SlideShare a Scribd company logo
1 of 56
Download to read offline
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive into Protecting Sensitive Workloads
New encryption capabilities in MongoDB 4.2:
A deep dive into protecting sensitive workloads
Prasad Pillalamarri
Technical Director, MongoDB Software India Private Limited
New encryption capabilities in MongoDB 4.2:
A deep dive into protecting sensitive workloads
Agenda
▪ A brief history of database security
▪ Trust models: server vs. client
▪ Encrypting data-in-use
▪ Hands on deep dive
▪ Q&A
A brief history of database security
A brief history of database security
Evolution
▪ access controls
▪ passwords
▪ plaintext > hashing > key derivation
▪ bearer tokens
▪ NTLM, Kerberos tickets, LDAP/S, SCRAM, web session
A brief history of database security
Evolution
▪ access controls
▪ passwords
▪ plaintext > hashing > key derivation
▪ bearer tokens
▪ NTLM, Kerberos tickets, LDAP/S, SCRAM, web session
▪ multi-factor auth
▪ LCD fobs / SMS / 2FA apps / FIDO-U2F / WebAuthn / mobile enclaves
▪ federated RBAC
A brief history of database security
Evolution
▪ network
▪ (plaintext) native wire protocols
▪ SSL encryption
▪ TLS
▪ TLS w/ PFS
A brief history of database security
Evolution
▪ storage
▪ volume-level / full disk encryption (FDE)
▪ BitLocker, DMCrypt, FileVault, encrypted EBS
A brief history of database security
Evolution
▪ storage
▪ volume-level / full disk encryption (FDE)
▪ BitLocker, DMCrypt, FileVault, encrypted EBS
▪ file-level encryption
▪ whole database
▪ per-database (WiredTiger ESE)
▪ tablespace
▪ database-level encryption
▪ column / field
A brief history of database security
These are all important defenses, but…
What is the threat?
Against whom/what are we defending?
▪ “hackers”?
▪ criminal blackhats?
▪ competitors?
▪ activists?
▪ unknown actors?
A brief history of database security
These are all important defenses, but…
What is the threat?
Against whom/what are we defending?
▪ “hackers”?
▪ criminal blackhats?
▪ competitors?
▪ activists?
▪ unknown actors?
▪ insiders?
▪ admins?
The security model for many Prod databases
A brief history of database security
Every sector of the global economy has been impacted
▪ enterprise
▪ consumer tech
▪ retail
▪ government
▪ healthcare
▪ finance
…
A brief history of database security
Major shifts in regulatory & privacy climate
▪ GDPR
▪ HIPAA
▪ PCI DSS
▪ NIST/FISMA
▪ Consumer protection
▪ State & provincial
A brief history of database security
System architect & developer security challenges
Meeting legal/regulatory obligations
▪ Controls
▪ Audit/attestation
Defending real-world attacks
▪ First Principles: C/I/A
▪ Separation of duties
▪ Access control
▪ Identifying & protecting sensitive data
A brief history of database security
System architects & develop security challenges
Meeting legal/regulatory obligations
▪ Controls
▪ Audit/attestation
Defending real-world attacks
▪ First Principles: C/I/A
▪ Separation of duties
▪ Access control
▪ Identifying & protecting sensitive data
Trust models: server vs. client
Trust models: server vs. client
What is the source of trust?
▪ Traditionally, DB encryption has relied on server-side trust
▪ This has implications, many not so obvious
▪ With a few caveats, the database operator typically has
unrestricted technical access, including:
▪ DBAs
▪ system admins
▪ hosting/infrastructure providers
Trust models: server vs. client
The fundamental challenge is protecting the confidentiality of
data while it’s in use.
Encrypting Data-in-Use
Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ encryption as a first-class citizen
▪ modern, authenticated encryption algorithms
Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ encryption as a first-class citizen
▪ modern, authenticated encryption algorithms
▪ strong security guarantees
▪ customer-managed keys
▪ content is opaque to server & server operator
Encrypting Data-in-Use
Introducing MongoDB Client-Side Field-Level Encryption
▪ major investment
▪ 2 years in the making
▪ 16+ engineers spanning core server, query, security, cloud, drivers
▪ targeting 12+ languages
▪ all major hardware & operating system platforms
▪ Linux, MacOS, Windows
MongoDB Client-Side Field-Level Encryption
Core design
▪ enabled in drivers
▪ drivers have expanded MQL awareness
▪ extends existing JSON Schema with new “encrypt” propert
MongoDB Client-Side Field-Level Encryption
Core design
▪ enabled in drivers
▪ drivers have expanded MQL awareness
▪ extends existing JSON Schema with new “encrypt” propert
▪ adds JSON Schema validation to the client
▪ individual fields within collections can be marked as encrypte
▪ keys can be used on a per-field, per-document basis
MongoDB Client-Side Field-Level Encryption
Cryptography
▪ multiple encryption options, including deterministic search
▪ cloud key services are natively integrated
▪ modern authenticated encryption with AES-256 & SHA-2
▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson)
MongoDB Client-Side Field-Level Encryption
Cryptography
▪ multiple encryption options, including deterministic search
▪ cloud key services are natively integrated
▪ modern authenticated encryption with AES-256 & SHA-2
▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson)
▪ abuse-resistant derived deterministic IVs
