In recent years, the trend of companies intensifying their efforts to gather personal information via the Internet for business objectives has been on the rise. However, this has led to significant concerns regarding the unauthorized usage of such information and potential data leaks.
This trend is expected to continue in the future, and companies will need to handle personal information appropriately in accordance with these regulations. Enhancing the security of database systems that manage data, including personal information, is important to promote digital innovation and sustain corporate activities in the future under privacy regulations.
Fujitsu Enterprise Postgres and ScalarDL
Fujitsu Enterprise Postgres has always extended PostgreSQL's already impressive track record on database security with its own out-of-the-box features such as Transparent Data Encryption, Data Masking, and Dedicated Audit Log, among others. With this, we always ensured that personal information is stored and maintained securely.
And now with ScalarDL, a middleware product from Scalar, we deal with proof that the data has not been tampered with.
Secure digital data storage with encryption
Information leakages are serious security incidents that shake a company's credibility, so it is important to take measures against them. One possible measure to avoid them is encrypting the data, which can prevent third parties from viewing your personal information if it were to be leaked.
However, encryption requires the development of adding encryption processing to the application and the operation of encryption key management, which is burdensome.
A popular PostgreSQL encryption feature is pgcrypto, but it is not sufficient to solve this problem, for example by requiring applications to be modified to explicitly call encryption functions.
Fujitsu Enterprise Postgres provides Fujitsu's proprietary Transparent Data Encryption for secure storage of data containing personal information. It has three key features: improving development efficiency, improving operability, and minimizing performance impact. The entire database can be encrypted while minimizing the development and operational complexity and performance impact of encryption and decryption.
- Improving development efficiency
- Data is encrypted and decrypted transparently on the database side, so there is no need to develop encryption and decryption processes on the application side.
- Improving operability
- Simplify encryption function maintenance tasks, such as allowing database administrators to update encryption keys with a single command.
- Integration with external key management systems enables centralized management of encryption keys in organizations and business systems, reducing the workload of key management.
- Minimizing performance impact
- Accelerates AES encryption/decryption in conjunction with hardware to reduce encryption overhead
Maintaining accurate data by preventing/detecting tampering
When data containing personal information is stored on electronic recording media, there is a risk of data being tampered with by unauthorized access. Subsequent data manipulation will then be based on incorrect data, which can lead to problems such as a system malfunction or a problem that stops a company from continuing its activities, impacting the organization’s reputation and corporate social trust.
To address this risk, it is necessary to manage data so that tampering either does not occur, or if it does, is detected and data is recovered to keep the target data accurate. GDPR and other personal information protection regulations also require that data be maintained accurately, and that any alteration be promptly notified to the individual.
Fujitsu Enterprise Postgres provides tamper-prevention and detection features.
From a prevention perspective, Transparent Data Encryption ensures that data on disk cannot be tampered with. On top of that, we also prevent tampering by unauthorized users by providing unique features such as policy-based password management and confidentiality management to support authentication and access control operations in addition to the standard PostgreSQL features.
Next, in terms of detection, we provide another security enhancement that extends PostgreSQL's audit capability– the Dedicated Audit Log. This feature uses asynchronous workers to outputs audit records log to a dedicated log file. It works with log management tools through the PostgreSQL extension file_fdw to detect tampering by unauthorized access and provides a convenient and efficient mechanism for auditors and data security professionals to collect and analyze information about database activity.
How we easily implement guaranteed non-tamperability mechanism
In addition to tampering prevention and detection, it is sometimes necessary to ensure that data has not been tampered with (guaranteed non-tamperability). For example, GDPR requires proof that personal information consent history has not been tampered with, and it also provides evidence of prior user rights for intellectual property in patent litigation. This guaranteed non-tamperability requires the addition of a mechanism to manage the history of data updates protected by distributed ledger technology.
Fujitsu Enterprise Postgres is working with ScalarDL, a middleware product provided by Scalar, to introduce such guaranteed non-tamperability into databases.
ScalarDL is a tamper-resistant product for databases that provides tamper detection and guaranteed non-tamperability assurance, with the following characteristics:
- Managed in two management domains, Ledger and Auditor, ensures that tampering is detected even when the entire database system is tampered with
- Applications are managed by electronically signed contracts, improving traceability
The user can use ScalarDL to register data in Fujitsu Enterprise Postgres that requires guaranteed non-tamperability. If the registered data is tampered with, an error will occur at the time of reference. Therefore, the data that can be referenced also proves that it has not been tampered with.
Final thoughts
It is important to properly manage and utilize all data, including personal information, to drive business process and customer experience reform through digital innovation. Fujitsu Enterprise Postgres is uniquely suited to secure your organization's data with a unique set features. And with ScalarDL, we assist guaranteed non-tamperability.
If you would like to further explore how Fujitsu Enterprise Postgres goes above and beyond in keeping your data secure, we recommend deep diving our enterprise-enhanced unique features:
