I recently spoke with the MongoDB team about the much-anticipated MongoDB version 7. One feature they were particularly interested in discussing was Queryable Encryption. Let’s delve into this feature and understand how it aims to shield sensitive data, even when it’s being accessed through queries.
Who is MongoDB?
Located in New York City, MongoDB has created a developer data platform tailored for modern applications’ flexibility and expansion needs. MongoDB is a non-relational document database supporting JSON-like data storage. Its adaptable data model lets you store many types of data, including unstructured data, complemented by comprehensive indexing support and intuitive APIs. With a global presence, MongoDB boasts tens of thousands of clients across more than 100 countries. The company was birthed in 2007 by Dwight Merriman, Eliot Horowitz and Kevin Ryan, who were previously associated with DoubleClick, a digital advertising firm now under Google’s umbrella. The trio created MongoDB to answer the challenges posed by traditional databases in data storage scalability and flexibility.
MongoDB is constructed to naturally scale, accommodating large data volumes by augmenting servers for load distribution. The database’s adaptability facilitates smooth alterations and enhancements without disrupting preexisting data. Given the importance of performance in data management, MongoDB’s document-centric model, coupled with its indexing proficiency, ensures swift data access and modifications. It also incorporates automatic data redundancy and failover mechanisms, guaranteeing consistent availability. MongoDB utilizes a JSON-esque format, BSON, which simplifies the storage and extraction of intricate data constructs. When it comes to support, MongoDB is backed by a strong community, offering an abundance of resources, guides and assistance.
Importance of data protection and security
Most organizations are intensifying measures to secure their data infrastructures. Adhering to regulatory standards is also crucial, especially when dealing with personally identifiable information (PII), protected health information (PHI) and other sensitive data.
How do these institutions safeguard their data? They primarily turn to encryption, a method that transforms critical information into a coded version using cryptographic algorithms. A decryption key, exclusively possessed by the client, is essential to decode and access the original data.
While data can be encrypted during transmission over networks (data in motion), in storage (data at rest) and during processing (data in use), managing encrypted data while it’s being used has significant complexities, as it generally needs to be decrypted for processing. Organizations handling delicate data aim to boost their security by maintaining encryption throughout the data’s lifecycle, even during queries. Until recently, maintaining such continuous encryption required the expertise of specialized cryptographic teams.
The image above provides more details about how Queryable Encryption offers heightened protection for sensitive data, even in cloud settings.
What is Queryable Encryption?
Queryable Encryption offers a means to privately query encrypted data without the initial step of decryption. Relying on an advanced encrypted search algorithm, servers can handle queries on this data, all while keeping the data’s content concealed, both from the database itself and from the service operators. Data stays encrypted continuously, even under search conditions.
When a query is made, MongoDB sends the encrypted findings to a software driver, which then undergoes decryption at the user’s end, ensuring consistent security throughout any form of access. This cutting-edge technology is pivotal for safeguarding confidential data and finds its place in sectors like finance, healthcare and government. Besides eliminating the decryption step during searches, the new version of MongoDB stands out for its adaptability, efficacy and intuitive design.
Queryable encryption use cases
As concerns over data security increase for organizations, the prominence of Queryable Encryption technology will continue to rise. Since MongoDB released this innovation, the company has been working with key customers in leading industries on implementation. Let me provide a few examples.
• Financial institutions can use Queryable Encryption to secure customer details like credit cards and Social Security numbers.
• Healthcare entities can use Queryable Encryption to protect patient data, including medical records and lab results.
• Government agencies can use Queryable Encryption to protect the confidentiality of law enforcement records and classified intel.
• E-commerce platforms can use Queryable Encryption to help guard customers’ purchase histories and contact data.
One of the first companies to deploy the technology is the big automaker Renault. It has begun using MongoDB Queryable Encryption for ensuring data protection and meeting security and compliance requirements.
Competitive arena
MongoDB’s Queryable Encryption is a notable advancement in data protection, yet it’s essential to recognize its constraints. MongoDB has made it easier for developers to implement this feature so customers can easily protect their sensitive data without being experts in cryptography. Yet there are certain MongoDB functionalities, like complex aggregations and geospatial queries, that may not be compatible as updates in drivers and servers are ongoing. Moreover, encryption can potentially slow down query performance, especially for intricate operations, because it introduces additional processing overhead. While MongoDB offers enhanced security, it’s no silver bullet; vulnerabilities like side-channel attacks and classic application-side risks remain. It’s crucial to weigh these factors when integrating MongoDB’s Queryable Encryption.
