5 Ways to Make Your Postgres GDPR-Ready

1
Marc Linster, Ph.D.
SENIOR VICE PRESIDENT, PRODUCT DEVELOPMENT
EnterpriseDB
© Copyright EnterpriseDB Corporation, 2018. All Rights Reserved.

2
AGENDA
What is GDPR?
Database software
requirements
Key GDPR articles
EDB Postgres or PostgreSQL
Working with EDB

3
GENERALIZED DATA
PROTECTION REGULATION
EUROPEAN REGULATION
• Replacing Data Protection
Directive (95/46/EC)
• Applicable to organizations
that offer goods and services
in the EU
• Or collect/analyze data about
EU residents
• Not limited to EU companies
or organizations
TAKE NOTE
• Effective May 25, 2018,
114 days and counting
• Focuses on Personally
Identifiable Information (PII):
Names, pictures, email, phone number,
birth dates
• Differentiates between
Controllers and Processors
• Regulation has teeth:
Significant fines
• More details:
https://www.eugdpr.org
GDPR is not explicit about technical implementation and best practices are still emerging…

4
GDPR AND THE
DATABASE VENDOR
AUDITED AND ROBUST CAPABILITIES TO
MANAGE DATA SECURELY AND SAFELY
MOSTLY BUSINESS AS USUAL
• High Availability/Disaster Recovery
• Robust authentication and password management
• Role based access control to the data
• Encryption at rest and in transit
• Auditing
• SQL Injection Attack Protection
• Data redaction
COMMON SENSE FOR THE ENTERPRISE DBA

5
GDPR ARTICLES THAT DESERVE
YOUR ATTENTION
ARTICLE 17 Right to be forgotten, i.e., the right to erasure
http://www.privacy-regulation.eu/en/article-17-right-to-erasure-'right-to-be-forgotten'-GDPR.htm
ARTICLE 20 Right to data portability
http://www.privacy-regulation.eu/en/article-20-right-to-data-portability-GDPR.htm
ARTICLE 25 Data protection by design and by default
http://www.privacy-regulation.eu/en/article-25-data-protection-by-design-and-by-default-GDPR.htm
ARTICLE 32 Security of processing
http://www.privacy-regulation.eu/en/article-32-security-of-processing-GDPR.htm
ARTICLE 33 Notification of breach to the supervisory authority
http://www.privacy-regulation.eu/en/article-33-notification-of-a-personal-data-breach-to-the-supervisory-authority-GDPR.htm
ARTICLE 34 Notification of breach to the data subjecthttp://www.privacy-regulation.eu/en/article-34-communication-of-a-personal-data-breach-to-the-data-subject-GDPR.htm

6
ARTICLE 17:
RIGHT TO BE FORGOTTEN
“The data subject shall have the right to obtain
from the controller the erasure of personal data
concerning him or her without undue delay and
the controller shall have the obligation to erase
personal data without undue delay.”
REALLY
‘RIGHT TO ERASURE’
• DATA SUBJECT ASKED TO BE FORGOTTEN
• Withdrew consent
• The data is no longer necessary for its purpose
• Or other reason
• Can ‘erasure’ time frame coincide with the data retention period?

7
ARTICLE 17:
RIGHT TO BE FORGOTTEN
“The data subject shall have the right to obtain
from the controller the erasure of personal data
concerning him or her without undue delay and
the controller shall have the obligation to erase
personal data without undue delay.”
•This invalidates the backups, WALs and PITR capabilities
•Potentially conflicts with Article 32 (Security of Processing) as it
invalidates backups
DO WE ERASE THE DATA FROM BACKUPS?
•Collect all data subjects that want to be erased in a script that is run
after a database restore
DO WE ERASE DATA AFTER RESTORATION?
•Log only non-PII data (if possible)
•Encrypt all logs with PII
•Expire and securely erase logs as soon as possible
HOW DO WE DEAL WITH LOGS?

8
ARTICLE 20:
RIGHT TO DATA
PORTABILITY
Data subject can request their
data in a commonly used
machine readable format
Consider using JSONB, XML,
or CSV to export query results

9
ARTICLE 25 - DATA PROTECTION
BY DESIGN AND BY DEFAULT
DATA MINIMIZATION
• Keep as little PII as possible
• Keep it for as short a time as
possible
DATA
PSEUDONYMISATION
• Separate the PII (e.g., name,
etc.) from the facts (e.g., what
was bought when from which
merchant) to minimize risk of
breach of PII during data
processing or statistical
evaluation
• Tightly manage access to
and encrypt PII
Beware of possible re-identification
(87% of the US population can be identified using zip code, sex and age)
(a.k.a. Privacy by Design)

ARTICLE 32 – SECURITY
OF PROCESSING
10
Access control, password
profiles
ACID Transactional
Redaction and data masking
Very explicit technical instructions Disk level or column level encryption
High Availability
Disaster Recovery
Process
© Copyright EnterpriseDB Corporation, 2018. All Rights Reserved.10
• Pseudonymisation and encryption of personal data
• Ability to ensure the ongoing confidentiality, integrity,
availability and resilience of processing systems and
services
• Ability to restore the availability and access to personal
data in a timely manner in the event of a physical or
technical incident
• Process for regularly testing, assessing and evaluating the
effectiveness of technical and organizational measures for
ensuring the security of the processing

