All software comes with security holes. By using open source to the extent possible, organizations stand the best chance of keeping malicious hackers at bay.
That’s according to Jeremy Wilson, chief technology officer for the North America public sector at EDB.
“There always will be, to some degree, security concerns. The great thing about open source is, you’ve got a worldwide community, a worldwide audience, that’s inspecting the source code,” Wilson during Federal News Network’s Industry Exchange Data 2025.
And that inspection and improvement cycle is nonstop, he pointed out. “It goes on around the clock. You’ve got, typically, fewer issues, fewer bugs. And in the ones that are found can be remediated super-fast because of that worldwide audience.”
Why a PostgreSQL approach adds value
EDB, formerly EnterpriseDB, enters the open source scene with a PostgreSQL database product. PostgreSQL databases are by definition open source and optimized for online transaction systems, data warehousing and analytics.
“We’ve taken that core community open source database, and we’ve built an enterprise model around that to include security enhancements, performance enhancements and scalability,” Wilson said. EDB’s offering works either in a commercial cloud or in an agency’s own data center, with a focus on security, he said.
“One of the things that we really spend a lot of time focusing on at EDB is ensuring that security is rooted at the core of our DevSecOps process,” Wilson said. The company does this by timing releases of its iterations to closely to those within the open source community.
“We really take into consideration ensuring that we adhere to the regulatory requirements for public sector and the federal government too,” he said.
That effort includes making sure Federal Information Processing Standard (FIPS) and Defense Information Systems Agency Security Technical Implementation Guides (STIG) libraries stay up to date in its software. Wilson said EDB is now working to obtain FedRAMP High certification.
Added security in EDB Postgres
Contemporary thinking in cybersecurity holds that ultimately agencies must protect data. Wilson said EDB works closely with Red Hat to coordinate security controls such as encryption in Enterprise Linux, giving greater security at the operating system level. He said EDB goes further.
“We went that additional step and incorporated things like transparent data encryption into the Postgres offering, as well as column level encryption, data redaction — the list goes on,” Wilson said. “We’ve really kind of gone above and beyond the operating system level.”
With the application programming interfaces (APIs) included with it, EDB’s Postgres offering supports agencies’ zero trust cybersecurity efforts, he said.
“You could call it a foundational model, a foundational platform that’s secure and auditable,” Wilson said, adding, “APIs that we have built into our product can be tied into many other zero trust components.”
He named identity and access management, data management, application and network security tools as examples. The idea is to give users comprehensive observability into the state of their data, whether in a warehouse or an operational database, he said.
Wilson acknowledged that agencies, perhaps used to reliance on proprietary products, sometimes struggle in implementing secure open source solutions.
“In a lot of legacy processes, a lot of legacy systems, there’s a lack of expertise. There’s regulatory compliance challenges and resource constraints. I would say those have been, historically, the main challenges I’ve observed.”
Goal? Make Postgres implementation turnkey
Wilson said that as the largest Postgres supplier, EDB aims to offer a turnkey enterprise database to which agencies can migrate current and new applications, hosted either on premise or in a commercial cloud.
“We’ve built an enterprise model, an enterprise wrapper, if you will, to include things such as improved scalability, security and performance,” Wilson said. “One of the things that we’ve done specifically around security is implement things like role-based access control and transparent data encryption.”
He added, “We adhere to FIPS 140-3 as well as the DISA STIGs. We’ve hardened the environment, so we have a functional STIG for our database.”
Discover more articles and videos now on our Federal News Network’s Industry Exchange Data 2025.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
