Security White Paper
Relational Database (PostgreSQL Edition) (hereinafter referred to as RDS-PostgreSQL) is a safe and reliable database product created by eSurfing Cloud for users.
To ensure the security of user data and efficiently support their business operations, eSurfing Cloud prohibits non-customer authorized personnel from accessing user instances and data, prohibits operation and maintenance personnel from accessing user instances without authorization and prohibits anyone from illegally processing customer data.
In addition, RDS-PostgreSQL offers a wide range of features including VPC, security groups, automatic backup, and cross-AZ deployment to help users better manage their data and ensure their data security.
1.1.1. Network Isolation
A VPC (Virtual Private Cloud) is a collection of resources that run on a public cloud and are used privately by a certain user. On eSurfing Cloud, the RDS-PostgreSQL instance enabled by the user runs in an independent VPC. By configuring the VPC, you can control the IP address segment of the connection database and tailor your network access policy. At the network level, you can easily realize the network isolation of RDS-PostgreSQL instances with the combination of VPC and security groups, thereby ensuring the high security of RDS-PostgreSQL instances.
1.1.2. Data Isolation
All the data stored in RDS-PostgreSQL instances are assigned and managed by users. The data between different users is independent of each other with isolated resources, without disturbing and affecting each other. In addition, multi-AZ deployment improves user data security.
1.1.3. Access Control
When you create an RDS-PostgreSQL instance, the system will assign an exclusive database master account by default, which allows you to operate the database you created. In addition, the account password can only be saved by you, thus ensuring that your data can only be accessed by you. In addition, you can also create accounts with other permissions according to your own business needs to realize separation of permissions. You can also control the network access range of RDS-PostgreSQL instances by setting their inbound/outbound access policies through security groups.
1.1.4. Data Backup
The RDS-PostgreSQL instance supports both automatic backups and manual backups. Automatic backups are the default backup policy when an RDS-PostgreSQL instance is enabled. This feature is enabled by default, and the instance-exclusive backup machine realizes data backup and storage. You can set the number of historical backups based on the amount of data and the storage space of the backup machine. Manual backups are the backup set that users manually create according to their own needs. In addition to full backups, the eSurfing Cloud RDS-PostgreSQL database also supports real-time incremental backups. In the event of database fault or data corruption, you can quickly restore your database to the specified time point directly through full backups and incremental backups, thus maximizing your data integrity.
1.1.5. Data Synchronization
The RDS-PostgreSQL instance supports the deployment of high-availability instances. The data synchronization is achieved between the master and slave nodes of the instance through streaming replication. When the master node of the instance fails and cannot be recovered in a short period of time, the slave node will quickly upgrade to the master node. This ensures the continuity of your business and achieves the high availability of the instance.
1.1.6. Data Deletion
After you unsubscribe from an instance, all resources and data of the instance ordered by you will be completely deleted. No one can view or restore them.