Clicky

Fujitsu Enterprise Postgres: Delivering the Security Assurances Key to Protecting Data in Era of Mounting Cybersecurity Attacks
by Ron Westfall | January 11, 2023

The News: Fujitsu provides its enterprise-enhanced version of PostgreSQL – Fujitsu Enterprise Postgres – alongside a range of expert database services that deliver a first-class data security strategy to protect organizations from cybersecurity threats, with features such as Transparent Data Encryption, Data Masking, and Dedicated Audit Log. Read more about Fujitsu Enterprise Postgres features, as well as its range of professional services.

Fujitsu Enterprise Postgres: Delivering the Security Assurances Key to Protecting Data in Era of Mounting Cybersecurity Attacks

Analyst Take: The recent surge in high-profile cybersecurity breaches across the planet has put data protection firmly back in the spotlight. Global attacks increased by 28% in the third quarter (Q3) of 2022 in relation to the same period in 2021. The average weekly attacks per organization worldwide reached over 1,130. Specifically, the healthcare sector was the most targeted industry for ransomware during Q3 2022, with one in 42 organizations undermined by ransomware, a five percent increase year-over-year. The cyberattacks target the major industry verticals, sparing no industry:

Fujitsu Enterprise Postgres: Delivering the Security Assurances Key to Protecting Data in Era of Mounting Cybersecurity Attacks
Source: Check Point Research

I identify manufacturing and critical infrastructure industries such as electric utilities, railways, and energy production, as being at increased risk. For example, the May 2021 ransomware attack on the Colonial Pipeline organization represented the largest cyberattack on oil infrastructure in U.S. history.

Asia registered the most cyberattacks in Q3 2022 with an average of 1,778 weekly attacks per organization, representing a 21% increase compared to the same period last year.

Weekly Attacks per Organiziation

Data breaches of all types have become more sophisticated and costlier all over the world, and especially in the United States, where the average cost of data breaches reached almost $9.4 million in 2022 – more than double the all-time high global average of $4.3 million.

Because of the high cost and grave risk to national security and infrastructure these threats represent, the White House has been meeting with cybersecurity experts and private sector stakeholders to devise a plan that will tackle the escalating issues that America’s government and industries have been facing. The goal is to produce a cohesive cybersecurity plan to improve collaboration with the private sector, facilitate information sharing, ensure coherence at the federal level, and organize resources to improve cyber resilience, also taking into account new and unforeseen threats.

In 2022, for the 12th year in a row, the healthcare industry became the sector most affected by data breaches, with breach costs hitting a new record high of $10.1 million. It was another year in which millions of records of confidential patient information were either illegally accessed and exposed or used in data ransom.

One such data breach was experienced in March 2022 by Shields Health Care Group, a 3rd party vendor that provides MRI, PET/CT, and outpatient surgical services for the sector. The Social Security numbers, medical information, billing data, and insurance details of 2 million people tied to 60 healthcare providers were compromised.

In Australia, the telco Optus suffered a data breach in September 2022, which exposed data of 9.8 million accounts of current and former customer, affecting the equivalent of 40% of Australia’s population. Subsequently, the personal details of 10,000 customers were posted online. The Australian government has assigned blame to Optus for the breach, saying customers were exposed to financial crime and pressing Optus to expedite the notification of those affected . Its parent company Singapore Telecommunications (Singtel) provisioned $140 million for customer remediation efforts, which include an external independent review, third-party credit monitoring services for impacted customers, and the replacement of customer identification documents (e.g., passports) where needed to recover from the breach.

As a result, I believe organizations of all types and from all regions need to strengthen their cybersecurity defenses and measures to ensure their overall brand integrity and economic viability. Essentially, now is the time for organizations to adopt a comprehensive cybersecurity strategy that acts on the recommendations of government cybersecurity agencies such as ACSC.

