Percona launches free open source encryption for PostgreSQL data
This development allows organisations to encrypt data at rest, ensuring compliance with strict regulatory standards such as PCI DSS v4.0, while eliminating licensing fees and avoiding vendor lock-in. The new capability is designed to enable businesses to secure sensitive data on their PostgreSQL platforms without incurring additional costs or facing usage restrictions.
The TDE extension, known as pg_tde, is being made generally available as part of the Percona Distribution for PostgreSQL. It aims to remove a significant obstacle that previously prevented many organisations from implementing enterprise-level data encryption in open source database environments. Until now, robust encryption options for PostgreSQL often came with proprietary licensing agreements or were not considered suitable for production use within regulated industries.
Organisations in sectors ranging from finance to healthcare and eCommerce are increasingly required to comply with regulations such as GDPR, HIPAA, SOX, and PCI DSS v4.0. These standards often mandate strong encryption protocols to safeguard cardholder data and other sensitive information, with storage encryption alone now frequently deemed insufficient. "Data security and compliance are top priorities for organizations in every industry, but too often, robust encryption has been locked behind paywalls or proprietary add-ons," said Liz Warner, CTO of Percona. "With the launch of TDE for PostgreSQL, Percona is leveling the playing field—giving every business access to enterprise-grade data-at-rest protection without licensing fees or restrictions. This is a major step forward for open source, and a win for every organization that values transparency, flexibility, and security."
The TDE solution provides several features intended to address business needs for secure database management. It encrypts all database files on disk, limiting the risk of data exposure should storage be compromised. Organisations can employ granular encryption policies, with the ability to encrypt at the table level and use individual keys for each database, supporting multi-tenant environments and enabling tailored encryption strategies.
One of the solution's notable attributes is seamless integration, allowing businesses to introduce encryption into their back-end systems without making changes to application code or disrupting existing operations. Key management is streamlined via integration with major Key Management Services (KMS) including Hashicorp, Thales, Fortanix, and OpenBao, assisting businesses in enforcing security policies and managing encryption keys.
Encrypted databases can also benefit from online key rotation and continued encryption management with minimal operational overhead. According to Percona, the encryption has a minimal performance impact, meaning organisations can enhance security without compromising user experience or system speed.
Percona is offering 24/7 support and related services for businesses deploying pg_tde, include assistance with initial setup, configuration, and ongoing management. The extension is immediately available as part of the Percona Distribution for PostgreSQL and is supported under Percona's broader service offerings.
The launch comes at a time when many organisations are seeking ways to comply with increasingly stringent data privacy and security standards while also maintaining the freedom and flexibility offered by open source technologies. The removal of licensing fees and usage restrictions is expected to make it accessible to organisations of varying sizes, including those without large IT budgets.
Follow us on:
Share on:
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
a day ago
- Techday NZ
Percona launches free open source encryption for PostgreSQL data
Percona has introduced Transparent Data Encryption (TDE) for PostgreSQL as a fully open source and production-ready solution. This development allows organisations to encrypt data at rest, ensuring compliance with strict regulatory standards such as PCI DSS v4.0, while eliminating licensing fees and avoiding vendor lock-in. The new capability is designed to enable businesses to secure sensitive data on their PostgreSQL platforms without incurring additional costs or facing usage restrictions. The TDE extension, known as pg_tde, is being made generally available as part of the Percona Distribution for PostgreSQL. It aims to remove a significant obstacle that previously prevented many organisations from implementing enterprise-level data encryption in open source database environments. Until now, robust encryption options for PostgreSQL often came with proprietary licensing agreements or were not considered suitable for production use within regulated industries. Organisations in sectors ranging from finance to healthcare and eCommerce are increasingly required to comply with regulations such as GDPR, HIPAA, SOX, and PCI DSS v4.0. These standards often mandate strong encryption protocols to safeguard cardholder data and other sensitive information, with storage encryption alone now frequently deemed insufficient. "Data security and compliance are top priorities for organizations in every industry, but too often, robust encryption has been locked behind paywalls or proprietary add-ons," said Liz Warner, CTO of Percona. "With the launch of TDE for PostgreSQL, Percona is leveling the playing field—giving every business access to enterprise-grade data-at-rest protection without licensing fees or restrictions. This is a major step forward for open source, and a win for every organization that values transparency, flexibility, and security." The TDE solution provides several features intended to address business needs for secure database management. It encrypts all database files on disk, limiting the risk of data exposure should storage be compromised. Organisations