PostgreSQL Database Encryption
The CipherTrust Platform protects sensitive data in PostgreSQL databases
PostgreSQL is a widely adopted open source object-relational database system that has strong reputation for reliability, feature robustness and performance. Customers choose this easily customizable solution to serve data for a wide range of workloads from small single-machine applications to large web-facing application farms with large numbers of concurrent users.
Fortunately, PostgreSQL has the ability to utilize 3rd party key stores with full PKI infrastructure that enables centralized key management and encryption. Organizations can rely on data at rest encryption from Thales for robust database security that mitigates threats posed by hackers and privileged users, and also addresses many compliance concerns surrounding data privacy regulations.
The CipherTrust Data Security Platform from Thales offers customers a variety of encryption and tokenization solutions at the file-system, database and application levels to secure data across its lifecycle anywhere in the enterprise.
Performance Impacts with Native Database Encryption
PostgreSQL offers native instance level encryption, which always has a significant impact on database server performance. Adding centralized hardware based encryption technologies from Thales can improve database performance with added data security.
Administrative Complexity across multiple Data Stores
Administrators are faced with a complex and costly task of managing disparate encryption keys for many different databases accumulated over time from separate vendors. They have to factor in the cost of administrative resources required to manage multiple incompatible encryption solutions across multiple databases.
Operational Inefficiencies of Key Management
Managing encryption keys for each data repository, and manual systems to store and transmit encryption keys, lack of password control and centralized ways to revoke keys when employees leave creates operational inefficiencies and result in data breaches.
CipherTrust Transparent Encryption
CipherTrust Transparent Encryption delivers data at rest encryption, privileged user access controls and detailed data access audit logging, with no changes to applications and minimal performance implications. It protects data in Microsoft SQL databases on Windows, AIX and Linux OS’s across physical and virtual servers, in cloud and big data environments.
CipherTrust Application Data Protection
For organizations that need to apply more granular database protection at the column or field level, CipherTrust Application Data Protection, which provides developer friendly APIs to perform encryption and key management operations.
Sensitive data such as credit card numbers and tax identifiers can be protected in PostgreSQL databases by replacing it with obfuscated values called tokens, without changing the size of the database tables. CipherTrust Tokenization offers both vaulted and vaultless tokenization that can help reduce the cost and complexity of complying with data privacy regulations such as PCI-DSS and GDPR.
For enterprises that have chosen to use database TDE in Microsoft SQL Server environments, Thales offers centralized key management with CipherTrust Manager. It centrally manages keys for Microsoft SQL and Oracle TDE environments, in addition to managing keys for Key Management Interoperability Protocol (KMIP) clients. It simplifies centralized management of key lifecycle, access policies and auditing changes.
Comprehensive Data Protection
The CipherTrust Data Security Platform offers format preserving encryption (FPE), developer friendly APIs for centralized key management and encryption policies, support for Chef and Docker integrations and broad coverage for both on-premises and cloud service providers.
Coverage for Multiple Databases
CipherTrust Manager can manage keys and provide database encryption across multiple databases – Oracle, IBM DB2, MySQL, NoSQL and Sybase, in addition to PostgreSQL. Thales’ CipherTrust Encryption solutions can secure databases on Windows, Linux and AIX operating systems, and offers coverage for physical, virtual and cloud-based environments.
CipherTrust Manager offers a single unified console to centrally manage cryptographic keys and policies across multiple database environments, to minimize administrative overhead. With broad coverage of database solutions, the CipherTrust platform enables customers to reduce cost and avoid complexity of managing multiple database encryption silos.
An organization’s most valuable data assets reside in databases and it is imperative to protect them from the devastating and lasting impact of data breaches. With a growing number of internal and external cyber threats, data protection provides a critical last line of defense...
CipherTrust Transparent Encryption enables organizations to establish strong controls around sensitive data with maximum efficiency. CipherTrust Transparent Encryption delivers data-at-rest encryption for structured databases and unstructured files with centralized key...