Home > Software engineering >  Google Cloud SQL Postgres Vs Self Hosted Postgres using GCP Compute instances: HIPAA Compliance
Google Cloud SQL Postgres Vs Self Hosted Postgres using GCP Compute instances: HIPAA Compliance

Time:01-06

This question is about infosec, data privacy, specifically HIPAA compliance on GCP.

Is there any advantages for self managing Postgres server (built on GCP Compute instances using lets say Terraform) my own Vs using the managed offering, i,e. Cloud SQL

Thanks in advance

CodePudding user response:

Google Cloud SQL Postgres is a fully managed option for deploying PostgreSQL to Google Cloud. The fully managed option is convenient, but is mainly suitable for cloud-native applications, or applications rebuilt for the cloud.

It has Built-in encryption for database tables, temporary files, backups, and any data transferred over Google’s internal networksSecure connections via SSL/TLS or the Cloud SQL Proxy.

Update1

As you are referring to HIPAA You can check this guide for HIPAA Compliance on Google Cloud Cloud sql encrypts the data at rest using the 256-bit Advanced Encryption Standard (AES-256), or better, with symmetric keys: that is, the same key is used to encrypt the data when it is stored, and to decrypt it when it is used. You can use your own encryptions as well with CMEK for cloud sql

And also you mentioned Infosec. I have not completely understood the term. I assume that you are referring to securing information from vulnerabilities. You can use Cloud Armor, which is a network security service that provides defenses against DDoS and application attacks like cross-site scripting (XSS) and SQL injection (SQLi).

Self hosted Postgres gives you full control over your PostgreSQL database on GCP, letting you to fine-tune server parameters, modify database configuration, and tune performance, just like in a local deployment.

Update2

As per this thread, it seems like postgresql is not HIPAA compliant.

For Encryption at rest on postgresql use can PostgreSQL TDE and Pgcrypto as discussed in this similar thread

For self hosted postgres You can also use shielded VM using which you can protect enterprise workloads from threats like remote attacks, privilege escalation, and malicious insiders

I am not sure on your application requirement, But based upon my understanding about both cloud sql and self hosted postgres I would recommend considering cloud sql as the best option as it is fully managed by google and also complies with HIPAA and encryption.

For more information about pros and cons of Google Cloud SQL Postgres and Self hosted Postgres, Check this document

  • Related