Enterprise Security includes all the techniques and strategies used to secure central database deployments against unauthorized access, and against risks that may infringe the confidentiality, integrity or availability of these systems. Enterprise database security therefore extends to all aspects of modern data processing, and paves the way for a more secure future. It relies on fundamental pillars to ensure maximum security and scalability at every level of data processing. We at CYBERTEC help clients to integrate these tools to ensure maximum efficiency and superior security using PostgreSQL.
Encryption is one of the key cornerstones of every security strategy. That is why both PostgreSQL TDE as well as CYBERTEC PostgreSQL Enterprise Edition (PGEE), support “transparent data encryption” which allows you to store data on the disk encrypted. You can keep deep data safe on the disk, encrypt your database files on the disk and enjoy the benefits of fully encrypted storage.
If you want to encrypt single columns, PostgreSQL TDE and PGEE provide support for pgcrypto, which is an easy-to-use mechanism to directly call encryption functions on the database level.
PostgreSQL TDE not only encrypts data on disk, it also ensures that replication is encrypted in the most secure way possible. The data transfer between primary and secondary as well as the transaction log are encrypted at all times, ensuring maximum security for your replication setups and for your PostgreSQL high availability clusters.
In any secure network setup, both the client and server should support reliable encryption. The same is true for a PostgreSQL database made ready for enterprise use. Using modern SSL encryption, PostgreSQL is fit to serve critical applications around the world.
PostgreSQL provides various levels of SSL encryption which can be summed up as follows:
| Protect against | Compatible with server set to | Performance | |||
| Client Mode | Eavesdrop | MITM | SSL required | SSL disabled | overhead |
| disable | no | no | FAIL | works | no |
| allow | no | no | works | works | if necessary |
| prefer | no | no | works | works | if possible |
| require | yes | no | works | FAIL | yes |
| verify-ca | yes | yes | works | FAIL | yes |
| verify-full | yes | yes | works | FAIL | yes |
If you want to learn more about client server encryption using SSL to make your database enterprise ready, check out our blogpost on SSL authentication for PostgreSQL.
PostgreSQL SSO (= single sign-on) is the key if you are aiming for enterprise grade security and professional data protection. Connect PostgreSQL directly to your favorite Identity Provider (IAM) and ensure centralized user management across your entire organization. We at CYBERTEC help clients to integrate those tools to ensure maximum efficiency and superior security.
PostgreSQL allows you to connect to all commonly used enterprise authentication tools including but not limited to:
Synchronize LDAP with PostgreSQL to get the most out of single sign-on:
Data masking is a procedure to obscure the meaning of data and to substitute the content of a database, in order to be able to safely pass on data to a third party. There is no longer a need to use production data for testing purposes. Rely on obfuscated data to protect your most valuable asset: your data.
CYBERTEC provides a powerful tool to protect your data and to ensure maximum safety: Data Masking. Simply extract obfuscated data using our obfuscation server and pass it safely to your development team without putting important data at risk.
PostgreSQL stores the code of a PL/pgSQL function on the server in plain text (pg_proc). In many cases it is not acceptable to expose your business logic and your intellectual property to curious eyes.
PL/pgSQL_sec is a module allowing you to encrypt your procedures on the server and hide it from potential attackers. Keep your intellectual property safe and make sure that code is only accessible to those who are really supposed to see it.
PGEE uses PL/pgSQL_sec by default and therefore adds additional security for your enterprise.
Enterprise grade security cannot be achieved using a single technique. An entire workflow is needed to constantly make your databases more secure and to maintain this level of database security. The PostgreSQL ecosystem has all the tooling to achieve this goal.
We at CYBERTEC provide expertise to clients to secure their databases in the most professional way possible.
Contact us today to receive your personal offer from CYBERTEC. We offer timely delivery, professional handling, and over 20 years of PostgreSQL experience.
+43 (0) 2622 93022-0
office@cybertec.at