Percona launches free open source encryption for PostgreSQL data
This development allows organisations to encrypt data at rest, ensuring compliance with strict regulatory standards such as PCI DSS v4.0, while eliminating licensing fees and avoiding vendor lock-in. The new capability is designed to enable businesses to secure sensitive data on their PostgreSQL platforms without incurring additional costs or facing usage restrictions.
The TDE extension, known as pg_tde, is being made generally available as part of the Percona Distribution for PostgreSQL. It aims to remove a significant obstacle that previously prevented many organisations from implementing enterprise-level data encryption in open source database environments. Until now, robust encryption options for PostgreSQL often came with proprietary licensing agreements or were not considered suitable for production use within regulated industries.
Organisations in sectors ranging from finance to healthcare and eCommerce are increasingly required to comply with regulations such as GDPR, HIPAA, SOX, and PCI DSS v4.0. These standards often mandate strong encryption protocols to safeguard cardholder data and other sensitive information, with storage encryption alone now frequently deemed insufficient. "Data security and compliance are top priorities for organizations in every industry, but too often, robust encryption has been locked behind paywalls or proprietary add-ons," said Liz Warner, CTO of Percona. "With the launch of TDE for PostgreSQL, Percona is leveling the playing field—giving every business access to enterprise-grade data-at-rest protection without licensing fees or restrictions. This is a major step forward for open source, and a win for every organization that values transparency, flexibility, and security."
The TDE solution provides several features intended to address business needs for secure database management. It encrypts all database files on disk, limiting the risk of data exposure should storage be compromised. Organisations can employ granular encryption policies, with the ability to encrypt at the table level and use individual keys for each database, supporting multi-tenant environments and enabling tailored encryption strategies.
One of the solution's notable attributes is seamless integration, allowing businesses to introduce encryption into their back-end systems without making changes to application code or disrupting existing operations. Key management is streamlined via integration with major Key Management Services (KMS) including Hashicorp, Thales, Fortanix, and OpenBao, assisting businesses in enforcing security policies and managing encryption keys.
Encrypted databases can also benefit from online key rotation and continued encryption management with minimal operational overhead. According to Percona, the encryption has a minimal performance impact, meaning organisations can enhance security without compromising user experience or system speed.
Percona is offering 24/7 support and related services for businesses deploying pg_tde, include assistance with initial setup, configuration, and ongoing management. The extension is immediately available as part of the Percona Distribution for PostgreSQL and is supported under Percona's broader service offerings.
The launch comes at a time when many organisations are seeking ways to comply with increasingly stringent data privacy and security standards while also maintaining the freedom and flexibility offered by open source technologies. The removal of licensing fees and usage restrictions is expected to make it accessible to organisations of varying sizes, including those without large IT budgets.
Follow us on:
Share on:
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
7 days ago
- Techday NZ
Rubrik boosts AWS database security with DynamoDB, RDS tools
Rubrik has announced new support for Amazon DynamoDB and released a cyber resilience solution for relational databases, initially focusing on Amazon RDS for PostgreSQL. The expansion of Rubrik's data protection services on AWS aims to provide additional security layers for customers handling growing data volumes in cloud environments. The announced offerings are designed to address data security gaps, mitigate the risk of cyber threats, and help meet compliance requirements by automating backup, ensuring data immutability, and streamlining recovery operations. Services overview Rubrik's extension to Amazon DynamoDB provides customers with a single policy-driven console that handles backup scheduling and cross-account recovery processes. Automation of these processes, often seen as complex and manual, intends to lower the burden on IT teams and standardise protection across environments. For Amazon RDS users, Rubrik is launching a proprietary cyber resilience solution, with support for PostgreSQL. The company states that this approach eliminates the need for extra infrastructure to maintain immutable, undeletable backups, allowing databases to be continuously protected regardless of architecture complexity. As organisations entrust their most critical data and applications with cloud database services, it's crucial to have secure and cost-effective protection in place. Extending our cloud database protection to Amazon DynamoDB and deepening our capabilities for Amazon RDS for PostgreSQL is a testament to our ongoing