SECURITY CONSIDERATIONS:
A MULTI-LAYER APPROACH
11
DB Host
Database files
Data
base
Data
base
Data
baseData access control:
• Tables
• Columns
• Rows
• Views
• Security barriers
DB Server
Authentication:
• Users
• Roles
• Password profiles
Data Center Physical access
Host access
DB Server network
access
File system encryption
Data file encryption
Data encryption
• Column based
encryption
DML/DDL Auditing
SQL Injection Attack
Prevention
Encryption in transit
Data
redaction/masking
Key
Management
System

12
Using views, functions, roles and
search paths definitions
Username [enterprisedb]: privilegeduser
mycompany=> select * from employees;
id | name | ssn | phone | birthday
----+--------------+-------------+------------+--------------------
1 | Sally Sample | 020-78-9345 | 5081234567 | 02-FEB-61 00:00:00
1 | Jane Doe | 123-33-9345 | 6171234567 | 14-FEB-63 00:00:00
1 | Bill Foo | 123-89-9345 | 9781234567 | 14-FEB-63 00:00:00
(3 rows)
Username [enterprisedb]: redacteduser
mycompany=> select * from employees;
id | name | ssn | phone | birthday
----+--------------+-------------+------------+--------------------
1 | Sally Sample | xxx-xx-9345 | 5081234567 | 02-FEB-02 00:00:00
1 | Jane Doe | xxx-xx-9345 | 6171234567 | 14-FEB-02 00:00:00
1 | Bill Foo | xxx-xx-9345 | 9781234567 | 14-FEB-02 00:00:00
(3 rows)
DATA REDACTION USING
POSTGRES TECHNIQUES

INTEGRITY AND RESILIENCE:
HA AND DR AT WORK
13
GDPR requires integrity, availability
and resilience
Combine HA, DR and Monitoring

14
ARTICLES 33 AND 34:
NOTIFICATION OF BREACH
DETECTION OF BREACH
• Auditing
• SQL Injection Attack detection
NOTIFICATION IS NOT REQUIRED
• Article 33: “… if the personal data breach is unlikely to result in a risk for the rights and freedoms
of natural persons”
• Article 34: “… the controller has “implemented appropriate technical and organizational protection
measures” that “render the data unintelligible to any person who is not authorized to access it,
such as encryption”
ENCRYPTION OF THE DATA IS KEY – BUT ITS NOT A PANACEA
• Data encryption must be combined with physical security, authentication, encryption at rest,
auditing and access control

15
Self-Supported
PostgreSQL
Password Management Not available
Authorization PostgreSQL RLS
Auditing Limited audit
capabilities
SQL Injection Attacks Not available
Encryption at Rest
DIY
24/7 Support DIY
HA/DR
Multiple open
source tools
Data Redaction
DIY
Secure Configuration
Best Practices
DIY
EDB POSTGRES OR SELF-SUPPORTED PostgreSQL?

16
Self-Supported
PostgreSQL
EDB Postgres
Password Management Not available EDB Password Profiles
Authorization PostgreSQL RLS EDB Virtual Private Database
Auditing Limited audit
capabilities
EPAS Audit with DML auditing for INSERT, UPDATE, DELETE, TRUNCATE by user and
database, syslog integration, etc. Manage audit logs separately from server logs
SQL Injection Attacks Not available EDB SQL/Protect
Encryption at Rest
DIY
Proven full-disk encryption procedure
Extension of pgCrypto to support secure key management
24/7 Support DIY Enterprise level SLA support with direct access to Postgres community leaders
HA/DR
Multiple open
source tools
EDB Management Tool Suite:
EDB Failover Manager
EDB Backup and Recovery
EDB Postgres Enterprise Manager
Data Redaction
DIY
Custom Data Views
EPAS 11: Built-in data redaction
Secure Configuration
Best Practices
DIY
EDB Postgres Advanced Server Secure Technology
Implementation Guideline (http://iase.disa.mil)
EDB POSTGRES OR SELF-SUPPORTED PostgreSQL?

17
5 WAYS FOR THE DBA TO BE
POSTGRES GDPR-READY
1. Read the GDPR, consult with peers and
get advice
2. Are you a Processor or a Controller?
3. Create an inventory of the information
subject to GDPR
•What do you have? Where is it? Who has access?
VALIDATE, VALIDATE, VALIDATE, VALIDATE…..
GDPR is not explicit about
technical implementation and
best practices are still
emerging…
4. Key Decisions
• Is the data needed? Anything you can get rid of?
• Are the servers protected (physical access, network access, host
access, authentication)
• Is the data protected (ACLs, encryption in transit and at rest)?
• Are the servers backed up, highly available and covered by enterprise-
level support?
• Is the right auditing in place?
• Can you leverage data redaction, data masking, and
pseudonymisation to further limit access to sensitive data?
5. Process to identify breaches (unauthorized access) and notification;
Process to implement ‘right to erasure’

18
NEXT STEPS
Discuss your
Postgres
infrastructure
with EDB
• Reliable,
robust and
secure
• Well supported
Leverage EDB’s
free training to
make sure your
team is up to
speed
Get your team
Postgres
Certified
Move from self-
supported
Postgres to
EDB Postgres
Get best practice
advice and
leverage best-of
breed
infrastructure to
create a secure,
safe, audited,
and robust data
management
capability
Contact us at info@EnterpriseDB.com

info@enterprisedb.com
Questions?

THANK YOU

5 Ways to Make Your Postgres GDPR-Ready

More Related Content

What's hot (20)

Similar to 5 Ways to Make Your Postgres GDPR-Ready (20)

More from EDB (20)

Recently uploaded (20)

5 Ways to Make Your Postgres GDPR-Ready

Editor's Notes