Achieving a Secure Database System by Using Fujitsu Enterprise Postgres (FEP) and ScalarDL

Security requirements for next-generation database systems

Advances in database and AI technologies have enabled various processes to be automated based on data. Along with that, information security to protect an organization’s information assets, which consist of various data, from threats is becoming increasingly important. This means organizations must guarantee that data is properly managed, accurate, and always available. In addition, with the expansion of cloud services, Zero Trust security, in which measures are taken based on the premise of “trust nothing,” is gaining popularity as a security model for protecting information assets, along with the traditional perimeter-type protection. Because of this, demands for information security are becoming more complex and advanced.

The CIA triad of information security, which protects information assets from threats, is defined by JIS, ISO, and other standards as confidentiality, integrity, and availability. In 1996, JIS added four elements — authenticity, accountability, non-repudiation, and reliability — to define seven elements of information security. Recent laws and regulations related to data, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), and the Amendment Act of the Act on the Protection of Personal Information, often impose such security elements as requirements. Organizations’ data is commonly managed in database systems; thus, it is becoming increasingly important for database systems to meet these security requirements.

Achieving a secure database system

ScalarDL is one effective tool for satisfying such security requirements in database systems. As a middleware solution, ScalarDL can detect arbitrary faults (that is, Byzantine faults), including data tampering, and guarantees the integrity, authenticity, accountability, non-repudiation, and reliability of data. Additionally, since ScalarDL runs as stateless middleware, its availability can be increased, for example, by increasing the number of Pods in Kubernetes for ScalarDL Ledger and/or Auditor. However, regarding confidentiality, ScalarDL only has minimal capabilities, such as user authentication, since it does not retain data by itself.

To achieve a secure database system that meets security requirements, including confidentiality, ScalarDL needs to be run on a database that has strong confidentiality. One way to achieve this is to use ScalarDL with Fujitsu Enterprise Postgres (FEP). FEP is based on PostgreSQL and has been enhanced by Fujitsu to achieve high confidentiality, such as transparent data encryption, data masking, and confidentiality management. Therefore, combining ScalarDL and FEP can meet comprehensive high-level security requirements with a simple configuration. FEP also has the capability to achieve high availability (for example, disaster recovery feature), so combining ScalarDL and FEP achieves a highly available database system. The following diagram shows an example of such architecture.

Conclusion

In this article, we introduced the background of the increasing importance of information security and described an example of a system architecture that combines ScalarDL and Fujitsu Enterprise Postgres. By implementing such a solution, you can achieve a secure database system that meets advanced security requirements.

Fujitsu Enterprise Postgres

For details about Fujitsu Enterprise Postgres, please refer to “Fujitsu Enterprise Postgres”.

ScalarDL

For details about ScalarDL, please refer to our website or documentation site.