MongoDB has made its end-to-end data encryption technology available for organisations that need to meet the most stringent data privacy requirements. The Queryable Encryption system from the database tech platform is designed to make building in data privacy easier for developers with no cryptography expertise.
Announced at the company’s developer conference, MongoDB.local Chicago, Queryable Encryption is specifically designed for sensitive application workflows, adding built-in encryption capabilities. Uses could be processing employee records, processing financial transactions or even analysing medical records. Automaker Renault is the first MongoDB customer to use the system.
“Protecting data is critical for every organisation, especially as the volume of data being generated grows and the sophistication of modern applications is only increasing,” explained Sahir Azam, chief product officer for MongoDB. “Organisations also face the challenge of meeting a growing number of data privacy and customer data protection requirements.”
Businesses are facing a growing number of regulations and compliance requirements around data, particularly where it is considered high risk. This has made data protection a top priority, with encryption one of the most common approaches. There is a need to protect data at each stage of the process, including in-transit, in-situ and when in use.
The data has to be decrypted before it can be processed or analysed and this creates a risk point for companies working on particularly sensitive information. Organisations need to encrypt the data throughout its full lifecycle and previously this required a specialist team with expertise in cryptography. MongoDB says its new service makes this process easier.
MongoDB promises full process encryption
MongoDB says Queryable Encryption lets customers secure sensitive workloads by encrypting data while it is being processed and in-use. They select the fields in a database that include the sensitive data and encrypt it even during processing.
It gives the example of requesting a customer saving’s account number. The system ensures the savings data remain encrypted when travelling over the network, when stored in the database and when a query is processing the data to retrieve relevant information. Only an authorised application will be able to see the unencrypted information once it has been retrieved and processed by the system. The encryption is easily implementable by a developer working with MongoDB.
It was developed by the MongoDB Cryptography research group and it has been made available open source. Organisations can see the techniques and code behind the technology to help meet security and compliance requirements.
It has been enabled for MongoDB installations using AWS Key Management Service, Microsoft Azure Key Vault, Google Cloud Key Management Service, and other services compliant with the key management interoperability protocol (KMIP).
Renault Group is one of the first companies to use MongoDB Queryable Encryption. Xin Wang, solutions architect at Renault said it was significant for ensuring data protection and security compliance. “Our teams are eager for the architecture pattern validation of Queryable Encryption and are excited about its future evolution, particularly regarding performance optimization and batch operator support. We look forward to seeing how Queryable Encryption will help meet security and compliance requirements.”