Thales Vormetric Transparent Encryption with EDB Postgres

John Dalton January 16, 2020


Data privacy has senior management visibility as organizations are required to minimize the risk of sensitive data, such as customer payment information or health records being exposed through fraud or data breaches. Complying with the growing data privacy standards and regulations, including CCPA, PCI DSS, GDPR, and HIPAA, is an ever-changing challenge that requires consistent policies and tools that work across the enterprise. 

Securing data at the file system level, or in PCI terms ‘data-at-rest’, is possible through encryption by the storage hardware, the operating system, the database server or the application. Encryption when performed by the database server as seen in Oracle, SQL Server, and DB2 is known as transparent data encryption (TDE). Postgres today does not have native TDE capability.

Vormetric Transparent Encryption (VTE) from leading enterprise data security provider Thales secures data-at-rest without requiring changes to the database or associated applications. The solution also includes Vormetric Data Security Manager (DSM) which provides a unified, centralized platform for managing encryption keys and policies across an enterprise’s storage, databases and applications. 

EnterpriseDB has partnered with Thales to bring this security solution to EDB Postgres Advanced Server.

Validated Support

Before announcing the joint solution to our customers, EnterpriseDB and Thales put it through a validation process. The goal here was to prove out that VTE’s granular, least-privileged user access policies worked as expected with EDB Postgres Advanced Server, along with seeing auditing and encryption key management in operation. 

My colleagues Tushar Ahuja and Rajkumar Raghuwanshi have blogged details of the validation effort along with performance impact on our sample application with the solution enabled. As the saying goes, performance will vary with your specific workload. Overall we were pleased with the results.

Getting Started

Implementing the Vormetric solution requires the following components:

1. EDB Postgres Advanced Server installed and in operation.

2. Vormetric Data Security Platform (DSM) installed and operational.

3. A VTE agent on the Postgres host registered to the DSM.

A good resource from Thales is the Vormetric Guide: VTE Implementation for Postgres.

Peace of Mind

If you are following best practices with layers of protection for securing data from attack, including VTE enables you to answer data-at-rest security concerns. If you are already using Thales to manage data security policies in your enterprise, this validated solution enables you to extend your implementation to include EDB Postgres Advanced Server. The Thales and EnterpriseDB partnership gives you the peace of mind that your Postgres data is secure and supported.


Additional Resources

VTE and EDB Postgres Advanced Server Solution Brief

Enhanced security for EDB Postgres Advanced Server with Vormetric Data Security Platform

Vormetric Guide: VTE Implementation for Postgres

Product webpage: Vormetric Transparent Encryption

Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

Creating a multi-layered security architecture for your database

Postgres and Transparent Data Encryption (TDE)

Postgres encryption options

Thales eSecurity Partners: EnterpriseDB


John Dalton

John Dalton is Senior Director of Product Management, responsible for product strategy and management of the EDB Postgres Platform. He is passionate about delivering business value through products that solve customer needs and believes in the awesome power of Agile development. Customer challenges and requirements are at the heart of John’s work, which is informed by insights from 10 years as an enterprise software architect earlier in his career.

Previously John led the platform product management team at Constant Contact, a SaaS company providing email marketing to more than 500,000 small businesses and nonprofits. He earlier led new product initiatives at Demandware, now SalesForce Commerce Cloud, and a data management products team at Progress Software.