The Patient Protection and Affordable Care Act, known as Obamacare, sent U.S. states scrambling to build health insurance exchanges for individuals to purchase and manage new insurance plans. Working under time constraints, many states implemented systems based on technologies they already had in place.
Such was the case with one state government agency who built their exchange using the IBM DB2 database. This East Coast state experienced a series of complications with the system, including problems with data management on the platform. In designing a massive fix, the state’s health exchange IT team decided to adopt an open source approach and migrate their entire infrastructure stack.
This team had already migrated part of the infrastructure to JBOSS on Linux when it began to consider open source PostgreSQL. However, they decided the open source version didn’t provide enough security to meet requirements of the Health Insurance Portability and Accountability Act (HIPAA) and other security regulations, so they looked to EnterpriseDB (EDB).
The EDB Postgres Platform enabled the state’s health exchange IT team to meet a number of goals critical to their objectives and requirements:
Legacy Migration: The health exchange team needed to migrate just over 1 TB of data from IBM DB2 to EDB Postgres. The EDB Postgres Platform includes the EDB Postgres Migration Toolkit, which eases migrations from traditional vendors to EDB. The experience and support of EDB engineers, who have done hundreds of database migrations, also accelerated the process and reduced risk.
Modernization: The state’s Health Exchange team was adopting an open source infrastructure to help them respond better to new digital demands. The open source foundation of EDB Postgres combined with EDB’s support and enterprise SLAs helped to ensure the team’s goals for their database platform would be met.
Next, A Cloud Project
The adoption of EDB Postgres for the state’s health exchange led a second agency of the state to contact EDB. This agency was charged with building a statewide cloud data repository that would connect major state departments and enable them to share information. The state’s cloud team had decided at the outset to use open source technologies. They would be the most cost-effective and best consolidate data from multiple disparate applications and enable the sharing of different data formats across various state agencies.
Like the team in charge of the health exchange, the cloud team considered open source PostgreSQL, but found its security was insufficient. They also wanted more support than was available from the community project. They too contacted EDB.
Critical Goals for the Cloud Team
- Migration to the Cloud: The state had embarked upon an innovative but massive project to consolidate data from multiple agencies into a single cloud repository. This involved linking applications and combining disparate data formats to remove data silos. EDB Postgres represented a holistic solution with multi-model capabilities to combine unstructured data types, like GIS information or JSON documents, with traditional relational data, and Foreign Data Wrappers (FDWs) to integrate seamlessly with disparate external data sources. In addition, the EDB Postgres subscription allows customers to deploy the database in whatever way supports their needs, whether on-premises, in the cloud, on bare metal, or virtually, without penalty.
- Modernization: The cloud team required interoperability. The flexibility of open source in EDB Postgres combined with greater control over cloud deployments from the EDB Postgres Ark Database-as-a-Service framework, included with EDB Postgres, would deliver more options for application development and deployment.
EDB has developed enterprise-class performance, manageability, Oracle-compatibility, and developer features for its EDB Postgres Advanced Server. These were important and valuable features to the state. But it was the security enhancements EDB developed for Postgres and integrated into EDB Postgres Advanced Server, that were critical to both state agencies in choosing the EDB Postgres Platform.
In considering EDB Postgres, the two agencies used as guidance a Security Technical Implementation Guide (STIG) for EDB Postgres Advanced Server that the Department of Defense (DoD) published in 2016. Working with EDB, the DoD’s Defense Information Security Agency (DISA) evaluated EDB Postgres against the US government’s stringent security requirements. The agency developed the STIG to define how EDB Postgres can be deployed and configured to meet security requirements for government systems. This made EDB the first provider of an open source-based database to have a STIG published for its core product offering.
State and local agencies look to this as additional vetting, knowing that solutions have passed the intense scrutiny of government security investigators. The STIG, along with EDB Postgres’ security features for auditing, compliance tracking, passwords, and protection from SQL injection attacks, demonstrated that the privacy and security needs of both state agencies would be met.