▪ native OS libraries used for crypto primitives
MongoDB Client-Side Field-Level Encryption
Developer view
▪ new JSON Schema attribute “encrypt”
▪ schema validation extended to the client/application
▪ key management services integrated into drivers
MongoDB Client-Side Field-Level Encryption
Developer view
▪ new JSON Schema attribute “encrypt”
▪ schema validation extended to the client/application
▪ key management services integrated into drivers
▪ driver generates secure request for field keys
▪ all encryption/decryption is done in the driver (on the client)
▪ server only sees encrypted binary data (BinData subtype-6)
MongoDB Client-Side Field-Level Encryption
How does it work?
MongoDB Client-Side Field-Level Encryption
{
firstName: "Pat",
lastName: "Lee",
ssn: "901-01-0001",
email: "lee@example.com",
mobile: "+1-212-555-1234",
medRecNum: 235498
}
{
firstName: "Pat",
lastName: "Lee",
! ssn: "r6EaUcgZ4lGw…",
! email: "K4b5U3TlcIXh…",
! mobile: "oR72CW4Wf5Ej…",
medRecNum: 235498
}
View from application
View from database (admin, server, DB logs, process memory)
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive into Protecting Sensitive Workloads
Let’s look at some code
"test.patients" : {
"bsonType" : "object",
"properties" : {
"medRecNum" : { "bsonType" : "int" },
"firstName" : { "bsonType" : "string" },
"lastName" : { "bsonType" : "string" },
"ssn" : {
"encrypt" : {
"bsonType" : "string",
"algorithm" : encryption_mode,
"keyId" : [ key1 ]
}
},
"mobile" : { "bsonType" : "string" },
"email" : { "bsonType" : "string" },
}}
"test.patients" : {
"bsonType" : "object",
"properties" : {
"medRecNum" : { "bsonType" : "int" },
"firstName" : { "bsonType" : "string" },
"lastName" : { "bsonType" : "string" },
"ssn" : {
"encrypt" : {
"bsonType" : "string",
"algorithm" : encryption_mode,
"keyId" : [ key1 ]
}
},
"mobile" : { "bsonType" : "string" },
"email" : { "bsonType" : "string" },
}}
"test.patients" : {
"bsonType" : "object",
"properties" : {
"medRecNum" : { "bsonType" : "int" },
"firstName" : { "bsonType" : "string" },
"lastName" : { "bsonType" : "string" },
"ssn" : {
"encrypt" : {
"bsonType" : "string",
"algorithm" : encryption_mode,
"keyId" : [ key1 ]
}
},
"mobile" : { "bsonType" : "string" },
"email" : { "bsonType" : "string" },
}}
var keystore = db.getCollection("__keystore")
var clientSideFLEOptions = {
"kmsProviders" : {
"aws" : {
"accessKeyId" : env.KMSKID ,
"secretAccessKey" : env.KMSKEY
}
},
"schemas" : { patientSchema } ,
"keyVaultCollection" : keystore
}
encryptedSession = new Mongo("localhost",clientSideFLEOptions)
var keystore = db.getCollection("__keystore")
var clientSideFLEOptions = {
"kmsProviders" : {
"aws" : {
"accessKeyId" : env.KMSKID ,
"secretAccessKey" : env.KMSKEY
}
},
"schemas" : { patientSchema } ,
"keyVaultCollection" : keystore
}
encryptedSession = new Mongo("localhost",clientSideFLEOptions)
var encryptedDb = encryptedSession.getDB("test");
encryptedSession.getKeyStore().createKey(
"aws", env.KMSARN, ["key1"]
)
var keys = encryptedSession.getKeyStore().getKeys()
var key1 = keys.getKeyByAltName("key1")
Query on an unencrypted field
encryptedDb.patients.find({ "medRecNum" : 235498 })
Query on an unencrypted field
{
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : "901-01-0001",
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to a client holding a valid key:
{
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to a client lacking a valid key:
{
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to legacy clients:
{
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to database administrator:
{
"firstName" : "Pat",
"lastName" : "Lee",
"medRecNum" : 235498,
"ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."),
"mobile" : "212-555-1234",
"email" : "lee@example.com"
}
View to database, server memory, logs, backups:
Query on an encrypted field
encryptedDb.patients.find({ "ssn": "901-01-0001" })
Query on an encrypted field
encryptedDb.patients.find({ "ssn": "901-01-0001" })
Query on an encrypted field
encryptedDb.patients.find({ "ssn": "901-01-0001" })
encryptedDb.patients.find({ "ssn": BinData(6,"ASV2YBzOhUY…" )})
Query on an encrypted field
Quick Demo
MongoDB Client-Side Field-Level Encryption
Roadmap
▪ beta preview 4.2 rc2 available now – Java, Node.js & Shell fi
▪ additional language beta previews in coming weeks
▪ server support in Atlas via rc1+ preview
▪ 3rd party cryptography reviews in progress
▪ Docs & University – In Flight
MongoDB Client-Side Field-Level Encryption
Takeaways
▪ 4.2 introduces client-side field-level encryption
▪ designed for the most sensitive workloads
▪ enabled in all supported drivers on all supported platforms
▪ allows fields to be marked as encrypted, at the document-leve
MongoDB Client-Side Field-Level Encryption
Takeaways
▪ 4.2 introduces client-side field-level encryption
▪ designed for the most sensitive workloads
▪ enabled in all supported drivers on all supported platforms
▪ allows fields to be marked as encrypted, at the document-leve
▪ multiple enforcement options (client-side, server-side, or both)
▪ backwards compatible with existing admin & cluster tools
▪ EA/Atlas – automatic/transparent encryption (no app changes
▪ Community – explicit/manual encryption(requires app changes
Q&A
Thank You!

