PGCon2016 - 20180510

PGCon 2016
The PostgreSQL Conference

Christophe Pettus
Day Talks - Day 2 - 2016-05-20
Room DMS 1110
Start time 13:00
Duration 00:45
ID 902
Event type Lecture
Track Applications
Language used for presentation English

The PCI Compliant Database.

... yours probably is not.

Securing a database to the level required by PCI is hard; we'll go over what is required.

Everyone talks about database security, but what are we really doing about it?

The Payment Card Industry standards specify what you need to do in order to store credit and debt card information in your database. If you store that information, you have to comply. Even if you don't store that information, it's a good reference point for what it takes to actually secure a database.

We'll discuss all aspects of what the PCI standard requires of your database, including:

  • Firewalls and network infrastructure.
  • Security policies.
  • Data security at the database level.
  • Data security in flight.
  • Client-level security.
  • Development and operational requirements for security.

While structured in the context of the PCI standard, the information is useful for anyone who maintains sensitive information in a database, and that's nearly everyone.