Fujitsu Enterprise Postgres: Ready to Defend and Protect Enterprise Data Assets

Organizations and governments are under ever-increasing pressure to constantly review and strengthen their cybersecurity measures against threats that cause not only financial losses and damage to reputation, but also result in legal liabilities. A comprehensive cybersecurity strategy effectively protects an organization’s systems, servers, networks, devices, apps, and includes a thorough data security strategy that protects sensitive information.

To meet the expanding data security challenges of today, I find that Fujitsu delivers the intelligence-led approach that is essential to protecting the most valuable data assets of organizations, with its enterprise-enhanced version of PostgreSQL – Fujitsu Enterprise Postgres – and its value-add expert services that provide a holistic approach to delivering a secure database system.

Organizations that use Postgres today are now in the position to make the simple transition to Fujitsu Enterprise Postgres to swiftly turn on vital security capabilities such as transparent encryption, data masking, and dedicated audit log with negligible impact on performance.

Fujitsu Enterprise Postgres is designed to extend PostgreSQL to provide critical consistent security features across multiple platforms, on prem and across multiple hybrid cloud environments. The solution consists of three key components critical to stopping disruptive and harmful security breaches:

Transparent Data Encryption (TDE): Uses 256-bit encryption technology to protect all data at rest without affecting existing applications, with minimal performance impact. Through transparent data encryption, organizations attain faster encryption/decryption capabilities, zero storage overhead in storage areas, avoiding any modification of existing applications, and support for streaming replication. For example, I view the ability to encrypt all application data as instrumental to ensuring application performance without any tradeoff in supporting the scope of encryption required.

Data Masking: Allows in-flight data to be redacted according to policies that can obfuscate the data fully or partially, with an offline option to generate realistic data in test and partners’ environments as well. This capability supports offline data masking which I see as enabling the transfer of data to another database while applying specified policies, enabling one-off transformation that writes masked data to disk. As such, it is suitable for test environments and partner environments, where it can be used to generate realistic data without exposing sensitive information. Likewise online data masking is used to apply marking policies dynamically as data is read from the disk, especially well-suited for production environments to hide sensitive data.

Dedicated Audit Log: Records database activity separately from the server log, making it easier and more efficient to obtain and analyze data access records for auditing and security purposes. From my view, the dedicated audit log feature allows organizations to configure which operations to audit and send to the dedicated file. Audit records are then written by asynchronous workers, further reducing the overhead of log operations. This provides an easy and efficient way for auditors and data security experts to collect and analyze information on database activity.

Fujitsu Enterprise Postgres: Ensuring Hybrid Cloud Security Capabilities

From my perspective, the demand for hybrid cloud is expanding robustly as organizations are prioritizing the security and containerization of their overall cloud modernization strategies. Integral to implementing a successful hybrid cloud strategy is assuring that the required automation and integration capabilities are securely in place. Through containerization, organizations can accelerate their hybrid cloud journey and assure the attainment of essential features such as pre-enabled security in full alignment with deep insights, expanded agility through portability, high availability, and open platform flexibility.

In developing their hybrid cloud strategies, IT decision makers need to ensure that their organization’s on-premises, private cloud, and public cloud requirements are aligned comprehensively on a security-first foundation. Many of the recent high-profile cybersecurity breaches happened in hybrid cloud environments. On-premises considerations include the planning and use of varying levels of virtualization and containerized deployment. Cloud considerations – both private and public – include independent deployments within virtual servers as well as the potential use of public cloud Database as a service (DBaaS) solution.

I see the use of hardware security modules in combination with cloud protection services as augmenting key management capabilities across cloud-based DB implementations. Also deploying secure containers for agile DevSecOps in accord with container orchestration platforms such as OpenShift, SUSE Rancher and VMware Tanzu can use data masking and transparent data encryption techniques to enhance security on top of the security already provided by OCP (OpenShift Container Platform).

How Fujitsu Enterprise Postgres Portfolio Provides the Data Protection Vital to Making Data Safer from Cybersecurity Threats

To deliver secure hybrid cloud services using containerization, I find Fujitsu Enterprise Postgres provides the security, performance, portability, and automation features essential to implementing a comprehensive cybersecurity strategy. In the area of security, Fujitsu Enterprise Postgres delivers the built-in DevOps/DevSecOps agility, audit ease, TDE, data masking, and dedicated audit log capabilities vital to fulfilling the full array of organization cybersecurity requirements.

