDE

Encryption is one of the key cornerstones of every security strategy. That is why both PostgreSQL TDE as well as CYBERTEC PostgreSQL Enterprise Edition (PGEE), support “transparent data encryption” which allows you to store data on the disk encrypted. You can keep deep data safe on the disk, encrypt your database files on the disk and enjoy the benefits of fully encrypted storage.

PostgreSQL Transparent Data Encryption and pgcrypto

 

If you want to encrypt single columns, PostgreSQL TDE and PGEE provide support for pgcrypto, which is an easy-to-use mechanism to directly call encryption functions on the database level.

LEARN MORE ABOUT TDE  >>

 

ENCRYPTION & REPLICATION

PostgreSQL TDE not only encrypts data on disk, it also ensures that replication is encrypted in the most secure way possible. The data transfer between primary and secondary as well as the transaction log are encrypted at all times, ensuring maximum security for your replication setups and for your PostgreSQL high availability clusters.

Client / server encryption

In any secure network setup, both the client and server should support reliable encryption. The same is true for a PostgreSQL database made ready for enterprise use. Using modern SSL encryption, PostgreSQL is fit to serve critical applications around the world.

PostgreSQL provides various levels of SSL encryption which can be summed up as follows:

Protect againstCompatible with server set toPerformance
Client ModeEavesdropMITMSSL requiredSSL disabledoverhead
disablenonoFAILworksno
allownonoworksworksif necessary
prefernonoworksworksif possible
requireyesnoworksFAILyes
verify-cayesyesworksFAILyes
verify-fullyesyesworksFAILyes

 

If you want to learn more about client server encryption using SSL to make your database enterprise ready, check out our blogpost on SSL authentication for PostgreSQL >>

Single sign-on and user management

PostgreSQL SSO (= single sign-on) is the key if you are aiming for enterprise grade security and professional data protection. Connect PostgreSQL directly to your favorite Identity Provider (IAM) and ensure centralized user management across your entire organization. We at CYBERTEC help clients to integrate those tools to ensure maximum efficiency and superior security.

single sign on tools: LDAP, Radius, PAM, ActiveDirectory

 

PostgreSQL allows you to connect to all commonly used enterprise authentication tools including but not limited to:

  • ActiveDirectory (AD)
  • LDAP
  • Radius
  • Kerberos

Synchronize LDAP with PostgreSQL to get the most out of single sign-on:

LDAP

Data masking and obfuscation

Data masking is a procedure to obscure the meaning of data and to substitute the content of a database, in order to be able to safely pass on data to a third party. There is no longer a need to use production data for testing purposes. Rely on obfuscated data to protect your most valuable asset: your data.

Data Masking: data obfuscation

 

CYBERTEC provides a powerful tool to protect your data and to ensure maximum safety: Data Masking. Simply extract obfuscated data using our obfuscation server and pass it safely to your development team without putting important data at risk.

LEARN MORE ABOUT DATA MASKING >>

Stored procedure encryption

PostgreSQL stores the code of a PL/pgSQL function on the server in plain text (pg_proc). In many cases it is not acceptable to expose your business logic and your intellectual property to curious eyes.

PL/pgSQL_sec is a module allowing you to encrypt your procedures on the server and hide it from potential attackers. Keep your intellectual property safe and make sure that code is only accessible to those who are really supposed to see it.

PL/pgSQL_sec

 

PGEE uses PL/pgSQL_sec by default and therefore adds additional security for your enterprise.

LEARN MORE ABOUT PL/PGSQL_SEC >>

Advanced security policies

Enterprise grade security cannot be achieved using a single technique. An entire workflow is needed to constantly make your databases more secure and to maintain this level of database security. The PostgreSQL ecosystem has all the tooling to achieve this goal.

 

We at CYBERTEC provide expertise to clients to secure their databases in the most professional way possible.

.

enterprise postgresql security workflow

CONTACT US TO GET STARTED

Contact us today to receive your personal offer from CYBERTEC. We offer timely delivery, professional handling, and over 20 years of PostgreSQL experience.

CONTACT US  >>