Stories
Slash Boxes
Comments

SoylentNews is people

MongoDB's Field-Level Encryption Protects Private Data—Even From DBAs

posted by martyb on Friday April 03 2020, @12:07PM   Printer-friendly
from the putting-at-all-tqqq- dept.

Fnord666 writes:

MongoDB's Field-Level Encryption Protects Private Data—Even From DBAs[:

In December 2019, popular document database MongoDB added a fairly radical new feature to the platform: field-level database encryption. At first glance, one might wonder whether this is a meaningful feature in a world that already has at-rest storage encryption and in-flight transport encryption—but after a little closer analysis, the answer is a resounding yes.

One of MongoDB's first customers to use the new technology is Apervita, a vendor that handles confidential data for well over 2,000 hospitals and nearly 2 million individual patients. Apervita worked side by side with MongoDB during development and refinement of the technology.

Since reaching general availability in December, the technology has also been adopted by several government agencies and Fortune 50 companies, including some of the largest pharmacies and insurance providers.

This is a good thing. Field Level Encryption (FLE) is a must for any DB these days.

Original Submission

 
This discussion has been archived. No new comments can be posted.
MongoDB's Field-Level Encryption Protects Private Data—Even From DBAs | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday April 03 2020, @03:39PM (1 child)

    by Anonymous Coward on Friday April 03 2020, @03:39PM (#978747)

    There's nothing to stop the application from encrypting data before it writes it to the database. Probably so many people are doing it that MongoDB is just catching up with what their customers have been doing for years.

    People were encrypting data before writing it to database fields for decades. There are really good reasons, IMHO, to keep the encryption in the application instead of putting it in the database. Particularly if your DBA is an H1-B in Hyderabad.

    Like the previous commenter says, there's no point in encrypting data if all one needs to do is reference the boot time start script for the database, to see the password with which all the data is being encrypted.

    However, expect clueless management, steered by salespersons, to insist that all encryption be moved to the database, for ease of key management.

    Followed, some months or years later, by a major compromise that destroys the company.

    You read it here first.

    ~childo

  • (Score: 0) by Anonymous Coward on Friday April 03 2020, @10:10PM

    by Anonymous Coward on Friday April 03 2020, @10:10PM (#978889)

    Particularly if your DBA is an H1-B in Hyderabad.

    An H1-B visa is for folks *living* in the United States, not in foreign locations.

    Are you that ignorant, or are you just trying to push as many buttons (H1-B, immigration, foreign outsourcing) as possible?

    Either way, it's a dick move. Congratulations!