For performance, the solution is enhanced specifically for enterprise needs including support for accurate real-time business intelligence reporting, swift data backup, in-memory columnar indexing, and parallel scanning. Moreover, I see Fujitsu Enterprise Postgres meets the resilience demands of demanding enterprise cybersecurity environments by assuring high availability for mission-critical data including disaster recovery, mirroring controller functions, and connection management. The solution delivers the automation required to optimize cost saving across organization-wide cybersecurity operations including auto-scaling, monitoring, and deep insight capabilities.

Moreover, organizations gain portability and flexibility that align with their environments including the assurance of no vendor lock-in traps and full compatibility with open-source PostgreSQL databases as well as major proprietary databases.

Fujitsu Enterprise Postgres provides the platform agnosticism that I see as vital to enabling organizations using Postgres to transition to Fujitsu Enterprise Postgres to minimize their cybersecurity risks. This includes optional use of IBM LinuxONE and IBM Hardware Security module which can also be combined with IBM Cloud Hyper Protect Crypto Services to enable Wrapper Key Management, which wraps the Data Encryption Master Keys used within Fujitsu Enterprise Postgres databases. This includes the opportunity to use the on-premises Hardware Security Module and trust key entry (TKE) capability.

The IBM Hyper Protect Crypto Services option enables organizations to keep their own keys aligning with the provision that an IBM Administrator cannot access the keys. I see the FIPS 140-2 Level 4 two Hardware Security Module as providing critical differentiation due to the inherent difficulty of any supplier attaining FIPS 140-2 certification.

It’s a compelling part of the value prop that Fujitsu Software’s team of experts are available to provide a database migration assessment service to customers and ISV partners to validate the journey process to Fujitsu Enterprise Postgres. And as part of the solution, Fujitsu offers a wide range of services by its experts to ensure that you get the most out of the database, with the features leveraged in the most efficient way to maxime security, performance and high availability. The service range includes from architecture review and migration assessment all the way to database migration, performance tuning, and software implementation.

We particularly see Fujitsu standing out against alternatives in the secure data realm by productizing PostgreSQL to enterprise level with automatic encryption and data masking in accordance with turning on Transparent Data Encryption techniques that avoid large performance overheads. By supporting best practice DevSecOps, Fujitsu further bolsters security agility across hybrid cloud environments.

Key Takeaways: How Fujitsu Enterprise Postgres Can Help Organizations Prevent Devastating Cybersecurity Breaches

From our perspective, Fujitsu Enterprise Postgres provides the open source-based foundation vital to delivering the data masking, transparent data encryption, and dedicated audit logs key to preventing disruptive and costly security breaches as well as the platform agility to shut down fast-changing cybersecurity threats. With well-differentiated features for encryption and data masking, Fujitsu Enterprise Postgres containerized DBs provide a critical missing link in high-velocity DevSecOps cycles, allowing development and operations teams to collaborate using container management platforms such as the OpenShift Operator framework. Taken together, Fujitsu’s offering ensures organizations can take full advantage of portable, secure, and fast features needed to successfully containerize and fully protect their hybrid cloud implementations.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.

Other insights from Futurum Research:

Fujitsu’s Focus and Vision for Meeting the Challenges of the Rapidly Changing World of Advanced Technology – Futurum Tech Webcast Interview Series

FUJITSU Enterprise Postgres Provides the Security and Containerization Keys to Hybrid Cloud Success

FUJITSU Enterprise Postgres Ready to Power ISV Fulfillment of Container-driven Software Modernization Journey

Image Credit: netimperative.com

About the Author

Ron is an experienced research expert and analyst, with over 20 years of experience in the digital and IT transformation markets. He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including software and services, infrastructure, 5G/IoT, AI/analytics, security, cloud computing, revenue management, and regulatory issues. Read Full Bio.