The popularity of PostgreSQL makes it the prime candidate to be the database for a multitenant SaaS. But with multitenancy there are two fundamental issues: How do you make sure that the tenant has control over their data in a third party SaaS environment? How do you make sure that the tenant’s data is isolated from each other so that a tenant’s data doesn’t get exposed to other tenants? Letting a tenant see another tenant’s data would be considered a data breach.
Logical databases is a capability supported by Postgres for multitenancy. But there are infrastructure and database inefficiencies with this model, so some SaaS providers use a single database with comingled tenant data.
In both the models (logical databases or a comingled database), there is a need to cryptographically isolate each tenant’s data from other tenants. In addition to data isolation, encrypting a tenant’s data with their own keys lets tenants take control of their data, even though it resides in a third party SaaS environment.
Databaselevel encryption (for logical databases) or Rowlevel encryption (for comingled databases) combined with BYOK/HYOK (sometimes called Multitenant BYOK/HYOK) keep each tenant’s data separate and give each tenant full control over their data. Tenants can also enable/disable their keys so that they have full control on data access.
In this webinar on using PostgreSQL in a multitenant SaaS, you will learn how to:
Compartmentalize each tenant’s data at the row or logical database level
Implement Multitenant BYOK easily, without any application changes
Centrally manage and define policies for keys