innovation and strategic partnership with AWS. Together, we can help our customers become truly cyber resilient. The new solutions are intended to simplify management of AWS cloud database environments through centralised dashboards, offering unified views and control, particularly for customers who opt out of AWS's native data protection services. Amazon DynamoDB protection Rubrik's support for Amazon DynamoDB incorporates centralised visibility, which enables discovery and monitoring of DynamoDB instances across multiple AWS accounts and regions. This is particularly significant for organisations managing large, distributed deployments in the cloud. Rubrik's platform allows for incremental-forever backups, which are designed to minimise storage consumption and associated costs. Customers can select from a range of Amazon S3 storage classes including S3 Standard, S3 Standard-Infrequent Access, S3 One Zone-Infrequent Access, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. This flexibility aims to increase cost efficiency for long-term data retention and compliance. Cyber resilience for Amazon RDS The proprietary cyber resilience solution for Amazon RDS offers immutable protection, ensuring backups cannot be altered or deleted. The platform does not require additional vault configurations or the combination of multiple services to achieve immutability, reducing operational complexity. Operations management for Amazon RDS on PostgreSQL is consolidated into one interface, allowing organisations to maintain visibility and control of backup information across different regions and AWS accounts. This centralised approach targets organisations seeking alternatives to AWS's native tools, aiming to streamline compliance and recovery processes. Customer benefits Rubrik claims the new features will help customers reduce operational risk while simplifying management and minimising cloud costs. The unified platform approach is also designed to bring consistency across diverse and highly distributed AWS environments, addressing both security and operational requirements. The expanded support responds to increased adoption of cloud-based database services, and recognises the challenges organisations face in securing such resources at scale. All of Rubrik's newly announced or upcoming capabilities have been designed with the intent to help organisations address growing data security challenges presented by increased cloud adoption and the prevalence of cyber threats. They are delivered with a focus on automation and central management to aid enterprises in achieving cyber resilience without adding architectural complexity.
Techday NZ
04-07-2025
- Techday NZ
Percona launches free open source encryption for PostgreSQL data
Percona has introduced Transparent Data Encryption (TDE) for PostgreSQL as a fully open source and production-ready solution. This development allows organisations to encrypt data at rest, ensuring compliance with strict regulatory standards such as PCI DSS v4.0, while eliminating licensing fees and avoiding vendor lock-in. The new capability is designed to enable businesses to secure sensitive data on their PostgreSQL platforms without incurring additional costs or facing usage restrictions. The TDE extension, known as pg_tde, is being made generally available as part of the Percona Distribution for PostgreSQL. It aims to remove a significant obstacle that previously prevented many organisations from implementing enterprise-level data encryption in open source database environments. Until now, robust encryption options for PostgreSQL often came with proprietary licensing agreements or were not considered suitable for production use within regulated industries. Organisations in sectors ranging from finance to healthcare and eCommerce are increasingly required to comply with regulations such as GDPR, HIPAA, SOX, and PCI DSS v4.0. These standards often mandate strong encryption protocols to safeguard cardholder data and other sensitive information, with storage encryption alone now frequently deemed insufficient. "Data security and compliance are top priorities for organizations in every industry, but too often, robust encryption has been locked behind paywalls or proprietary add-ons," said Liz Warner, CTO of Percona. "With the launch of TDE for PostgreSQL, Percona is leveling the playing field—giving every business access to enterprise-grade data-at-rest protection without licensing fees or restrictions. This is a major step forward for open source, and a win for every organization that values transparency, flexibility, and security." The TDE solution provides several features intended to address business needs for secure database management. It encrypts all database files on disk, limiting the risk of data exposure should storage be compromised. Organisations can employ granular encryption policies, with the ability to encrypt at the table level and use individual keys for each database, supporting multi-tenant environments and enabling tailored encryption strategies. One of the solution's notable attributes is seamless integration, allowing businesses to introduce encryption into their back-end systems without making changes to application code or disrupting existing operations. Key management is streamlined via integration with major Key Management Services (KMS) including