Hardened, secure, access controlled, & commercially supported PostgreSQL

Crunchy Hardened PostgreSQL is a state-of-the-art Postgres solution for security and compliance-focused enterprises.

Enhanced RBAC

Crunchy Hardened Postgres extends traditional Role Based Access Control (RBAC) with superuser lockdown for a highly secure role based and encrypted environment.

Table representing separation of concerns available with enhanced RBAC

Superuser lockdown

Crunchy Hardened Postgres uses the Crunchy Postgres Security Module (CPSM) to lock down the superuser role in a way that favors better security and regulatory compliance. Superuser can complete normal Postgres maintenance but is blocked from data exports and queries.

Diagram representing superuser lockdown

Transparent data encryption

Transparent Data Encryption (TDE) is an enhanced encryption mechanism that protects table data from the OS admins at a level beyond full disk encryption. Postgres table files on disk are fully encrypted by the Postgres database itself and decrypted transparently upon execution. The TDE mechanism works with a fully HA failover scenario as well.

Venn diagram representing access to different parts of data system

Row level security

Row level and column level security roles can be an important part of the database configuration in a Hardened Postgres environment and are implemented per process requirements as needed. Crunchy has extensive experience with this part of the codebase.

Diagram showing row-level security

Crunchy Certified PostgreSQL

Common Criteria EAL2+ PostgreSQL is at the core of Crunchy Hardened Postgres and is therefore interoperable with any applications that can connect to PostgreSQL.

Built for the security conscious enterprise, Crunchy Certified PostgreSQL includes the open source tools and extensions to support enterprise requirements and compliance regimes. It's backed by Crunchy PostgreSQL experts behind the CIS Benchmark for PostgreSQL and the PostgreSQL Security Technical Implementation Guide.

logo for Crunchy Certified Postgres
icon showing clouds, disks, and replication

High availability and disaster recovery

Crunchy Postgres environments are full solutions for database clustering and include disaster recovery protection with backups and point-in-time recovery. High availability is also included with cluster architecture designed to be zero-downtime, resilient, and self healing.

Deployment flexibility

Bare metal

VMs

Cloud Hosted

Security is at Crunchy's core

Crunchy Data has been focused on advancing Postgres security since the beginning. We have also partnered with the United States Defense Information Systems Agency (DISA) to publish the first Security Technical Implementation Guide for open source database systems and the Center for Internet Security to publish the CIS Benchmark for Postgres. Crunchy Hardened PostgreSQL combines these best practices with advanced Postgres technology to provide an enhanced Postgres deployment for security focused enterprises.

Expert PostgreSQL support

With many contributors to the PostgreSQL community on our team, Crunchy Data offers architecture and support expertise to successfully manage your database requirements. Our connections in the community and deep technical expertise is available 24x7x365 with our commercial support subscription.

Customers

    avaya logo
    curve logo
    earthlink logo
    express scripts logo
    ibm logo
    ic consult group logo
    ihs markit logo
    motorefi
    orange
    rival iq logo
    sas logo
    sdx logo
    sitel logo
    texasam logo
    wyoming logo

Contact us