While MongoDB alone offers Queryable Encryption, other formidable database players such as Couchbase and Cassandra offer enhanced performance and scalability while being able to manage significant data volumes with a flexible schema. AWS’s DynamoDB provides a robust managed NoSQL solution with global reach, while CouchDB emphasizes document-oriented storage. Oracle’s NoSQL service and Microsoft’s Azure Cosmos DB cater to diverse data models with an emphasis on scalability and global distribution. ArangoDB offers multi-model capabilities, whereas Redis thrives on high-speed in-memory operations. Elasticsearch excels in real-time analytics, and MarkLogic handles large volumes of virtually any type of data. In short, each solution has tailored its offerings to meet specific needs in the ever-evolving database market.
Summary
Queryable Encryption could help businesses revolutionize their data security. It allows developers to implement a progressive encryption method to strengthen their applications’ defenses while complying with privacy regulations like GDPR and enhancing security—all with no cryptography experience required. For now, MongoDB 7.0 allows Queryable Encryption to be used for equality queries on encrypted data. The company says that “future releases will add support to the range, prefix, suffix and substring query types.”
While it is important to be aware of some of the challenges associated with Queryable Encryption, such as performance constraints on intensive queries and compatibility and support issues due to its relative newness, it is without a doubt an influential addition to MongoDB.
Moor Insights & Strategy provides or has provided paid (wish services to technology companies, like all tech industry research and analyst firms. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking, and video and speaking sponsorships. The company has had or currently has paid business relationships with 8×8, Accenture, A10 Networks, Adobe, Advanced Micro Devices, Amazon, Amazon Web Services, Ambient Scientific, Ampere Computing, Analog Devices, Anuta Networks, Applied Brain Research, Applied Micro, Apstra, Arm, Aruba Networks (now HPE), Atom Computing, AT&T, Aura, Avaya Holdings, Automation Anywhere, AWS, A-10 Strategies, Bitfusion, Blaize, Box, Broadcom, C3.AI, Calix, Cadence Systems, Campfire, Cisco Systems, Clear Software, Cloudera, Clumio, Cohesity, Cognitive Systems, CompuCom, Cradlepoint, CyberArk, Dell, Dell EMC, Dell Technologies, Diablo Technologies, Dialogue Group, Digital Optics, Dreamium Labs, D-Wave, Echelon, Elastic, Ericsson, Extreme Networks, Five9, Flex, Fortinet, Foundries.io, Foxconn, Frame (now VMware), Frore Systems, Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Revolve (now Google), Google Cloud, Graphcore, Groq, Hiregenics, Hotwire Global, HP Inc., Hewlett Packard Enterprise, Honeywell, Huawei Technologies, HYCU, IBM, Infinidat, Infoblox, Infosys, Inseego, IonQ, IonVR, Inseego, Infosys, Infiot, Intel, Interdigital, Intuit, Iron Mountain, Jabil Circuit, Juniper Networks, Keysight, Konica Minolta, Lattice Semiconductor, Lenovo, Linux Foundation, Lightbits Labs, LogicMonitor, LoRa Alliance, Luminar, MapBox, Marvell Technology, Mavenir, Marseille Inc, Mayfair Equity, MemryX, Meraki (Cisco), Merck KGaA, Mesophere, Micron Technology, Microsoft, MiTEL, Mojo Networks, MongoDB, Movandi, Multefire Alliance, National Instruments, Neat, NetApp, Netskope, Nightwatch, NOKIA, Nortek, Novumind, NTT, NVIDIA, Nutanix, Nuvia (now Qualcomm), NXP, onsemi, ONUG, OpenStack Foundation, Oracle, Palo Alto Networks, Panasas, Peraso, Pexip, Pixelworks, Plume Design, PlusAI, Poly (formerly Plantronics), Portworx, Pure Storage, Qualcomm, Quantinuum, Rackspace, Rambus, Rayvolt E-Bikes, Red Hat, Renesas, Residio, Rigetti Computing, Ring Central, Salseforce.com, Samsung Electronics, Samsung Semi, SAP, SAS, Scale Computing, Schneider Electric, SiFive, Silver Peak (now Aruba-HPE), SkyWorks, SONY Optical Storage, Splunk, Springpath (now Cisco), Spirent, Splunk, Sprint (now T-Mobile), Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, Telesign,TE Connectivity, TensTorrent, Tobii Technology, Teradata,T-Mobile, Treasure Data, Twitter, Unity Technologies, UiPath, Verizon Communications, VAST Data, Veeam, Ventana Micro Systems, Vidyo, Volumez, VMware, Wave Computing, Wells Fargo, Wellsmith, Xilinx, Zayo, Zebra, Zededa, Zendesk, Zoho, Zoom, and Zscaler.
Read the full article here
