EDB announces Secure Open Software Solution for EDB Postgres AI® Enterprise and Government Deployments

Reduce your attack surface as you invest in open source

This blog was co-authored by Adam Wright and Tim Boutin. 

Security is a top priority for organizations everywhere, and those that have already migrated to open source Postgres are no different.

EDB provides industry-best security with our unified EDB Postgres® AI platform, and the Secure Open Source solution we’re announcing today extends that commitment by introducing supply chain security, automated standards compliance, and enhanced government security assurance. Additionally, our extended security partnerships with Fortanix and Entrust expand the key management features EDB delivers to enterprise and government customers.

Let’s explore how EDB Postgres® AI delivers a more secure, robust, and compliant database environment to global enterprise and government customers.

Securing the supply chain with Software Bill of Materials

Deploying Postgres in organizational software stacks provides many benefits, but these deployments can introduce complexities, such as identifying and mitigating security vulnerabilities, testing and complying with industry certifications, and reducing the risk of malware attacks. Addressing the challenge of identifying and mitigating potential security vulnerabilities in Postgres deployments is both critical and demanding. This task is essential for data security and compliance, particularly in regulated industries that must adhere to PCI DSS, SOC2, GDPR, or other government Zero Trust framework requirements.

EDB is taking a significant step forward in transparency and security by introducing Software Bill of Materials (SBOM) reports in EDB Postgres Postgres Advanced Server and EDB Postgres Distributed.

As a significant element of our Secure Open Source Software solution, SBOM reports enable software developers, compliance team resources, and security analysts to more easily identify and mitigate potential security vulnerabilities. SBOM reports offer visibility into your open source supply chain with a detailed inventory of components and dependencies that comprise the EDB Postgres Advanced Server and EDB Postgres Distributed software packages, including up-to-date license reporting.

SBOM reports use the open standard Software Package Data Exchange (SPDX) format, including provenance, license, security, and other related information.

SBOM reports make it easier to identify and mitigate potential security vulnerabilities and help track changes in Postgres deployments, while enabling operators to integrate EDB SBOM analysis with their vulnerability management reporting.

Today, EDB Software Bill of Materials reports are available upon request through the EDB Trust Center. 

Learn more about EDB Secure Open Software and SBOM reports in this Solution Brief.

Automating standards compliance management with Trusted Postgres Architect orchestration

The latest Trusted Postgres Architect (TPA) orchestration tool release eases EDB Postgres AI database compliance with Security Technical Implementation Guide (STIG) and Center for Internet Security (CIS) Benchmark standards. With TPA, specifying STIG and CIS options during cluster configuration automatically adds all appropriate Postgres configuration options to the cluster, while enforcing other aspects designed for adoption of Postgres in regulated industries of the relevant standard.

DBA cycles formerly spent on configuring TPA and making manual changes to the cluster after deployment are reduced. When STIG is selected, TPA will set up TCP connections between nodes using the cert auth method, with full verification and certificates provided by the DBA. As a result, customers in regulated industries can rely on EDB Postgres AI as a trusted open source solution that adheres to STIG and CIS standards.

Want more details? EDB docs provide a detailed view into these TPA enhancements.

Extending EDB Postgres AI trust in the public sector with Iron Bank availability

With EDB CloudNativePG Cluster and associated EDB Postgres Advanced Server (EPAS) container images being distributed through the Iron Bank repository, US Department of Defense (DoD) customers and other global government agencies can confidently accelerate their development and deployment process, knowing that they’re consuming images which have met the highest U.S. Government security standards.

Built by DoD and maintained by the Air Force Platform One team, Iron Bank is a publicly available, centralized repository where container images are built, scanned, and distributed per DoD container hardening specification. Iron Bank was designed to facilitate rapid development and deployment of secure software.  By distributing the EDB CloudNativePG Cluster operator and its EPAS container image through Iron Bank, we're showing that our container images meet U.S. government security standards.

EDB’s security and compliance capabilities are enhanced by DoD Iron Bank approval and extends our Zero Trust Framework readiness.

Expanding key management security options for EDB Postgres AI

EDB has added support for additional key stores in the Transparent Data Encryption (TDE) solution by extending our partnerships with Entrust and Fortanix. Integrating Entrust KeyControl and Fortanix Data Security Manager with TDE tool enables seamless management of master encryption keys, ensuring that sensitive data stored in EDB Postgres AI databases is encrypted and protected against unauthorized access.

Adding Entrust and Fortanix key stores complements TDE support for Amazon AWS Key Management Service (KMS),  Microsoft Azure Key Vault, Google Cloud—Cloud Key Management Service, HashiCorp Vault (KMIP Secrets Engine and Transit Secrets Engine), and Thales CipherTrust Manager. Visit EDB docs for more information about how TDE integrates with these key controls.

Summary

EDB has long provided Postgres solutions trusted by the U.S. Department of Defense, Homeland Security, and global government agencies. The Secure Open Source Software solution  enhances industry-best EDB Postgres AI security features by protecting against all known vulnerabilities, enabling you to operate confidently with open source software.

We continue to invest in solutions that extend Postgres security and ease compliance management for EDB customers, with recent announcements focusing on our FedRAMP authorization commitment and EDB Trust Center roll out.

In addition to these innovations, discover how our EDB Postgres AI Hybrid Control Plane can help keep your databases secure, ensure performance, and provide up to 99.999% availability in this Press Release. Available in tech preview, EDB Postgres AI Hybrid Control Plane provides enhanced observability to monitor, observe, and respond to issues in real time across hybrid and multi-cloud environments— with visibility into 200+ metrics.