More Related Content

What's hot

MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB
 
How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...
How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...
How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...MongoDB
 
Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...
Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...
Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...MongoDB
 
Introducing MongoDB Atlas
Introducing MongoDB AtlasIntroducing MongoDB Atlas
Introducing MongoDB AtlasMongoDB
 
MMS - Monitoring, backup and management at a single click
MMS - Monitoring, backup and management at a single clickMMS - Monitoring, backup and management at a single click
MMS - Monitoring, backup and management at a single clickMatias Cascallares
 
Mongo db eveningschemadesign
Mongo db eveningschemadesignMongo db eveningschemadesign
Mongo db eveningschemadesignMongoDB APAC
 
Concurrency Control in MongoDB 3.0
Concurrency Control in MongoDB 3.0Concurrency Control in MongoDB 3.0
Concurrency Control in MongoDB 3.0MongoDB
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB
 
MongoDB Ops Manager + Kubernetes
MongoDB Ops Manager + KubernetesMongoDB Ops Manager + Kubernetes
MongoDB Ops Manager + KubernetesMongoDB
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesBrian McNamara
 
Webinar: Enabling Microservices with Containers, Orchestration, and MongoDB
Webinar: Enabling Microservices with Containers, Orchestration, and MongoDBWebinar: Enabling Microservices with Containers, Orchestration, and MongoDB
Webinar: Enabling Microservices with Containers, Orchestration, and MongoDBMongoDB
 
MongoDB WiredTiger Internals: Journey To Transactions
MongoDB WiredTiger Internals: Journey To TransactionsMongoDB WiredTiger Internals: Journey To Transactions
MongoDB WiredTiger Internals: Journey To TransactionsMydbops
 
MongoDB Internals
MongoDB InternalsMongoDB Internals
MongoDB InternalsSiraj Memon
 
MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger
MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger
MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger MongoDB
 
MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...
MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...
MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...Prasoon Kumar
 
Conceptos Avanzados 1: Motores de Almacenamiento
Conceptos Avanzados 1: Motores de AlmacenamientoConceptos Avanzados 1: Motores de Almacenamiento
Conceptos Avanzados 1: Motores de AlmacenamientoMongoDB
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB
 
Beyond the Basics 1: Storage Engines
Beyond the Basics 1: Storage EnginesBeyond the Basics 1: Storage Engines
Beyond the Basics 1: Storage EnginesMongoDB
 

What's hot (20)

What's new in MongoDB 2.6
What's new in MongoDB 2.6What's new in MongoDB 2.6
What's new in MongoDB 2.6
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
 
How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...
How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...
How Thermo Fisher is Reducing Data Analysis Times from Days to Minutes with M...
 
Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...
Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...
Securing MongoDB to Serve an AWS-Based, Multi-Tenant, Security-Fanatic SaaS A...
 
Introducing MongoDB Atlas
Introducing MongoDB AtlasIntroducing MongoDB Atlas
Introducing MongoDB Atlas
 
MMS - Monitoring, backup and management at a single click
MMS - Monitoring, backup and management at a single clickMMS - Monitoring, backup and management at a single click
MMS - Monitoring, backup and management at a single click
 
MongoDB on Azure
MongoDB on AzureMongoDB on Azure
MongoDB on Azure
 
Mongo db eveningschemadesign
Mongo db eveningschemadesignMongo db eveningschemadesign
Mongo db eveningschemadesign
 
Concurrency Control in MongoDB 3.0
Concurrency Control in MongoDB 3.0Concurrency Control in MongoDB 3.0
Concurrency Control in MongoDB 3.0
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
 
MongoDB Ops Manager + Kubernetes
MongoDB Ops Manager + KubernetesMongoDB Ops Manager + Kubernetes
MongoDB Ops Manager + Kubernetes
 
Containerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetesContainerizing MongoDB with kubernetes
Containerizing MongoDB with kubernetes
 
Webinar: Enabling Microservices with Containers, Orchestration, and MongoDB
Webinar: Enabling Microservices with Containers, Orchestration, and MongoDBWebinar: Enabling Microservices with Containers, Orchestration, and MongoDB
Webinar: Enabling Microservices with Containers, Orchestration, and MongoDB
 
MongoDB WiredTiger Internals: Journey To Transactions
MongoDB WiredTiger Internals: Journey To TransactionsMongoDB WiredTiger Internals: Journey To Transactions
MongoDB WiredTiger Internals: Journey To Transactions
 
MongoDB Internals
MongoDB InternalsMongoDB Internals
MongoDB Internals
 
MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger
MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger
MongoDB Days Silicon Valley: A Technical Introduction to WiredTiger
 
MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...
MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...
MongoDB Introduction talk at Dr Dobbs Conference, MongoDB Evenings at Bangalo...
 
Conceptos Avanzados 1: Motores de Almacenamiento
Conceptos Avanzados 1: Motores de AlmacenamientoConceptos Avanzados 1: Motores de Almacenamiento
Conceptos Avanzados 1: Motores de Almacenamiento
 
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACIDMongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
MongoDB World 2018: Transactions and Durability: Putting the “D” in ACID
 
Beyond the Basics 1: Storage Engines
Beyond the Basics 1: Storage EnginesBeyond the Basics 1: Storage Engines
Beyond the Basics 1: Storage Engines
 

Similar to MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive into Protecting Sensitive Workloads

MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...MongoDB
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB
 
Percona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security FeaturesPercona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security FeaturesJean Da Silva
 
Eagle6 mongo dc revised
Eagle6 mongo dc revisedEagle6 mongo dc revised
Eagle6 mongo dc revisedMongoDB
 
Eagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational AwarenessEagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational AwarenessMongoDB
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB
 
Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security Mydbops
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...
MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...
MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...MongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World MongoDB
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseMongoDB
 

Similar to MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive into Protecting Sensitive Workloads (20)

MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
MongoDB World 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive i...
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
 
Percona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security FeaturesPercona Live 2021 - MongoDB Security Features
Percona Live 2021 - MongoDB Security Features
 
