EnterpriseDB adds Transparent Data Encryption to PostgreSQL

The new Transparent Data Encryption (TDE) feature will be shipped along with the company’s enterprise version of its database.

Relational database provider EnterpriseDB on Tuesday said that it was adding Transparent Data Encryption (TDE) to its databases, which are based on open-source PostgreSQL.  

TDE, which is used by Oracle and Microsoft, is a method of encrypting database files in order to ensure security of data while at rest and in motion. It helps ensure that  data on the hard drive as well as files on backup are encrypted, the company said in a blog post, adding that most enterprises use TDE for compliance issues.

Up until now, Postgres didn’t have built-in TDE, and enterprises would have to rely on either full-disk encryption or stackable cryptographic file system encryption, the company said.

What are the benefits of EnterpriseDB’s TDE?

Benefits of EnterpriseDB’s TDE include block-level encryption, database-managed data encryption, and external key management.

In order to prevent unauthorized access, the TDE capability ensures that Postgres data, write-ahead logging (WAL), and temporary files are encrypted on the disk and are not readable by the system, the company said.

Write-ahead logging is a process inside a database management system that first logs the changes made to the data inside a database before actually making these changes.

TDE allows external key management via third-party cloud servers, the company said, adding that EnterpriseDB currently supports Amazon AWS Key Management Service, Microsoft Azure Key Vault, and Thales CipherTrust Manager.

External key management, according to experts, can be better at restricting unauthorized access of data as these keys are never stored inside the third-party cloud server.

The TDE capability will be available via EnterpriseDB enterprise database plans, the company said.

TDE to propel PostgreSQL?

The new TDE feature, according to analysts, not only gives EnterpriseDB a boost in the entperise, but could also propel usage of PostgreSQL.

“This is one of those checkbox features that any database aspiring to be an enterprise solution must have,” said Tony Baer, principal analyst at dbInsight.

The new feature could also make EDB (the database offering of EnterpriseDB) a challenger to Oracle’s databases, Baer added.

In addition, EnterpriseDB’s TDE could emerge as a winner for PostgreSQL, as enterprises often get entangled in the complexity of managing encryption programs and keys, said Carl Olofson, research vice president at market research firm IDC.

“Research reports from IDC showed that security is one of the top priorities for databases implementors, both on-prem and in the cloud,” Olofson added.