PostgreSQL instance encryption: More database security

PostgreSQL instance encryption: More database security

• 1.
  Full PostgreSQL instanceencryption Hans-Jürgen Schönig www.postgresql-support.de Hans-Jürgen Schönig www.postgresql-support.de
• 2.
  First of all Hans-JürgenSchönig www.postgresql-support.de
• 3.
  Did . .. Did everybody have a good time in Tallinn? Hans-Jürgen Schönig www.postgresql-support.de
• 4.
  Introduction Hans-Jürgen Schönig www.postgresql-support.de
• 5.
  Cybertec Schönig &Schönig GmbH 24x7 support for PostgreSQL PostgreSQL training PostgreSQL consulting Hans-Jürgen Schönig www.postgresql-support.de
• 6.
  Get more outof PostgreSQL Hans-Jürgen Schönig www.postgresql-support.de
• 7.
  PostgreSQL features PostgreSQL providesmany features Many “Enterprise” features are available e.g. replication, analytics, etc. Hans-Jürgen Schönig www.postgresql-support.de
• 8.
  Missing stuff Nothing isfeature complete Once in a while everybody finds missing parts Hans-Jürgen Schönig www.postgresql-support.de
• 9.
  Sponsoring vs. licensing Remember,PostgreSQL is Open Source Sponsoring a feature is often cheaper than buying commercial licenses No need to chain yourself to a commercial vendor Hans-Jürgen Schönig www.postgresql-support.de
• 10.
  Database encryption: Anexample Hans-Jürgen Schönig www.postgresql-support.de
• 11.
  Specific customer requirements Customercould only provide encryption based on expensive commercial software Encryption is needed to fulfill legal and internal requirements Hans-Jürgen Schönig www.postgresql-support.de
• 12.
  Making it work Implementhighly optimized code to handle encryption on the block level in PostgreSQL Totally transparent to the end user Keys can be stored in a key store of your choice Hans-Jürgen Schönig www.postgresql-support.de
• 13.
  What it does Weencrypt: Tables Indexes Temporary files Full WAL encryption Commit Log (clog) More stuff: Subtransaction directories, MultiXact . . . What we do not encrypt (yet): pg_stat_statements, logical replication buffers, control data (on purpose) Hans-Jürgen Schönig www.postgresql-support.de
• 14.
  Encryption technology Extensible mechanism Includedin pgcrypto: AES-XTS 128 Future versions will use Intel hardware support Current prototype does 4 GB / sec per core ! Hans-Jürgen Schönig www.postgresql-support.de
• 15.
  Good news We allgot encryption now Not yet in core but available to end users already with full professional support Patch on hackers Anybody willing to feedback? Hans-Jürgen Schönig www.postgresql-support.de
• 16.
  Commercial success Writing code+ integrating was cheaper than just integrating commercial stuff Makes sense for everybody Customer Community Hans-Jürgen Schönig www.postgresql-support.de
• 17.
  What we learnfrom this Have the guts and the conviction to do what is right Think for yourself Find solutions to YOUR problems Do not change your requirements just because some commercial vendor forces you to do so Benefit from Open Source Invest wisely Hans-Jürgen Schönig www.postgresql-support.de
• 18.
  Where can weget the code? Our website has the code: http://www.cybertec.at/en/products/postgresql-instance- level-encryption/ It is under PostgreSQL license Hans-Jürgen Schönig www.postgresql-support.de
• 19.
  Finally Hans-Jürgen Schönig www.postgresql-support.de
• 20.
  Any questions? Feel freeto ask Hans-Jürgen Schönig www.postgresql-support.de
• 21.
  Contact us Cybertec Schönig& Schönig GmbH Email: office@cybertec.at Web: www.postgresql-support.de Follow us on Twitter: @PostgresSupport Hans-Jürgen Schönig www.postgresql-support.de