Hardened, secure, access controlled, & commercially supported PostgreSQL
Crunchy Hardened PostgreSQL is a state-of-the-art Postgres solution for security and compliance-focused enterprises.
Enhanced RBAC
Crunchy Hardened Postgres extends traditional Role Based Access Control (RBAC) with superuser lockdown for a highly secure role based and encrypted environment.
Superuser lockdown
Crunchy Hardened Postgres uses the Crunchy Postgres Security Module (CPSM) to lock down the superuser role in a way that favors better security and regulatory compliance. Superuser can complete normal Postgres maintenance but is blocked from data exports and queries.
Transparent data encryption
Transparent Data Encryption (TDE) is an enhanced encryption mechanism that protects table data from the OS admins at a level beyond full disk encryption. Postgres table files on disk are fully encrypted by the Postgres database itself and decrypted transparently upon execution. The TDE mechanism works with a fully HA failover scenario as well.
Row level security
Row level and column level security roles can be an important part of the database configuration in a Hardened Postgres environment and are implemented per process requirements as needed. Crunchy has extensive experience with this part of the codebase.
Crunchy Certified PostgreSQL
Common Criteria EAL2+ PostgreSQL is at the core of Crunchy Hardened Postgres and is therefore interoperable with any applications that can connect to PostgreSQL.
Built for the security conscious enterprise, Crunchy Certified PostgreSQL includes the open source tools and extensions to support enterprise requirements and compliance regimes. It's backed by Crunchy PostgreSQL experts behind the CIS Benchmark for PostgreSQL and the PostgreSQL Security Technical Implementation Guide.
High availability and disaster recovery
Crunchy Postgres environments are full solutions for database clustering and include disaster recovery protection with backups and point-in-time recovery. High availability is also included with cluster architecture designed to be zero-downtime, resilient, and self healing.
Deployment flexibility
Bare metal
VMs
Cloud Hosted
Security is at Crunchy's core
Crunchy Data has been focused on advancing Postgres security since the beginning. We have also partnered with the United States Defense Information Systems Agency (DISA) to publish the first Security Technical Implementation Guide for open source database systems and the Center for Internet Security to publish the CIS Benchmark for Postgres. Crunchy Hardened PostgreSQL combines these best practices with advanced Postgres technology to provide an enhanced Postgres deployment for security focused enterprises.
Expert PostgreSQL support
With many contributors to the PostgreSQL community on our team, Crunchy Data offers architecture and support expertise to successfully manage your database requirements. Our connections in the community and deep technical expertise is available 24x7x365 with our commercial support subscription.