MongodB Internals
MongodB InternalsMongodB Internals
MongodB Internals
 
Eagle6 mongo dc revised
Eagle6 mongo dc revisedEagle6 mongo dc revised
Eagle6 mongo dc revised
 
Eagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational AwarenessEagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational Awareness
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
 
Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...
MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...
MongoDB Europe 2016 - Who’s Helping Themselves To Your Data? Demystifying Mon...
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDB
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB Enterprise
 

More from MongoDB

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump StartMongoDB
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB
 
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB
 
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB
 

More from MongoDB (20)

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
 
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
 
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
 

Recently uploaded

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_planJamie (Taka) Wang
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 

Recently uploaded (20)

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_plan
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 

MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A Deep Dive into Protecting Sensitive Workloads

  • 2. New encryption capabilities in MongoDB 4.2: A deep dive into protecting sensitive workloads Prasad Pillalamarri Technical Director, MongoDB Software India Private Limited
  • 3. New encryption capabilities in MongoDB 4.2: A deep dive into protecting sensitive workloads Agenda ▪ A brief history of database security ▪ Trust models: server vs. client ▪ Encrypting data-in-use ▪ Hands on deep dive ▪ Q&A
  • 4. A brief history of database security
  • 5. A brief history of database security Evolution ▪ access controls ▪ passwords ▪ plaintext > hashing > key derivation ▪ bearer tokens ▪ NTLM, Kerberos tickets, LDAP/S, SCRAM, web session
  • 6. A brief history of database security Evolution ▪ access controls ▪ passwords ▪ plaintext > hashing > key derivation ▪ bearer tokens ▪ NTLM, Kerberos tickets, LDAP/S, SCRAM, web session ▪ multi-factor auth ▪ LCD fobs / SMS / 2FA apps / FIDO-U2F / WebAuthn / mobile enclaves ▪ federated RBAC
  • 7. A brief history of database security Evolution ▪ network ▪ (plaintext) native wire protocols ▪ SSL encryption ▪ TLS ▪ TLS w/ PFS
  • 8. A brief history of database security Evolution ▪ storage ▪ volume-level / full disk encryption (FDE) ▪ BitLocker, DMCrypt, FileVault, encrypted EBS
  • 9. A brief history of database security Evolution ▪ storage ▪ volume-level / full disk encryption (FDE) ▪ BitLocker, DMCrypt, FileVault, encrypted EBS ▪ file-level encryption ▪ whole database ▪ per-database (WiredTiger ESE) ▪ tablespace ▪ database-level encryption ▪ column / field
  • 10. A brief history of database security These are all important defenses, but… What is the threat? Against whom/what are we defending? ▪ “hackers”? ▪ criminal blackhats? ▪ competitors? ▪ activists? ▪ unknown actors?
  • 11. A brief history of database security These are all important defenses, but… What is the threat? Against whom/what are we defending? ▪ “hackers”? ▪ criminal blackhats? ▪ competitors? ▪ activists? ▪ unknown actors? ▪ insiders? ▪ admins?
  • 12. The security model for many Prod databases
  • 13. A brief history of database security Every sector of the global economy has been impacted ▪ enterprise ▪ consumer tech ▪ retail ▪ government ▪ healthcare ▪ finance …
  • 14. A brief history of database security Major shifts in regulatory & privacy climate ▪ GDPR ▪ HIPAA ▪ PCI DSS ▪ NIST/FISMA ▪ Consumer protection ▪ State & provincial
  • 15. A brief history of database security System architect & developer security challenges Meeting legal/regulatory obligations ▪ Controls ▪ Audit/attestation Defending real-world attacks ▪ First Principles: C/I/A ▪ Separation of duties ▪ Access control ▪ Identifying & protecting sensitive data
