The EDB Blog
January 16, 2020

 

Data privacy has senior management visibility as organizations are required to minimize the risk of sensitive data, such as customer payment information or health records being exposed through fraud or data breaches. Complying with the growing data privacy standards and regulations, including CCPA, PCI DSS, GDPR, and HIPAA, is an ever-changing challenge that requires consistent policies and tools that work across the enterprise. 

Securing data at the file system level, or in PCI terms ‘data-at-rest’, is possible through encryption by the storage hardware, the operating system, the database server or the application. Encryption when performed by the database server as seen in Oracle, SQL Server, and DB2 is known as transparent data encryption (TDE). Postgres today does not have native TDE capability.

Vormetric Transparent Encryption (VTE) from leading enterprise data security provider Thales secures data-at-rest without requiring changes to the database or associated applications. The solution also includes Vormetric Data Security Manager (DSM) which provides a unified, centralized platform for managing encryption keys and policies across an enterprise’s storage, databases and applications. 

EnterpriseDB has partnered with Thales to bring this security solution to EDB Postgres Advanced Server.

Validated Support

Before announcing the joint solution to our customers, EnterpriseDB and Thales put it through a validation process. The goal here was to prove out that VTE’s granular, least-privileged user access policies worked as expected with EDB Postgres Advanced Server, along with seeing auditing and encryption key management in operation. 

My colleagues Tushar Ahuja and Rajkumar Raghuwanshi have blogged details of the validation effort along with performance impact on our sample application with the solution enabled. As the saying goes, performance will vary with your specific workload. Overall we were pleased with the results.

Getting Started

Implementing the Vormetric solution requires the following components:

1. EDB Postgres Advanced Server installed and in operation.

2. Vormetric Data Security Platform (DSM) installed and operational.

3. A VTE agent on the Postgres host registered to the DSM.

A good resource from Thales is the Vormetric Guide: VTE Implementation for Postgres.

L’esprit tranquille

If you are following best practices with layers of protection for securing data from attack, including VTE enables you to answer data-at-rest security concerns. If you are already using Thales to manage data security policies in your enterprise, this validated solution enables you to extend your implementation to include EDB Postgres Advanced Server. The Thales and EnterpriseDB partnership gives you the peace of mind that your Postgres data is secure and supported.

 

Ressources complémentaires

VTE and EDB Postgres Advanced Server Solution Brief

Enhanced security for EDB Postgres Advanced Server with Vormetric Data Security Platform

Vormetric Guide: VTE Implementation for Postgres

Product webpage: Vormetric Transparent Encryption

Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

Creating a multi-layered security architecture for your database

Postgres et le chiffrement transparent des données

Postgres encryption options

Thales eSecurity Partners: EnterpriseDB

 

JohnDalton's picture

John Dalton is Senior Director of Product Management, responsible for product strategy and management of the EDB Postgres Platform. He is passionate about delivering business value through products that solve customer needs and believes in the awesome power of Agile development. Customer...