Enjoy Enhanced Data Security with MongoDB 4.2
Author: Charleste King | 4 min read | January 30, 2020
The exploding flood of incoming data presents an immense challenge to data managers: how to control the escalating risks that also flow in through the ever-increasing volumes of information?
Not only does the data carry information that could be targeted by emerging threats, but often its unstructured format poses an inherent danger in and of itself. Those escalating risks put increasing pressure on IT management to not just control their data, but also to ensure their enterprise remains in compliance with regulations despite their data.
Fortunately, MongoDB and its newly released 4.2 iteration provide customers with world-class compliance capacities regardless of their industry or the structure of their data.
MongoDB Masters Regulatory Compliance
This year, 2019, has been pivotal for MongoDB, the general purposes NoSQL database platform. Not content with providing its customers with the most flexible database management tool available in today’s hyper-competitive data management market, the company also has attained certification for several significant global information technology security standards:
- In Spring, 2019, the company received approval from the Defense Information Systems Agency (DISA) for its Security Technical Information Guide (STIG). It is the first non-relational database to achieve that goal. The Department of Defense can now use the database within certain defense networks.
- In September, the database was also independently validated as a certified services provider for the Payment Card Industry commission for Data Security Standards (PCI DSS). The commission regulates the management of billions of global credit and payment cards, and the certification establishes the MongoDB 4.2 database as a provider of services for trillions of dollars worth of financial transactions each year. The certification as a qualified PCI DSS services provider came after an extensive audit performed by an independent Qualified Security Assessor (QSA).
- The PCI DSS certification follows previously attained security achievements, including compliance with the ISO27001.2013 and the SOC 2 reporting requirements.
- MongoDB 4.2 also complies with Europe’s General Data Protection Regulation (GDPR) and with America’s Health Information Portability and Accountability Act (HIPAA).
MongoDB 4.2 Introduces Field-Level, Client-Side Encryption
The PCI DSS certification makes the introduction in June 2019 of MongoDB’s field-level, client-side encryption capability that much more exciting for all of its current and future customers.
MongoDB’s client-side encryption capacity is a game-changer for many organizations because it shifts initiation and control of the encryption process to them and away from their cloud services provider.
- Unlike end-to-end encryption, where information is encrypted only after the server receives it, the client-side encryption means information is hidden before it leaves the sender’s machine so not even the server can access it.
- Consequently, client-side encryption extends the protection of data beyond servers. It puts it into the hands of whoever is sending it, whether that’s from a company desktop machine in the head office or a remote employee based on the other side of the planet. The new technology eliminates the possibility of theft or interception when that unencrypted data is in transit from the sender to the server.
MongoDB’s Field Level Encryption offers other advantages, too:
- It embraces application code so there’s no need to create explicit encryption-function code for each database read or write operation.
- It separates data even from systems administrators who can only access it when given explicit client access keys.
- Because access to information is achieved only through the client key, the destruction of that key also eliminates access to that data. This feature satisfies the GDPR’s ‘right to disappear’ requirement.
MongoDB 4.2 has mastered not just data storage and data management, but compliance with data security standards as well. Datavail’s MongoDB 4.2 professionals understand how its technology can help your enterprise gain control over all your data and ensure that it remains in compliance with applicable standards, regardless of your industry. We’re MongoDB Premier Partners, contact us today if you’re looking to make the move.