Consolidated Infrastructure for Multi-Level Security
Crunchy MLS PostgreSQL extends Crunchy Certified PostgreSQL to enable enterprises to reduce their data management costs while supporting the most advanced data access control requirements.
Security conscious enterprises in a variety of industries use security classifications to separate data according to the level of approved access and system user roles. Crunchy has been a leader in developing and deploying Open Source PostgreSQL Data management solutions for these enterprises. As an example, enterprises in the health care industry may see the need to classify generally available marketing materials with one security label, corporate financial information with another security label, and patient data with yet another security label. Each label can be subdivided into numerous sub groups for exceptionally fine-tuned control, responding to the most sophisticated policy environment. Director access, management access, doctor access, auditor access, and that is just the financials!
Crunchy MLS PostgreSQL provides advanced security capability that enables enterprises to confidently store data at a variety of levels of sensitivity in a single database, while limiting the access of the sensitive data to only those applications and users with a “need to know”. Technology that reduces infrastructure costs by eliminating redundant infrastructure and software licenses, but importantly, while enhancing data security.
Advanced Integration with Trusted Operating System
To ensure Crunchy MLS PostgreSQL provides the most advanced security, Crunchy MLS PostgreSQL supports advanced integration with Trusted Operating Systems such as Red Hat Enterprise Linux SELinux, to support label-based mandatory access control based on enterprise defined security policies.
This use case contemplates a labeled inbound connection from an application to the PostgreSQL database through constrained network interfaces. An application runs at a specific security level on the client box, and this access level is propagated over the network to the database as the user connects; this becomes the effective security level used by the database user to access data within a multi-level database.
Similarly to the Ecosystem use case, a user is able to interact with the application at their desired access level; the application then grabs a connection from the server and manages the access level within the database.