USE CASE: SECURE OPEN SOURCE SOFTWARE (OSS)
Utilize data protection, access controls, and hardened, secure Postgres® distributions–so you can build with confidence.
Managing open source software (OSS) vulnerabilities
Today's developers and database administrators prefer OSS solutions such as PostgreSQL over legacy databases because of cost-effectiveness, customization, active community support, rapid innovation, and adherence to SQL standards. However, OSS deployments also introduce a challenge in identifying and mitigating potential security vulnerabilities. Enterprises must ensure their applications use hardened versions of PostgreSQL that have undergone extensive testing, comply with industry certifications, and reduce the risk of malware attacks. Also, enterprises need to ensure that customer data is protected and access to databases is controlled.
Trust the Postgres experts
EDB Postgres AI is a trusted enterprise provider for hardened Postgres software packages, protecting against all known vulnerabilities and enabling you to operate confidently with open source software. Also, additional enterprise security features protect customer data and limit database access, providing extra layers of security.
Hardened Postgres
Obtain a secured Postgres distribution that goes through secure design principles in coding practices, comprehensive testing, verification, and other activities to minimize vulnerabilities.
EDB Trust Center
Get access to EDB’s responses to enterprise-grade security concerns and an overview of EDB’s commitment to embedding data privacy and security in every part of the business.
Enterprise-grade security
Protect your application and customer data with Transparent Data Encryption (TDE), SQL protection, audit trails, and data redaction. Control access with role-based access, and fine-grained data access down to specific rows.
Software Bill of Materials (SBOM)
Gain visibility with EDB’s SBOM, which offers a detailed inventory of components and dependencies that comprise a software package, including up-to-date license reporting.
Built for the Public Sector
For highly regulated environments like the Public Sector, get access to hardened EDB Postgres container images from the Iron Bank repository. Also, create STIG (Security Technical Implementation Guides) and CIS (Center for Internet Security) compliant clusters via EDB’s Trusted Postgres Architect.
Enjoy rapid value delivery with automated security safeguards. Code, deploy, and release new software with hardened Postgres and other enterprise security features to develop confidently, ensure customer trust, and keep customer data secure.
Build secure applications
Develop secure applications with EDB as a trusted Postgres provider that follows the National Institute of Standards and Technology (NIST) Secure Software Development framework. Get access to over 50 signed repositories covering 10+ various Postgres extensions used by over 1,500 companies.
Customer trust
Increase trust in your company’s care of customer data. Adhere to local compliance rules to expand the user base and increase retention.
Secured data
Reduce risk for vulnerabilities and eliminate the effort required to build a secure data environment. Operate confidently, knowing that 100% of the EDB code base is hardened and backed by enterprise-grade security best practices.
Compliance adherence
Keep up with compliance requirements, even with industry-specific regulations such as PCI-DSS, HIPPA, or other government Zero-Trust framework requirements.
Transparency and visibility into your software supply chain
EDB’s SBOM reports help track changes in Postgres deployments, making it easier to identify and mitigate potential security vulnerabilities.
EDB provides secure open source software as part of EDB Postgres AI
EDB Postgres AI secures your open source software so you can operate with confidence and compliance. 100% of the EDB codebase undergoes secure design principles in coding practices, comprehensive testing, verification, and other activities to minimize vulnerabilities. Easily track and identify changes in Postgres deployments with readily available reports and a detailed inventory of each component of the EDB software package.
Related products and solutions
EDB Postgres AI
A modern Postgres data platform for powering mission-critical workloads from edge to core.
EDB Postgres Advanced Server
Enterprise-grade, Oracle-compatible Postgres.
Enterprise-grade Postgres
Run enterprise-grade Postgres anywhere, on any cloud, from edge to core.
Resources
How to Secure PostgreSQL: Security Hardening Best Practices & Tips
EnterpriseDB Raises the Bar for Postgres Security and Compliance with Transparent Data Encryption
Elevating Postgres Security with the EDB Trust Center
Security Best Practices for Postgres
AI Data Security with Postgres: Best Practices and Compliance
EDB Security Documentation
EDB CVE Assessments
Hardened Postgres refers to EDB reviewing Postgres and related extensions, building and signing packages, and hosting in our own repo to ensure that SLAs can be met for bug fixes and security updates. We ensure that 100% of the codebase undergoes secure design principles in coding practices, comprehensive testing, verification, and other activities to minimize vulnerabilities. Then, we patch the vulnerabilities and undertake other preventive measures to ensure that the repositories are safe against any vulnerabilities. The checked repository is then built into a signed package, which gives enterprises peace of mind.
Here’s how EDB can help:
- Data protection: Customers can protect their data with TDE, data redaction, and using a hardened version of Postgres.
- Access Controls: EDB provides RBAC and fine-grained data access down to specific rows.
Transparent data encryption (TDE) encrypts any user data stored in the database system. This encryption is transparent to the user. User data includes the actual data stored in tables and other objects as well as system catalog data such as the names of objects.
Audit logging refers to allowing database and security administrators, auditors, and operators to track and analyze database activities. EDB audit logging generates audit log files, which can be configured to record information such as:
- When a role establishes a connection to an EDB Postgres database
- The database object role creates, modifies, or deletes when connected to EDB
- When any failed authentication attempts occur
Data redaction limits sensitive data exposure by dynamically changing data as it is displayed for certain users. For example, a social security number (SSN) is stored as 021-23-9567. Privileged users can see the full SSN, while other users see only the last four digits: xxx-xx-9567.
EDB does two things:
- Provides a layer of security in addition to the normal database security policies by examining incoming queries for common SQL injection profiles
- Gives the control back to the database administrator by alerting the administrator to potentially dangerous queries and by blocking these queries.
Customers and others can go to the EDB Trust Center, which provides at-a-glance visibility into EDB’s security posture. The Trust Center enables easy navigation into public documents that attest to EDB’s security policies, compliance certifications, and other relevant documents, streamlining security reviews from customers, partners, and prospects alike.
Software Bill of Materials (SBOM) reports offer a detailed inventory of components and dependencies that comprise a software package, enabling you to more easily identify and mitigate potential security vulnerabilities.
The SBOM reports will be available for software customers who are entitled to them in the EDB Repos browsing page once they have logged in with their enterprisedb.com account.