EDB and Thales Collaborate to Help Transparent Data Encryption Customers Protect and Manage their Cryptographic Keys

We are excited to announce our latest collaboration with Thales to help Transparent Data Encryption (TDE) customers protect and manage their cryptographic keys by offering support for CipherTrust Manager.

Cryptographic keys are an essential component in data protection strategy. They do everything from data encryption and decryption to user authentication. In this sense, they are truly the “keys to the IT kingdom.” However, if compromised and in the wrong hands, these same keys could also wreak overall havoc and result in devastating consequences for a company in terms of data breaches, reputation, fines, and assorted legal repercussions. For these reasons, where cryptographic keys are stored and managed needs careful consideration. 

To fully understand key management, we need to first understand Transparent Data Encryption (TDE). This database capability is offered by many vendors (EDB, Oracle, MDFT, and IBM) to prevent unauthorized viewing of data in operating system files on the database server and on backup storage by rendering the data unintelligible in case stolen or misplaced. This restricts or limits data access only to authorized users with a special decryption key. 

Traditionally, cryptographic TDE keys were stored alongside the data they encrypted on the same server. However, this is not always the most secure way to store or manage them.  To solve this problem, various industry protection mandates (PCI, NIST, HIPPA, GDPR, Schrems II, and CCPA) are increasingly requiring encryption keys to be isolated from the assets they protect and securely stored separately. 

This is why EDB Postgres TDE offers customers external key management via third parties, such as Thales CipherTrust Manager. As an EDB GlobalConnect Certified Technology Partner, Thales was able to integrate their solution via KMIP with both EDB Postgres Advanced Server and EDB Postgres Extended Server databases. 

Thales CipherTrust Manager is the central management point for the CipherTrust Data Security Platform. CipherTrust Manager is a high-availability appliance that centralizes encryption key management. It enables direct key life-cycle tasks including generation, rotation, destruction, import, and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer-friendly REST API.

As Alex Hanway, Director, Alliances, Thales explains: "Expanding our partnership with this latest integration now enables Enterprise DB Transparent Data Encryption customers to centrally manage and protect their cryptographic keys using Thales CipherTrust Manager. With this joint solution, we help organizations better protect valuable data from unauthorized users and more easily meet security and compliance requirements."

Learn more: 

Those wishing to learn more about this integration can visit the Thales landing page on our Partner website. Postgres proudly offers various encryption offerings including TDE, including both a native TDE offering as well as leveraging another integration with Thales. Learn more about Postgres’ powerful encryption capabilities in our 2023 white paper, “Security Best Practices for PostgreSQL.”