can employ granular encryption policies, with the ability to encrypt at the table level and use individual keys for each database, supporting multi-tenant environments and enabling tailored encryption strategies. One of the solution's notable attributes is seamless integration, allowing businesses to introduce encryption into their back-end systems without making changes to application code or disrupting existing operations. Key management is streamlined via integration with major Key Management Services (KMS) including Hashicorp, Thales, Fortanix, and OpenBao, assisting businesses in enforcing security policies and managing encryption keys. Encrypted databases can also benefit from online key rotation and continued encryption management with minimal operational overhead. According to Percona, the encryption has a minimal performance impact, meaning organisations can enhance security without compromising user experience or system speed. Percona is offering 24/7 support and related services for businesses deploying pg_tde, include assistance with initial setup, configuration, and ongoing management. The extension is immediately available as part of the Percona Distribution for PostgreSQL and is supported under Percona's broader service offerings. The launch comes at a time when many organisations are seeking ways to comply with increasingly stringent data privacy and security standards while also maintaining the freedom and flexibility offered by open source technologies. The removal of licensing fees and usage restrictions is expected to make it accessible to organisations of varying sizes, including those without large IT budgets. Follow us on: Share on:
Techday NZ
4 days ago
- Techday NZ
AI & cloud security top enterprise concerns amid tool sprawl
Thales' newly released 2025 Global Cloud Security Study highlights rising challenges for organisations as cloud complexity and AI adoption re-shape enterprise security priorities. The study, carried out by S&P Global Market Intelligence 451 Research and based on a survey of nearly 3,200 security professionals in 20 countries, reports that over half (52%) of security leaders are now prioritising AI security spending over traditional allocations. At the same time, more than half of all cloud data is now classified as sensitive, yet only a limited proportion benefits from full encryption. Shifting security priorities Findings from the study underscore a notable shift in how security budgets are distributed. While cloud security remains the foremost priority, AI-specific security ranks as the second most important area of investment for businesses, marking a change in enterprise risk management as organisations respond to the accelerated adoption of AI technologies and the rapid proliferation of sensitive data stored in cloud environments. Almost two-thirds (64%) of respondents consider cloud security one of their five most pressing security concerns, while 17% rate it as their top issue. "The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale. With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure," Sebastien Cano, Senior Vice President, Cyber Security Products at Thales, said. This reallocation of priorities reflects the increasing pressure placed on security teams as they respond to the volatility and changing threat landscape of cloud and AI environments. Managing complex cloud environments Security operations are becoming more complicated as organisations use an average of 85 Software-as-a-Service (SaaS) applications and operate across an average of 2.1 public cloud providers, often alongside on-premises systems. The study reveals that 55% of security professionals believe cloud environments are now more complex to secure than their on-premises counterparts—a four percent increase compared to the previous year. These trends have contributed to what the report refers to as 'security tool sprawl', with 61% of organisations utilising five or more data discovery, monitoring, or classification tools. Similarly, 57% of surveyed organisations rely on five or more tools for encryption key management. This proliferation of tools, providers and platforms drives challenges in maintaining consistent policies, managing access, and ensuring data visibility across hybrid and multi-cloud estates. These difficulties are further exacerbated during periods of organisational growth or mergers and acquisitions, which often see expanded SaaS usage and heightened security demands. Cloud-based assets a primary target The report points to an evolving threat landscape in which attackers increasingly focus on cloud-based resources. Four of the top five most targeted assets in reported cyberattacks were cloud-based, underlining the risks associated with storing and processing sensitive data in public and hybrid cloud environments. Incidents involving unauthorised access remain prevalent; 68% of respondents reported a rise in access-based attacks, stemming largely from stolen credentials and lack of adequate access controls. Despite most organisations (85%) classifying at least 40% of their cloud data as sensitive, only 66% have introduced multifactor authentication, leaving critical datasets exposed to potential breaches. Misconfigurations and lapses in credential management are also cited as primary contributors to cloud security incidents, suggesting an ongoing role for human error in organisational risk profiles. "A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data. Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience," Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. The findings collectively emphasise the ongoing difficulties enterprises face as they strive to protect and manage increasingly distributed, sensitive, and AI-powered cloud environments, where tools and best practices have yet to fully match the pace of technological adoption and sophistication of threats.
