This article is the second in a series on database privacy features, providing a look at a few popular database engines and how each approaches the task of allowing you to secure and protect your data, including the sensitive human profiles that require the highest degree of care. This time we focus upon the capabilities of PostgreSQL, aka Postgres, for short.
The first article, MySQL Data Privacy Features for Enterprise and Community Editions, framed the task as protecting the data bloodstream of your business from hackers determined to steal sensitive and valuable data. Industry and government regulations set a high standard in which to do this, and it must be enforceable despite the myriad workflows and devices that comprise your business practices.
Similar to MySQL, Postgres offers ways to cover the three main aspects of data privacy that we’re tracking in this series:
Postgres is an open-source database engine with robust offerings out of the box. Since it is open source, various commercial vendors have embedded it into their platforms as a standard and familiar database option, including Amazon RDS for PostgreSQL and Azure Database for PostgreSQL. This allows them to integrate Postgres with their platforms’ unique capabilities, providing some interesting data privacy options.
Let’s sample what Postgres has to offer to support these crucial functions.
The Postgres engine offers support for several ways to do at-rest encryption, and also supports the standard SSL-based approach to in-flight encryption. Like other engines, it also has the older stand-by options to support disk encryption.
Postgres comes with a flexible set of options out of the box to encrypt data. The at-rest options include the following:
Postgres supports in-flight encryption via SSL with a few options:
You can read more about Postgres encryption options in the documentation.
As mentioned above, Postgres has been adopted as a part of numerous commercial offerings from different vendors. As one commercial example, Azure embeds Postgres into its platform. The product, Azure Database for PostgreSQL, integrates with Azure Data Encryption to encrypt data at rest. The use of Microsoft-managed keys makes this similar to the Transparent Data Encryption (TDE) offered by other platforms.
Other vendors support similar offerings that tie into their platforms, such as AWS RDS Postgres.
Like other database engines, Postgres supports data masking with the use of SQL extension functions. Out of the box, this functionality has many options, including the ability to create your own extensions.
A summary of Postgres’ data masking capabilities:
You can read more about Postgres’ data masking functions here to see the various options available.
The extensible nature of Postgres and the requirements for data masking has created a market of third-party vendors that offer function libraries that you can plug in and use. Evaluating these is beyond the scope of this article.
As with MySQL, Postgres’ supports de-identification with a subset of its data masking functions.
Pseudonimization serves a different purpose than anonymization, which is a requirement of data de-identification. Make sure you comply properly when requirements such as GDPR are involved by using the data masking approach that yields true anonymization.
The requirements for de-identification have created a market for tooling to do it properly. For example, Amazon RDS offers de-identification capabilities that you can plug into if you use the AWS platform. Demand and competition will assure that other such tool sets will become available.
Database administrators and system builders have a lot to think about when it comes to securing data. The Postgres library plug-in architecture enables a pantheon of community offerings to help in your efforts to secure data as well. Performance depends on the features used and how they are configured.
NetApp Cloud Data Sense now supports Postgres, as well as a number of other popular databases, including MySQL, MSSQL, Oracle, and SAP HANA, and MongoDB. Cloud Data Sense gives database deployment an additional utility for data privacy: AI-driven data mapping that can identify the sensitive private data stored in your database so you can pinpoint and report on that data to stay in compliance with GDPR, CCPA, and the host of new data privacy regulations that have been enacted around the globe.