  • 16. A brief history of database security System architects & develop security challenges Meeting legal/regulatory obligations ▪ Controls ▪ Audit/attestation Defending real-world attacks ▪ First Principles: C/I/A ▪ Separation of duties ▪ Access control ▪ Identifying & protecting sensitive data
  • 17. Trust models: server vs. client
  • 18. Trust models: server vs. client What is the source of trust? ▪ Traditionally, DB encryption has relied on server-side trust ▪ This has implications, many not so obvious ▪ With a few caveats, the database operator typically has unrestricted technical access, including: ▪ DBAs ▪ system admins ▪ hosting/infrastructure providers
  • 19. Trust models: server vs. client The fundamental challenge is protecting the confidentiality of data while it’s in use.
  • 21. Encrypting Data-in-Use Introducing MongoDB Client-Side Field-Level Encryption ▪ encryption as a first-class citizen ▪ modern, authenticated encryption algorithms
  • 22. Encrypting Data-in-Use Introducing MongoDB Client-Side Field-Level Encryption ▪ encryption as a first-class citizen ▪ modern, authenticated encryption algorithms ▪ strong security guarantees ▪ customer-managed keys ▪ content is opaque to server & server operator
  • 23. Encrypting Data-in-Use Introducing MongoDB Client-Side Field-Level Encryption ▪ major investment ▪ 2 years in the making ▪ 16+ engineers spanning core server, query, security, cloud, drivers ▪ targeting 12+ languages ▪ all major hardware & operating system platforms ▪ Linux, MacOS, Windows
  • 24. MongoDB Client-Side Field-Level Encryption Core design ▪ enabled in drivers ▪ drivers have expanded MQL awareness ▪ extends existing JSON Schema with new “encrypt” propert
  • 25. MongoDB Client-Side Field-Level Encryption Core design ▪ enabled in drivers ▪ drivers have expanded MQL awareness ▪ extends existing JSON Schema with new “encrypt” propert ▪ adds JSON Schema validation to the client ▪ individual fields within collections can be marked as encrypte ▪ keys can be used on a per-field, per-document basis
  • 26. MongoDB Client-Side Field-Level Encryption Cryptography ▪ multiple encryption options, including deterministic search ▪ cloud key services are natively integrated ▪ modern authenticated encryption with AES-256 & SHA-2 ▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson)
  • 27. MongoDB Client-Side Field-Level Encryption Cryptography ▪ multiple encryption options, including deterministic search ▪ cloud key services are natively integrated ▪ modern authenticated encryption with AES-256 & SHA-2 ▪ AEAD_AES_CBC_HMAC_SHA512 (2015 IETF draft: McGrew, Foley, Paterson) ▪ abuse-resistant derived deterministic IVs ▪ native OS libraries used for crypto primitives
  • 28. MongoDB Client-Side Field-Level Encryption Developer view ▪ new JSON Schema attribute “encrypt” ▪ schema validation extended to the client/application ▪ key management services integrated into drivers
  • 29. MongoDB Client-Side Field-Level Encryption Developer view ▪ new JSON Schema attribute “encrypt” ▪ schema validation extended to the client/application ▪ key management services integrated into drivers ▪ driver generates secure request for field keys ▪ all encryption/decryption is done in the driver (on the client) ▪ server only sees encrypted binary data (BinData subtype-6)
  • 30. MongoDB Client-Side Field-Level Encryption How does it work?
  • 31. MongoDB Client-Side Field-Level Encryption { firstName: "Pat", lastName: "Lee", ssn: "901-01-0001", email: "lee@example.com", mobile: "+1-212-555-1234", medRecNum: 235498 } { firstName: "Pat", lastName: "Lee", ! ssn: "r6EaUcgZ4lGw…", ! email: "K4b5U3TlcIXh…", ! mobile: "oR72CW4Wf5Ej…", medRecNum: 235498 } View from application View from database (admin, server, DB logs, process memory)
  • 33. Let’s look at some code
  • 34. "test.patients" : { "bsonType" : "object", "properties" : { "medRecNum" : { "bsonType" : "int" }, "firstName" : { "bsonType" : "string" }, "lastName" : { "bsonType" : "string" }, "ssn" : { "encrypt" : { "bsonType" : "string", "algorithm" : encryption_mode, "keyId" : [ key1 ] } }, "mobile" : { "bsonType" : "string" }, "email" : { "bsonType" : "string" }, }}
