Percona Delivers Open-Source Transparent Data Encryption for Postgres

/ Application Development, Cloud-Native, Data Management, Data Protection, KubeCon + CloudNativeCon North America 2025, Open Source

The News

At KubeCon North America 2025, Percona announced fully open-source Transparent Data Encryption (TDE) for Postgres providing data-at-rest encryption that addresses PCI DSS and financial institution compliance needs without requiring enterprise licensing fees. The capability currently ships in Percona Server for Postgres with active work to upstream into Postgres community edition, removing licensing costs while offering optional enterprise support where customers can obtain support elsewhere for Percona’s open-source software, compelling the company to maintain best-in-class support quality. The company prioritized rapid TDE delivery over event-aligned releases due to customers requiring immediate compliance with new PCI DSS versions and changing European data regulations and sovereignty requirements, enabling some customers to move to production immediately.

Analyst Take

Percona’s open-source TDE for Postgres addresses genuine compliance requirements as organizations face increasing regulatory pressure around data-at-rest encryption from PCI DSS, GDPR, and emerging data sovereignty frameworks, but the value proposition depends on whether organizations prioritize avoiding enterprise licensing costs and vendor lock-in over the integrated support and indemnification that proprietary vendors provide. Research shows that security and compliance remain critical priorities, with 68.29% of organizations identifying security tooling as a top IT budget priority and 50.9% conducting vulnerability scanning weekly (with 26.7% scanning daily), indicating that encryption capabilities align with heightened security investment. The historical requirement to purchase enterprise licenses for TDE from proprietary Postgres vendors (EDB, AWS RDS, Google Cloud SQL with encryption enabled by default) created cost barriers and lock-in concerns, with Percona’s open-source approach enabling organizations to implement encryption without licensing fees while maintaining flexibility to change support providers or self-manage if internal expertise develops.

The emphasis on upstreaming TDE to Postgres community edition reflects Percona’s community-first positioning and creates long-term sustainability for the capability, but success depends on whether the Postgres community accepts the implementation approach and timeline for integration into core Postgres versus remaining Percona-specific extension. The commitment to community contribution differentiates Percona from proprietary vendors who maintain encryption as commercial differentiator, but it also creates questions about Percona’s commercial model sustainability if core differentiation features become freely available in community Postgres. The rapid delivery prioritization over event-aligned releases in response to urgent PCI DSS compliance timelines demonstrates customer responsiveness, with research showing that 43.90% of IT budgets are allocated to cloud infrastructure and services, creating pressure to deliver compliance capabilities that enable cloud adoption without introducing regulatory risk or requiring expensive proprietary licensing.

The enterprise support positioning without vendor lock-in addresses real market demand as organizations seek “safety net” of commercial support while avoiding proprietary licensing and maintaining flexibility to change vendors or bring support in-house. The claim that customers can obtain support elsewhere for Percona’s open-source software creating competitive pressure to maintain best-in-class support quality reflects genuine differentiation from proprietary vendors where switching support providers requires migrating to different database platform. Research indicates that 43% of organizations cite tool sprawl as a major challenge and 38% struggle with integration complexity, suggesting that unified database platforms with enterprise support address operational complexity concerns while avoiding vendor lock-in that exacerbates tool sprawl when organizations cannot consolidate on preferred solutions.

The AI positioning around vector search as foundational capability with Postgres serving as unified data source reducing multi-database complexity addresses emerging requirements as organizations build AI applications, but the effectiveness depends on whether Postgres vector search extensions (pgvector) provide sufficient performance and functionality compared to purpose-built vector databases optimized for similarity search at scale. Research shows that 70.4% of organizations plan to increase AI/ML spending and 64% are likely or very likely to invest in AI tools for developers, indicating strong demand for AI-enabled database capabilities. However, the acknowledgment that adoption remains early with limited production-grade deployments reflects realistic assessment, with only 52% of organizations having AI/ML models in production and 34% identifying performance optimization as a top priority, suggesting that AI workload maturity remains nascent and organizations are still determining optimal architectures. The Kubernetes migration positioning around organizational changes rather than technical minutiae reflects pragmatic recognition that technology migration success depends on people and process transformation, with research showing that 61.79% of organizations operate hybrid deployment models and 76% report cloud-native architecture familiarity, indicating broad Kubernetes adoption creating demand for database migration guidance that addresses operational transformation alongside technical implementation.

Looking Ahead

Percona’s success with open-source TDE depends on whether the next 12-18 months demonstrate that community-driven encryption capabilities achieve regulatory acceptance and operational maturity comparable to proprietary implementations, enabling organizations to meet compliance requirements without enterprise licensing costs while maintaining confidence in security assurances and audit readiness. The company must prove that open-source TDE provides equivalent or superior security, performance, and operational characteristics compared to proprietary alternatives, while successfully upstreaming to Postgres community edition to ensure long-term sustainability and broad adoption beyond Percona-specific distributions. The challenge is balancing rapid delivery to meet urgent compliance timelines against ensuring production-ready stability, comprehensive documentation, and regulatory validation that enterprises require for mission-critical deployments.

The enterprise support without vendor lock-in positioning provides differentiation opportunity as organizations increasingly prioritize flexibility and avoid proprietary licensing, but sustainability requires proving that Percona’s commercial model generates sufficient revenue to fund continued development, maintain competitive support quality, and deliver innovation that justifies customer investment versus self-managing or using free community support. The competitive landscape includes proprietary Postgres vendors with integrated encryption and compliance certifications, cloud provider managed services with encryption enabled by default, and emerging open-source alternatives, requiring Percona to demonstrate clear advantages in cost, flexibility, and support quality that justify adoption. The AI and Kubernetes positioning addresses emerging market trends, but success depends on whether these capabilities create meaningful differentiation and revenue opportunity or whether they represent table-stakes features that all database vendors must provide without creating competitive advantage. Percona must determine whether to invest heavily in AI-specific capabilities (vector search optimization, model serving integration) and Kubernetes-native operations (operator maturity, cloud-native tooling) or maintain focus on core database reliability, performance, and enterprise support that remain primary customer priorities.

Authors

  • Paul Nashawaty

    Paul Nashawaty, Practice Leader and Lead Principal Analyst, specializes in application modernization across build, release and operations. With a wealth of expertise in digital transformation initiatives spanning front-end and back-end systems, he also possesses comprehensive knowledge of the underlying infrastructure ecosystem crucial for supporting modernization endeavors. With over 25 years of experience, Paul has a proven track record in implementing effective go-to-market strategies, including the identification of new market channels, the growth and cultivation of partner ecosystems, and the successful execution of strategic plans resulting in positive business outcomes for his clients.

    View all posts

  • With over 15 years of hands-on experience in operations roles across legal, financial, and technology sectors, Sam Weston brings deep expertise in the systems that power modern enterprises such as ERP, CRM, HCM, CX, and beyond. Her career has spanned the full spectrum of enterprise applications, from optimizing business processes and managing platforms to leading digital transformation initiatives.

    Sam has transitioned her expertise into the analyst arena, focusing on enterprise applications and the evolving role they play in business productivity and transformation. She provides independent insights that bridge technology capabilities with business outcomes, helping organizations and vendors alike navigate a changing enterprise software landscape.

    View all posts