Techday NZ
12-06-2025
- Techday NZ
Thales launches real-time file activity monitoring with AI help
Thales has introduced a new File Activity Monitoring capability within its CipherTrust Data Security Platform that offers real-time oversight and control of unstructured data across on-premises, hybrid, and multicloud environments. File Activity Monitoring (FAM) is designed to help organisations monitor file activity as it happens, identify risks including unauthorised downloads and sharing, and streamline compliance processes related to standards such as GDPR, HIPAA, and PCI DSS. The capability incorporates a built-in Generative AI assistant to aid audit processes, reduce complexity, and improve response times within a single platform engineered to secure both structured and unstructured data. Unstructured data challenge According to IDC, unstructured data currently accounts for 90% of all worldwide data, making its management and protection a significant concern for businesses. FAM enables security teams to monitor the movement and activity of unstructured data, including files such as emails, chat logs, media files, and application logs, which can all house sensitive information. The platform delivers real-time alerts, analytics, and encryption tracking to support faster threat detection and protection for sensitive data. Thales stated that the new capability addresses a major blind spot in data security by delivering continuous data discovery, classification, and monitoring. This approach provides the necessary foundation for effective Data Security Posture Management, and also aids compliance and the identification of unauthorised activities that might lead to data exposure. The platform's centralised management is intended to streamline audit reporting and improve threat response, reducing operational complexity across the data lifecycle. Industry perspectives Leila Kuntar, Principal Information Security Engineer at Amadeus, commented on the launch: "Thales' innovative approach to File Activity Monitoring tackles key challenges like blind spots in hybrid environments, offering real-time visibility and smart anomaly detection — a potential game-changer for teams overwhelmed by false positives. By striking the right balance of depth and simplicity, FAM shows promise in helping us strengthen the SOC without added complexity. With tighter SIEM integration, it can sharpen response and let teams focus on what matters most. We're excited to see how FAM evolves and enhances our data security." Kuntar's remarks reflect the challenges security teams face in managing complex hybrid data environments, and the need for visibility without an increase in operational burden or false positives. Todd Moore, Vice President of Data Security Products at Thales, said: "As unstructured data grows rapidly across distributed environments, organizations need more integrated ways to track and safeguard their most sensitive information. With File Activity Monitoring, Thales reinforces its leadership in enterprise data security by delivering real-time insight, intelligent automation, and unified visibility through a single, powerful platform." Capability detail File Activity Monitoring strengthens Data Security Posture Management (DSPM) by allowing security teams to discover, classify, observe, and control sensitive data across all infrastructure types. It can pinpoint the location of sensitive data, identify who has access, and determine if it is secured in real time, supporting the detection of suspicious behaviours such as unauthorised copying or sharing. The tool can transform static data classification into dynamic risk intelligence by incorporating behavioural context, and supports remediation techniques including rapid incident reconstruction via audit logs and the application of strong encryption where needed. AI-powered assistance To assist with compliance and security workflows, FAM includes a Generative AI-powered Data Security Assistant. This chatbot provides capabilities to query audit information, generate custom reports, and facilitate compliance processes, lessening the administrative load on IT and security professionals while supporting regulatory obligations. Moore also addressed the need for adaptable security controls, stating: "As technology evolves rapidly, our controls must be flexible enough to keep pace without adding complexity. Automation and intelligence help overwhelmed security teams scale operations and focus on what matters most. With tools like our chatbot, they can ask natural language questions and get instant, actionable answers, accelerating response times and improving operational efficiency." Thales has previously focused on structured database activity protection and is now extending this experience to include unstructured data. The platform aims to offer similar oversight and operational experience for both data types, addressing growing organisational requirements for data control and security as data volumes increase and diversify.
