Before adding sensitive data to your database, it’s imperative that you thoroughly consider security and implement measures to keep it safe. MongoDB Atlas strives to streamline this process for developers by integrating a growing set of core security features with our deployments. As an engineer on Atlas, I think about how to make these features comprehensive and easy to use, and observe how developers interact with them. In this talk, I’ll discuss why the features we provide are important, and how you can easily tune them to suit your particular needs as your application grows.
24. Role Based Access Control
Sauce-maker
Can read and edit
sauce recipe
Burger Chefs
Can read and edit
burger recipes
MongoDB RolesMongoDB Users
Guest Chef
Can read recipes for 1
day
chef4life
employee1
employee2
gordonRamsay
25. Connecting to the Database
Owner
Employee
chef4life
******
employee1
******
26. Defining Roles in Atlas
Best Practices:
§ No shared credentials!
§ Principle of least privilege
35. Why do we care? How can Atlas help?
Your life is difficult enough, keeping systems patched and monitoring
them constantly…so let us help you!
§ Atlas supports the two latest versions of MongoDB Server, with automatic
patching and single-click upgrades
§ Instant visibility into the database and hardware metrics that matter to you!
§ Monitoring and Alerting: Stay ahead of any issues that could impact
performance and user experience
§ Strong “out of the box” security to protect your valuable data
§ High availability and Disaster recovery
38. Atlas Projects
Development Testing Production
Employee machines
All employees can
read and write
App servers
Only owner can
read and write
Test servers
Some employees
can read and write
41. What We Do By Default
§ TLS
§ All resources provisioned in virtual networks
§ Required IP whitelist
§ Required user authentication
§ Encryption at Rest
§ Alerting
§ Automatic version upgrades
42. What We Enable You to Do
§ Virtual network peering
§ Fine-grained role-based access control
§ LDAP Authentication and Authorization
§ Encryption at Rest with your own Key Management
§ Advanced database auditing
§ Division of projects
43. Recommendations to Take Away
§ Take advantage of these features
§ Bake security into development process
§ Iterate