Mongodb Encryption

The last decade has seen a number of new database platforms get implemented in a variety of organizations. Most of the newer popular platforms have been NoSQL (Not Only SQL) products, and one of the first that became quite popular was MongoDB. I first ran into a few customers using this platform around 2012/2013. At the time some customers inquired whether we had any products to help with development. We did, somewhat, as we invested in 3T.

MongoDB has enjoyed a lot of popularity and set some standards for how to store and retrieve data. CosmosDB (and other products) has API compatability with MongoDB, precisely because of its popularity. While I’m not sure MongoDB is the replacement for your RDBMS, I’m sure it has places and problem domains where it shines. I’ve also watched the product improve and grow to meet the requirements and desires of more customers. One recent addition was field level encryption.

MongoDB has had storage level encryption, similar to TDE in SQL Server. It also has had transport encryption (think SSL network protection). This new feature is more like Always Encrypted (AE) in SQL Server. Clients can perform the encryption and decryption, assuming they have the keys. This isn’t quite like AE as it appears to need code changes, but it does protect the data from system administrators, which is a concern for some applications and industries.

How well does this work? There certainly is a challenge with managing keys, distributing them to clients, revoking them, and more. All of these are the same challenges more encryption technologies have to deal with, including AE. This is a good addition to all data platforms, which ought to enable encryption, but having, or even using, the encryption, isn’t a panacea for the problem of protecting data. We need lots of other things to be designed, implemented, and operated securely.

I’m not a big fan of MongoDB, but it’s a fine platform, and it likely works well for some organizations. I’m glad that it continues to enhance its security capabilities, and I hope that anyone implementing it enables all that they can. Too many installations in the past haven’t had good security, and that’s a problem. If you manage data, secure your system, and be sure you continue to monitor the platform for security issues and keep learning more about how to best protect your data.

Steve Jones

Listen to the podcast at Libsyn, Stitcher or iTunes.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged , , . Bookmark the permalink.