Data Isolation in Multitenant PostgreSQL
Vložit
- čas přidán 12. 09. 2024
- The popularity of PostgreSQL makes it the prime candidate to be the database for a multi-tenant SaaS. But with multi-tenancy there are two fundamental issues: How do you make sure that the tenant has control over their data in a third party SaaS environment? How do you make sure that the tenant’s data is isolated from each other so that a tenant’s data doesn’t get exposed to other tenants? Letting a tenant see another tenant’s data would be considered a data breach.
Logical databases is a capability supported by Postgres for multi-tenancy. But there are infrastructure and database inefficiencies with this model, so some SaaS providers use a single database with co-mingled tenant data.
In both the models (logical databases or a co-mingled database), there is a need to cryptographically isolate each tenant’s data from other tenants. In addition to data isolation, encrypting a tenant’s data with their own keys lets tenants take control of their data, even though it resides in a third party SaaS environment.
Database-level encryption (for logical databases) or Row-level encryption (for co-mingled databases) combined with BYOK/HYOK (sometimes called Multi-tenant BYOK/HYOK) keep each tenant’s data separate and give each tenant full control over their data. Tenants can also enable/disable their keys so that they have full control on data access.
In this webinar on using PostgreSQL in a multi-tenant SaaS, you will learn how to:
- Compartmentalize each tenant’s data at the row or logical database level
- Implement Multi-tenant BYOK easily, without any application changes
- Centrally manage and define policies for keys - Věda a technologie
