Thales banner

PostgreSQL Database Encryption

The CipherTrust Platform protects sensitive data in PostgreSQL databases

PostgreSQL Database Security

postgresql logo

PostgreSQL is a widely adopted open source object-relational database system that has strong reputation for reliability, feature robustness and performance. Customers choose this easily customizable solution to serve data for a wide range of workloads from small single-machine applications to large web-facing application farms with large numbers of concurrent users.

Fortunately, PostgreSQL has the ability to utilize 3rd party key stores with full PKI infrastructure that enables centralized key management and encryption. Organizations can rely on data at rest encryption from Thales for robust database security that mitigates threats posed by hackers and privileged users, and also addresses many compliance concerns surrounding data privacy regulations.

The CipherTrust Data Security Platform from Thales offers customers a variety of encryption and tokenization solutions at the file-system, database and application levels to secure data across its lifecycle anywhere in the enterprise.

  • Challenges
  • Solutions
  • Benefits

Performance Impacts with Native Database Encryption

PostgreSQL offers native instance level encryption, which always has a significant impact on database server performance. Adding centralized hardware based encryption technologies from Thales can improve database performance with added data security.

Administrative Complexity across multiple Data Stores

Administrators are faced with a complex and costly task of managing disparate encryption keys for many different databases accumulated over time from separate vendors. They have to factor in the cost of administrative resources required to manage multiple incompatible encryption solutions across multiple databases.

Operational Inefficiencies of Key Management

Managing encryption keys for each data repository, and manual systems to store and transmit encryption keys, lack of password control and centralized ways to revoke keys when employees leave creates operational inefficiencies and result in data breaches.

CipherTrust Transparent Encryption

CipherTrust Transparent Encryption delivers data at rest encryption, privileged user access controls, and detailed data access audit logging, with no changes to applications and minimal performance implications. It protects data in PostgreSQL databases on Windows, AIX, and Linux OS’s across physical and virtual servers, in cloud and big data environments.

CipherTrust Application Data Protection

For organizations that need to apply more granular database protection at the column or field level, CipherTrust Application Data Protection, which provides developer friendly APIs to perform encryption and key management operations.

CipherTrust Tokenization

Sensitive data such as credit card numbers and tax identifiers can be protected in PostgreSQL databases by replacing it with obfuscated values called tokens, without changing the size of the database tables. CipherTrust Tokenization offers both vaulted and vaultless tokenization that can help reduce the cost and complexity of complying with data privacy regulations such as PCI-DSS and GDPR.

CipherTrust Manager

For enterprises that have chosen to use database TDE in Microsoft SQL Server environments, Thales offers centralized key management with CipherTrust Manager. It centrally manages keys for Microsoft SQL and Oracle TDE environments, in addition to managing keys for Key Management Interoperability Protocol (KMIP) clients. It simplifies centralized management of key lifecycle, access policies and auditing changes.

Comprehensive Data Protection

The CipherTrust Data Security Platform offers format preserving encryption (FPE), developer friendly APIs for centralized key management and encryption policies, support for Chef and Docker integrations and broad coverage for both on-premises and cloud service providers.

Coverage for Multiple Databases

CipherTrust Manager can manage keys and provide database encryption across multiple databases – Oracle, IBM DB2, MySQL, NoSQL and Sybase, in addition to PostgreSQL. Thales’ CipherTrust Encryption solutions can secure databases on Windows, Linux and AIX operating systems, and offers coverage for physical, virtual and cloud-based environments.

Operational Efficiency

CipherTrust Manager offers a single unified console to centrally manage cryptographic keys and policies across multiple database environments, to minimize administrative overhead. With broad coverage of database solutions, the CipherTrust platform enables customers to reduce cost and avoid complexity of managing multiple database encryption silos.

Related Resources

CipherTrust Database Protection - Product Brief

CipherTrust Database Protection - Product Brief

An organization’s most valuable data assets reside in databases and it is imperative to protect them from the devastating and lasting impact of data breaches. With a growing number of internal and external cyber threats, data protection provides a critical last line of defense...

CipherTrust Transparent Encryption - Product Brief

CipherTrust Transparent Encryption - Product Brief

Safeguarding sensitive data requires much more than just securing a data center’s on-premises databases and files. The typical enterprise today uses three or more IaaS or PaaS providers, along with fifty or more SaaS applications, big data environments, container technologies,...