Hashicorp, Thales, Fortanix, and OpenBao, assisting businesses in enforcing security policies and managing encryption keys. Encrypted databases can also benefit from online key rotation and continued encryption management with minimal operational overhead. According to Percona, the encryption has a minimal performance impact, meaning organisations can enhance security without compromising user experience or system speed. Percona is offering 24/7 support and related services for businesses deploying pg_tde, include assistance with initial setup, configuration, and ongoing management. The extension is immediately available as part of the Percona Distribution for PostgreSQL and is supported under Percona's broader service offerings. The launch comes at a time when many organisations are seeking ways to comply with increasingly stringent data privacy and security standards while also maintaining the freedom and flexibility offered by open source technologies. The removal of licensing fees and usage restrictions is expected to make it accessible to organisations of varying sizes, including those without large IT budgets. Follow us on: Share on:
Techday NZ
01-07-2025
- Techday NZ
AI & cloud security top enterprise concerns amid tool sprawl
Thales' newly released 2025 Global Cloud Security Study highlights rising challenges for organisations as cloud complexity and AI adoption re-shape enterprise security priorities. The study, carried out by S&P Global Market Intelligence 451 Research and based on a survey of nearly 3,200 security professionals in 20 countries, reports that over half (52%) of security leaders are now prioritising AI security spending over traditional allocations. At the same time, more than half of all cloud data is now classified as sensitive, yet only a limited proportion benefits from full encryption. Shifting security priorities Findings from the study underscore a notable shift in how security budgets are distributed. While cloud security remains the foremost priority, AI-specific security ranks as the second most important area of investment for businesses, marking a change in enterprise risk management as organisations respond to the accelerated adoption of AI technologies and the rapid proliferation of sensitive data stored in cloud environments. Almost two-thirds (64%) of respondents consider cloud security one of their five most pressing security concerns, while 17% rate it as their top issue. "The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale. With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure," Sebastien Cano, Senior Vice President, Cyber Security Products at Thales, said. This reallocation of priorities reflects the increasing pressure placed on security teams as they respond to the volatility and changing threat landscape of cloud and AI environments. Managing complex cloud environments Security operations are becoming more complicated as organisations use an average of 85 Software-as-a-Service (SaaS) applications and operate across an average of 2.1 public cloud providers, often alongside on-premises systems. The study reveals that 55% of security professionals believe cloud environments are now more complex to secure than their on-premises counterparts—a four percent increase compared to the previous year. These trends have contributed to what the report refers to as 'security tool sprawl', with 61% of organisations utilising five or more data discovery, monitoring, or classification tools. Similarly, 57% of surveyed organisations rely on five or more tools for encryption key management. This proliferation of tools, providers and platforms drives challenges in maintaining consistent policies, managing access, and ensuring data visibility across hybrid and multi-cloud estates. These difficulties are further exacerbated during periods of organisational growth or mergers and acquisitions, which often see expanded SaaS usage and heightened security demands. Cloud-based assets a primary target The report points to an evolving threat landscape in which attackers increasingly focus on cloud-based resources. Four of the top five most targeted assets in reported cyberattacks were cloud-based, underlining the risks associated with storing and processing sensitive data in public and hybrid cloud environments. Incidents involving unauthorised access remain prevalent; 68% of respondents reported a rise in access-based attacks, stemming largely from stolen credentials and lack of adequate access controls. Despite most organisations (85%) classifying at least 40% of their cloud data as sensitive, only 66% have introduced multifactor authentication, leaving critical datasets exposed to potential breaches. Misconfigurations and lapses in credential management are also cited as primary contributors to cloud security incidents, suggesting an ongoing role for human error in organisational risk profiles. "A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data. Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience," Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. The findings collectively emphasise the ongoing difficulties enterprises face as they strive to protect and manage increasingly distributed, sensitive, and AI-powered cloud environments, where tools and best practices have yet to fully match the pace of technological adoption and sophistication of threats.
