We extend the transitive trust from OS the layer to the PostgreSQL server and to data it generates. We ensure that an authenticated PostgreSQL binary is running on our instance and we compute digital signatures when data is stored or
Virtual Instance Security The instance uses “Secure Boot” to make sure that only authenticated software is installed at the OS layer.
Transparent Encryption The usual approach to data encryption within a cloud platform is to use a block-level encryption. It may allow you to get data encryption off your to-do list, however, such ad-hoc approaches do not fully address the need for data security. We make use of the encryption capability that is built into the … Read more
Protection Against Unauthorized Users Off-the-shelf operating systems have a flawed notion of trust – the privileged user is implicitly trusted. This leads to a variety of security problems. Many attempts have been made to fix this issue including one within a topnotch United States military agency. However, these solutions have proven impractical for general business … Read more
Tamper-resistant Logs Our secure instances log Server General activities at four separate locations (real-time). Even the administrators are unable to alter all four copies since three copies are stored outside of their administrative control. This essentially nullifies log tampering attempts. Most auditors appreciate this approach.
Reduced Attack Surface The Operating System vendors design their products to support numerous applications to increase their usage. However, this approach results in a bloated operating system unfit to host any mission-critical application server securely. The PostgreSQL Secured by SG instance uses a trimmed down version of the OS thereby reducing the attack surface significantly. … Read more
Elevating Users From Products to Customers – The GDPR Data Subject Empowerment The purpose of the General Data Protection Regulation, GDPR, is to protect and strengthen the rights of data subjects/EU citizens. The law grants data subjects rights whereby data controller, the entity that is collecting personal information, has to reveal the actual identity of … Read more
Enterprises Should Think Twice Before Using Their Cloud Provider’s Data-At-Rest Encryption We live in a multi-cloud world. Managing data security across multiple public clouds can be challenging. There are three main reasons why enterprises should think twice before using data-at-rest encryption solution offered by their cloud provider. If you envision moving from one cloud platform … Read more
GDPR – How Not To Screw Up Consent? The General Data Protection Regulation, or GDPR, replaces the Data Protection Directive (“Directive”), which has been in effect since 1995. The GDPR became law in April 2016, but organizations were given a two-year grace period to comply. The effective date for compliance is on May 25, 2018. … Read more
GDPR Is Coming, Are You Ready? The Server General team has presented two web seminars on the GDPR. This presentation will give you a quick overview of the new law with special focus on Articles 32 and 34. Big News – A New Managed File Transfer Service Organizations that need to transfer files across geographical … Read more