SoylentNews is people
SoylentNews
MongoDB's Field-Level Encryption Protects Private Data—Even From DBAs[:
In December 2019, popular document database MongoDB added a fairly radical new feature to the platform: field-level database encryption. At first glance, one might wonder whether this is a meaningful feature in a world that already has at-rest storage encryption and in-flight transport encryption—but after a little closer analysis, the answer is a resounding yes.
One of MongoDB's first customers to use the new technology is Apervita, a vendor that handles confidential data for well over 2,000 hospitals and nearly 2 million individual patients. Apervita worked side by side with MongoDB during development and refinement of the technology.
Since reaching general availability in December, the technology has also been adopted by several government agencies and Fortune 50 companies, including some of the largest pharmacies and insurance providers.
This is a good thing. Field Level Encryption (FLE) is a must for any DB these days.
(Score: 1, Informative) by Anonymous Coward on Saturday April 04 2020, @02:28AM
Fortunately I remember reading the same thing from a pointer on Bruce Schneider's blog: https://www.schneier.com/blog/archives/2019/03/data_leakage_fr.html [schneier.com]
It was interesting to learn that any useful field-level encryption beyond simple key-value pairs was just a false sense of security.