Percona has unveiled its latest advancement in data security with the introduction of Transparent Data Encryption (TDE) for PostgreSQL, now available as a fully open-source and production-ready solution. This innovative development empowers organizations to encrypt data at rest, ensuring compliance with stringent regulatory frameworks such as PCI DSS v4.0, all while eliminating licensing fees and avoiding vendor lock-in.
Enhancing Data Security
The TDE extension, referred to as pg_tde, is now generally available as part of the Percona Distribution for PostgreSQL. This capability addresses a significant barrier that has historically hindered many organizations from adopting enterprise-level data encryption within open-source database environments. Previously, robust encryption options for PostgreSQL often came with proprietary licensing agreements or were deemed unsuitable for production use in regulated industries.
In various sectors, including finance, healthcare, and eCommerce, organizations are increasingly mandated to adhere to regulations such as GDPR, HIPAA, SOX, and PCI DSS v4.0. These standards typically require strong encryption protocols to protect sensitive information, with mere storage encryption frequently considered inadequate.
“Data security and compliance are top priorities for organizations in every industry, but too often, robust encryption has been locked behind paywalls or proprietary add-ons,” said Liz Warner, CTO of Percona. “With the launch of TDE for PostgreSQL, Percona is leveling the playing field—giving every business access to enterprise-grade data-at-rest protection without licensing fees or restrictions. This is a major step forward for open source, and a win for every organization that values transparency, flexibility, and security.”
Key Features of pg_tde
The TDE solution boasts several features tailored to meet the needs of secure database management:
- Encryption of all database files on disk, significantly reducing the risk of data exposure in the event of storage compromise.
- Granular encryption policies, allowing for table-level encryption and the use of individual keys for each database, which supports multi-tenant environments and custom encryption strategies.
- Seamless integration into existing back-end systems, enabling the introduction of encryption without necessitating changes to application code or disrupting ongoing operations.
- Streamlined key management through integration with major Key Management Services (KMS) such as Hashicorp, Thales, Fortanix, and OpenBao, facilitating the enforcement of security policies and management of encryption keys.
Additionally, encrypted databases can take advantage of online key rotation and ongoing encryption management with minimal operational overhead. Percona asserts that the encryption process incurs minimal performance impact, allowing organizations to bolster security without sacrificing user experience or system performance.
To support businesses deploying pg_tde, Percona offers 24/7 assistance, including help with initial setup, configuration, and ongoing management. The extension is immediately available as part of the Percona Distribution for PostgreSQL and is included in Percona’s comprehensive service offerings.
This launch arrives at a pivotal moment when organizations are actively seeking methods to comply with increasingly rigorous data privacy and security standards, all while enjoying the freedom and flexibility inherent in open-source technologies. The removal of licensing fees and usage restrictions is anticipated to make this solution accessible to organizations of all sizes, including those operating with limited IT budgets.