Data privacy has senior management visibility as organizations are required to minimize the risk of sensitive data, such as customer payment information or health records being exposed through fraud or data breaches. Complying with the growing data privacy standards and regulations, including CCPA, PCI DSS, GDPR, and HIPAA, is an ever-changing challenge that requires consistent policies and tools that work across the enterprise.
Securing data at the file system level, or in PCI terms ‘data-at-rest’, is possible through encryption by the storage hardware, the operating system, the database server or the application. Encryption when performed by the database server as seen in Oracle, SQL Server, and DB2 is known as transparent data encryption (TDE). Postgres today does not have native TDE capability.
CipherTrust from leading enterprise data security provider Thales secures data-at-rest without requiring changes to the database or associated applications. The solution also includes Vormetric Data Security Manager (DSM) which provides a unified, centralized platform for managing encryption keys and policies across an enterprise’s storage, databases and applications.
EDB has partnered with Thales to bring this security solution to EDB Postgres Advanced.
Validated Support
Before announcing the joint solution to our customers, EDB and Thales put it through a validation process. The goal here was to prove out that VTE’s granular, least-privileged user access policies worked as expected with EDB Postgres Advanced Server, along with seeing auditing and encryption key management in operation.
My colleagues Tushar Ahuja and Rajkumar Raghuwanshi have blogged details of the validation effort along with performance impact on our sample application with the solution enabled. As the saying goes, performance will vary with your specific workload. Overall we were pleased with the results.
Getting Started
Implementing the CipherTrust solution requires the following components:
1. EDB Postgres Advanced installed and in operation.
2. Vormetric Data Security Platform (DSM) installed and operational.
3. A VTE agent on the Postgres host registered to the DSM.
A good resource from Thales is the Vormetric Guide: VTE Implementation for Postgres.
Peace of Mind
If you are following best practices with layers of protection for securing data from attack, including VTE enables you to answer data-at-rest security concerns. If you are already using Thales to manage data security policies in your enterprise, this validated solution enables you to extend your implementation to include EDB Postgres Advanced Server. The Thales and EnterpriseDB partnership gives you the peace of mind that your Postgres data is secure and supported.
Additional Resources
VTE and EDB Postgres Advanced Server Solution Brief
Enhanced security for EDB Postgres Advanced Server with Vormetric Data Security Platform
Vormetric Guide: VTE Implementation for Postgres
Product webpage: Vormetric Transparent Encryption
Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules
Creating a multi-layered security architecture for your database
Postgres and Transparent Data Encryption (TDE)
Thales eSecurity Partners: EnterpriseDB
Relevant Blogs
EDB and Precisely.com Make It Easy to Integrate Data from Legacy Systems
While many businesses intend to move to open source Postgres and next-gen cloud platforms, the challenge of integrating data from legacy systems can hold companies back. That’s why we’re excited...EDB and Thales Collaborate to Help Transparent Data Encryption Customers Protect and Manage their Cryptographic Keys
We are excited to announce our latest collaboration with Thales to help Transparent Data Encryption (TDE) customers protect and manage their cryptographic keys by offering support for CipherTrust Manager. Cryptographic...EDB and HashiCorp Partner to Bring Enterprise Key Management to Postgres for Transparent Data Encryption
EDB is pleased to announce HashiCorp as the newest addition to the EDB GlobalConnect Technology Partner Program. This marks an important step forward for EDB, as we recently came out...More Blogs
Nutanix AHV Now Supports EDB Postgres Advanced Server Versions 14 and 15
We at EDB are pleased to announce that we have completed validation testing of Nutanix AHV for it to now support the latest versions of EDB Postgres Advanced Server, versions...
EDB Partners with Pure Storage to Bring Storage Array Capabilities to Postgres
We at EDB are pleased to announce Pure Storage, a provider of enterprise-grade, all-flash block, file, and object storage, as the newest member of the EDB GlobalConnect Technology Partner Program...