Crunchy Hardened PostgreSQL is a state-of-the-art Postgres solution for security and compliance-focused enterprises. Crunchy Hardened PostgreSQL extends Crunchy PostgreSQL in order to enforce additional security controls to protect data from unauthorized access and comply with regulatory and privacy requirements. Crunchy Hardened Postgres combines advanced security features including enhanced RBAC, TDE, and superuser lockdown with commercial support requirements like High Availability, Disaster Recovery, and Certification.
Crunchy Hardened Postgres extends traditional Role Based Access Control (RBAC) with superuser lockdown for a highly secure role based and encrypted environment.
Crunchy Hardened Postgres uses the Crunchy Postgres Security Module (CPSM) to lock down the superuser role in a way that favors better security and regulatory compliance. Superuser can complete normal Postgres maintenance but is blocked from data exports and queries.
Transparent Data Encryption (TDE) is an enhanced encryption mechanism that protects table data from the OS admins at a level beyond full disk encryption. Postgres table files on disk are fully encrypted by the Postgres database itself and decrypted transparently upon execution. The TDE mechanism works with a fully HA failover scenario as well.
Row level and column level security roles can be an important part of the database configuration in a Hardened Postgres environment and are implemented per process requirements as needed. Crunchy has extensive experience with this part of the codebase.
Common Criteria EAL2+ PostgreSQL is at the core of Crunchy Hardened Postgres and is therefore interoperable with any applications that can connect to PostgreSQL.
Built for the security conscious enterprise, Crunchy Certified PostgreSQL includes the open source tools and extensions to support enterprise requirements and compliance regimes. It's backed by Crunchy PostgreSQL experts behind the CIS Benchmark for PostgreSQL and the PostgreSQL Security Technical Implementation Guide.
Crunchy Postgres environments are full solutions for database clustering and include disaster recovery protection with backups and point-in-time recovery. High availability is also included with cluster architecture designed to be zero-downtime, resilient, and self healing.
Available for RHEL and CentOS environments, as well as containerized for deployment. Crunchy Postgres Operator for Kubernetes is Red Hat Level 5 Certified. Crunchy Hardened Postgres can be deployed to traditional environments or containers and on the host of your choice, on-premise, or in the cloud.
Crunchy Data has been focused on advancing Postgres security since the beginning. We have also partnered with the United States Defense Information Systems Agency (DISA) to publish the first Security Technical Implementation Guide for open source database systems and the Center for Internet Security to publish the CIS Benchmark for Postgres. Crunchy Hardened PostgreSQL combines these best practices with advanced Postgres technology to provide an enhanced Postgres deployment for security focused enterprises.
With many contributors to the PostgreSQL community on our team, Crunchy Data offers architecture and support expertise to successfully manage your database requirements. Our connections in the community and deep technical expertise is available 24x7x365 with our commercial support subscription.