We extend the transitive trust from OS the layer to the PostgreSQL server and to data it generates. We ensure that an authenticated PostgreSQL binary is running on our instance and we compute digital signatures when data is stored or
Virtual Instance Security The instance uses “Secure Boot” to make sure that only authenticated software is installed at the OS layer.
Transparent Encryption The usual approach to data encryption within a cloud platform is to use a block-level encryption. It may allow you to get data encryption off your to-do list, however, such ad-hoc approaches do not fully address the need for data security. We make use of the encryption capability that is built into the … Read more
Protection Against Unauthorized Users Off-the-shelf operating systems have a flawed notion of trust – the privileged user is implicitly trusted. This leads to a variety of security problems. Many attempts have been made to fix this issue including one within a topnotch United States military agency. However, these solutions have proven impractical for general business … Read more
Tamper-resistant Logs Our secure instances log Server General activities at four separate locations (real-time). Even the administrators are unable to alter all four copies since three copies are stored outside of their administrative control. This essentially nullifies log tampering attempts. Most auditors appreciate this approach.
Reduced Attack Surface The Operating System vendors design their products to support numerous applications to increase their usage. However, this approach results in a bloated operating system unfit to host any mission-critical application server securely. The PostgreSQL Secured by SG instance uses a trimmed down version of the OS thereby reducing the attack surface significantly. … Read more
2.1 2.1 Always change vendor-supplied defaults before installing a system on the network—for example, include passwords, simple network management protocol (SNMP) community strings, and elimination of unnecessary accounts. 2.2.1 2.2.1 Implement only one primary function per server. 2.2.2 2.2.2 Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform … Read more
PCI Compliance 2.1 Always change vendor-supplied defaults before installing a system on the network—for example, include passwords, simple network management protocol (SNMP) community strings, and elimination of unnecessary accounts. 2.2.1 Implement only one primary function per server. 2.2.2 Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform the … Read more
HIPAA Security Rule Compliance with Server General The HIPAA Security Rule requires health care organizations (covered entities and their business associates) to secure the protected health information (PHI) under their control at all times. The rule makes specific references to encryption, key management, access controls, risk management and auditing. The HITECH Act, on the other … Read more