EDB Marks its Commitment Toward Security with Transparent Data Encryption for Postgres

EnterpriseDB (EDB), accelerator of Postgres in the enterprise, is announcing the global availability of Transparent Data Encryption (TDE), enhancing Postgres’ security and performance abilities where organizations struggle to meet compliance requirements.

As the importance of information security continues to grow, EDB is addressing this area of risk with TDE’s myriad functions—including block level encryption, data encryption, and decryption management, as well as external key management—while continuing to bring Postgres to the enterprise.

“Maintaining the security and integrity of data can be a complicated task for large enterprises,” said Jozef de Vries, chief product engineering officer, EDB. “EDB’s latest innovations further demonstrate a commitment to product design with a security-first approach. By adding transparent data encryption, we’re making it even more attractive for organizations to move to Postgres as their enterprise database standard.”

TDE is now integrated with EDB Standard and Enterprise plans, marking the industry’s first TDE designed for Postgres and Oracle compatibility, according to the vendor.

With block level encryption, TDE prevents unauthorized data access to Postgres data, write-ahead logging (WAL), and temporary files. This data is encrypted on disk, making it unreadable by system users. The database manages both data encryption and decryption, alleviating pains of manual application changes or updating client drivers.

“When we think about all of the various actors that are interacting with the database system as a whole, including the application itself, the database server, and the underlying infrastructure, there's really a high level of importance to ensure that only those who can access that data have the rights to do so,” said de Vries. “And if there are no encryption methodologies employed in the database system as a whole, then our customers and users are fairly limited in how to control that access.”

“Certainly, there are roles and permissions that can kind of govern who can log into the database, but when you're dealing with a multi-layered system, it gets very tricky to employ an access governance policy solely around roles and permissions,” continued de Vries. “TDE ensures that should there be a misconfiguration around roles and permissions and an unauthorized group within a company's environment, the data encryption policies themselves are that second layer of defense.”

TDE’s key management is external to Postgres, additionally offering initial support for Amazon AWS Key Management Service, Google Cloud Key Management Service, Microsoft Azure Key Vault, and Thales CipherTrust Manager.

“One aspect of any sort of encryption methodologies or encryption feature function is how the encryption keys themselves are managed,” explained de Vries. “So, by extending this core capability and integrating with these industry standard key management systems, it also allows our customers to build in key management policies around who can access the encryption keys, who cannot, and how to rotate.”

This announcement also comes with new improvements to the EDB Enterprise Plan, such as enhancements to Oracle compatibility for increased application code reusability.

In conjunction with the TDE launch for Postgres, EDB will continue to deliver best-in-class Oracle compatibility and migration solutions, according to the vendor.

“EDB’s investment in TDE is recognizing that security is going to continue to be of the utmost importance to our targeted customer base in the enterprise space, and that we're committed to continue building out this story,” concluded de Vries.

For more information about TDE, please visit