  • 35. "test.patients" : { "bsonType" : "object", "properties" : { "medRecNum" : { "bsonType" : "int" }, "firstName" : { "bsonType" : "string" }, "lastName" : { "bsonType" : "string" }, "ssn" : { "encrypt" : { "bsonType" : "string", "algorithm" : encryption_mode, "keyId" : [ key1 ] } }, "mobile" : { "bsonType" : "string" }, "email" : { "bsonType" : "string" }, }}
  • 36. "test.patients" : { "bsonType" : "object", "properties" : { "medRecNum" : { "bsonType" : "int" }, "firstName" : { "bsonType" : "string" }, "lastName" : { "bsonType" : "string" }, "ssn" : { "encrypt" : { "bsonType" : "string", "algorithm" : encryption_mode, "keyId" : [ key1 ] } }, "mobile" : { "bsonType" : "string" }, "email" : { "bsonType" : "string" }, }}
  • 37. var keystore = db.getCollection("__keystore") var clientSideFLEOptions = { "kmsProviders" : { "aws" : { "accessKeyId" : env.KMSKID , "secretAccessKey" : env.KMSKEY } }, "schemas" : { patientSchema } , "keyVaultCollection" : keystore } encryptedSession = new Mongo("localhost",clientSideFLEOptions)
  • 38. var keystore = db.getCollection("__keystore") var clientSideFLEOptions = { "kmsProviders" : { "aws" : { "accessKeyId" : env.KMSKID , "secretAccessKey" : env.KMSKEY } }, "schemas" : { patientSchema } , "keyVaultCollection" : keystore } encryptedSession = new Mongo("localhost",clientSideFLEOptions)
  • 39. var encryptedDb = encryptedSession.getDB("test"); encryptedSession.getKeyStore().createKey( "aws", env.KMSARN, ["key1"] ) var keys = encryptedSession.getKeyStore().getKeys() var key1 = keys.getKeyByAltName("key1")
  • 40. Query on an unencrypted field
  • 41. encryptedDb.patients.find({ "medRecNum" : 235498 }) Query on an unencrypted field
  • 42. { "firstName" : "Pat", "lastName" : "Lee", "medRecNum" : 235498, "ssn" : "901-01-0001", "mobile" : "212-555-1234", "email" : "lee@example.com" } View to a client holding a valid key:
  • 43. { "firstName" : "Pat", "lastName" : "Lee", "medRecNum" : 235498, "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "lee@example.com" } View to a client lacking a valid key:
  • 44. { "firstName" : "Pat", "lastName" : "Lee", "medRecNum" : 235498, "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "lee@example.com" } View to legacy clients:
  • 45. { "firstName" : "Pat", "lastName" : "Lee", "medRecNum" : 235498, "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "lee@example.com" } View to database administrator:
  • 46. { "firstName" : "Pat", "lastName" : "Lee", "medRecNum" : 235498, "ssn" : BinData(6,"ASV2YBzOhUZZu643i7Y..."), "mobile" : "212-555-1234", "email" : "lee@example.com" } View to database, server memory, logs, backups:
  • 47. Query on an encrypted field
  • 48. encryptedDb.patients.find({ "ssn": "901-01-0001" }) Query on an encrypted field
  • 49. encryptedDb.patients.find({ "ssn": "901-01-0001" }) Query on an encrypted field
  • 50. encryptedDb.patients.find({ "ssn": "901-01-0001" }) encryptedDb.patients.find({ "ssn": BinData(6,"ASV2YBzOhUY…" )}) Query on an encrypted field
  • 52. MongoDB Client-Side Field-Level Encryption Roadmap ▪ beta preview 4.2 rc2 available now – Java, Node.js & Shell fi ▪ additional language beta previews in coming weeks ▪ server support in Atlas via rc1+ preview ▪ 3rd party cryptography reviews in progress ▪ Docs & University – In Flight
  • 53. MongoDB Client-Side Field-Level Encryption Takeaways ▪ 4.2 introduces client-side field-level encryption ▪ designed for the most sensitive workloads ▪ enabled in all supported drivers on all supported platforms ▪ allows fields to be marked as encrypted, at the document-leve
  • 54. MongoDB Client-Side Field-Level Encryption Takeaways ▪ 4.2 introduces client-side field-level encryption ▪ designed for the most sensitive workloads ▪ enabled in all supported drivers on all supported platforms ▪ allows fields to be marked as encrypted, at the document-leve ▪ multiple enforcement options (client-side, server-side, or both) ▪ backwards compatible with existing admin & cluster tools ▪ EA/Atlas – automatic/transparent encryption (no app changes ▪ Community – explicit/manual encryption(requires app changes
  • 55. Q&A