MongoDB has announced the general availability of MongoDB Queryable Encryption. This "first-of-its-kind" technology helps organisations protect sensitive data when it is queried and used on MongoDB.
“MongoDB Queryable Encryption significantly reduces the risk of data exposure for organisations and improves developer productivity by providing built-in encryption capabilities for highly sensitive application workflows, such as searching employee records, processing financial transactions, or analysing medical records, with no cryptography expertise required,” claims the company.
“Protecting data is critical for every organisation, especially as the volume of data being generated grows and the sophistication of modern applications is only increasing. Organisations also face the challenge of meeting a growing number of data privacy and customer data protection requirements,” says Sahir Azam, chief product officer at MongoDB.
“Now, with MongoDB Queryable Encryption, customers can protect their data with state-of-the-art encryption and reduce operational risk, all while providing an easy-to-use capability developers can quickly build into applications to power experiences their end-users expect.”
Data protection is the top priority among organisations across industries today as they face many regulations and compliance requirements to protect personally identifiable information (PII), personal health information (PHI), and other sensitive data.
A typical data protection capability organisations use to protect data is encryption, where sensitive information is made unreadable by cryptographic algorithms utilising an encryption key and only made readable again using a decryption key customers securely manage.
Data can be protected through encryption in transit when travelling over networks, at rest when stored, and in use when it is being processed. However, working with encrypted data poses significant challenges because it needs to be decrypted before it can be processed or analysed.
Organisations that work with highly sensitive data want to improve their security posture and meet compliance requirements by encrypting their data throughout its entire lifecycle, including while it is being queried. Until now, the only way to keep information encrypted during the entire lifecycle was to employ highly specialised teams with extensive expertise in cryptography.
With the general availability of MongoDB Queryable Encryption, customers can now secure sensitive workloads for use cases in highly regulated or data-sensitive industries like financial services, health care, government, and critical infrastructure services by encrypting data. At the same time, it is being processed and in use.
Customers can get quickly started protecting data by selecting the fields in MongoDB databases that contain sensitive data that need to be encrypted while in use. For example, an authorised application end-user at a financial services company may need to query records using a customer's savings account number.
When configured with MongoDB Queryable Encryption, the content of the query and the data in the savings account field will remain encrypted when travelling over the network. At the same time, it is stored in the database while the query processes the data to retrieve relevant information.
After retrieving data, it becomes visible only to an authorised application end user with a customer-controlled decryption key to help prevent inadvertent data exposure or exfiltration by malicious actors. With MongoDB Queryable Encryption, developers can now easily implement first-of-its-kind encryption technology to ensure their applications operate with the highest levels of data protection and that sensitive information is never exposed. At the same time, it is being processed, significantly reducing the risk of data exposure.
The MongoDB Cryptography Research Group developed the underlying encryption technology behind MongoDB Queryable Encryption, which is open source.
Organisations can freely examine the cryptographic techniques and code behind the technology to help meet security and compliance requirements. MongoDB Queryable Encryption can be used with AWS Key Management Service, Microsoft Azure Key Vault, Google Cloud Key Management Service, and other services compliant with the key management interoperability protocol (KMIP) to manage cryptographic keys.
The general availability of MongoDB Queryable Encryption includes support for equality queries, with additional query types (e.g., range, prefix, suffix, and substring) generally available in upcoming releases.
Since the release of MongoDB Queryable Encryption in preview last year, MongoDB has partnered with customers, including leading financial institutions and Fortune 500 companies in the healthcare, insurance, and automotive manufacturing industries, to fine-tune the service for general availability.