Introducing Crunchy Data Warehouse: A next-generation Postgres-native data warehouse. Crunchy Data Warehouse Learn more
Doug Hunley
Doug Hunley
Crunchy Data is pleased to announce the publication of the Crunchy Data PostgreSQL 16 Security Technical Implementation Guide (STIG) by the United States Defense Information Systems Agency (DISA). This update covers Postgres versions 13-16, for previous versions of Postgres see the prior Crunchy Data Postgres STIG . Crunchy Data has collaborated with DISA since 2017 on the PostgreSQL STIG and this new STIG reflects Crunchy Data's ongoing collaboration with DISA and commitment to provide enh...
Read MoreKeith Fiske
Keith Fiske
One of the most requested features by Crunchy Data customers using modern enterprise database environments is some form of data encryption. However, nailing down exactly what someone means when they say "We need our data encrypted" is often a challenge due to the actual requirements not being fully clarified or even understood. So, before anyone tries to implement database encryption it is critically important to understand what needs to be encrypted and what benefit is actually gained by the...
Read MoreMike Palmiotto
Mike Palmiotto
We deleted our database. Two years ago on a Friday afternoon around 4pm I had a customer open a support ticket. The customer thought they were running their test suite against a dev environment. In reality they were running on production. One of the early steps in many test suites is to ensure a clean state: 1. all tables or schemas 2. from scratch all tables or schemas from scratch With disaster recovery and point-in-time recovery in place, we could roll the database back to any exact m...
Read MoreGreg Sabino Mullane
Greg Sabino Mullane
The pgBackRest tool is a fantastic backup solution for Postgres, with many features including encryption, compression, automatic expiration, PITR, asynchronous archiving, and lots more. By default it runs as the Unix user "postgres" and connects to the database as the "postgres" superuser. In working with one of our finance clients on Crunchy High Availability Postgres , we needed to limit the access of the pgBackRest program for security and compliance on the database cluster. This article d...
Read MoreDouglas Hunley
Douglas Hunley
Crunchy Data is proud to announce an update to the CIS PostgreSQL Benchmark by the Center for Internet Security ( CIS ). CIS is a nonprofit organization that publishes best practices and standards for securing modern technology and systems. This newly published CIS PostgreSQL 14 Benchmark ads to the existing CIS Benchmarks for PostgreSQL 9.5 - 13 and builds upon Crunchy Data's ongoing efforts with the PostgreSQL Security Technical Implementation Guide (PostgreSQL STIG ). A CIS Benchmark is...
Read MoreJonathan S. Katz
Jonathan S. Katz
As more data workloads shift to running on Kubernetes , one of the important topics to consider is security of your data. Kubernetes brings many conveniences for securing workloads with the ability to extend security functionality databases through the use of the Operator pattern . Database security best practices on Kubernetes is a frequent conversation we're having with our customers around deploying PostgreSQL on Kubernetes with PGO , the open source Postgres Operator from Crunchy Dat...
Read MorePaul Laurence
Paul Laurence
With the rise of Postgres, new organizations are evaluating how to benefit from its power and flexibility . As that evaluation progresses, Postgres advocates must address the question, "Is Postgres secure?" There are a variety of ways to answer this question, but the short answer is a confident "Yes!" At Crunchy Data, we often collaborate with organizational stakeholders to address this question. Many organizations have used the same collection of databases for years (maybe decades). The id...
Read MoreDouglas Hunley
Douglas Hunley
Crunchy Data has recently announced an update to the CIS PostgreSQL Benchmark by the Center for Internet Security , a nonprofit organization that provides publications around standards and best practices for securing technologies systems. This newly published CIS PostgreSQL 13 Benchmark joins the existing CIS Benchmarks for PostgreSQL 9.5, 9.6, 10, 11, and 12 while continuing to build upon the PostgreSQL Security Technical Implementation Guide (PostgreSQL STIG ). A CIS Benchmark is a set...
Read MoreJoe Conway
Joe Conway
Question: How do I get PostgreSQL to use FIPS 140-2 crypto ? The answer, to some extent, depends on how rigorously you need to be able to prove your answer. If the proof required is more than a casual check, the process is not well documented as far as I can tell. Therefore I will attempt to address that deficiency here. To be sure the crypto being used by PostgreSQL on a particular system is FIPS validated, you need to trace the chain of custody of the crypto software from the PostgreSQL backe...
Read MoreJonathan S. Katz
Jonathan S. Katz
Ensuring data can be securely transmitted is a requirement of many production systems . PostgreSQL supports TLS as a means of encrypting network communication, verifying hosts, and allowing for certificate-based authentication . The TLS functionality of PostgreSQL is extendable into Kubernetes deployments. The Crunchy Data Postgres Operator has provided support for TLS since version 4.3, using Kubernetes Secrets for mounting the TLS components safely to each Pod. The PostgreSQL Operator does...
Read More