MongoDB, the popular general purpose cloud platform, has introduced Field Level Encryption as part of the latest version of its core database, replacing column encryption mostly used in legacy databases and eradicating the handling of encryption on the server-side that allowed administrators to access data even if they lacked client access privileges.
The latest move by MongoDB comes amid a large number of news reports highlighting a number of massive data breaches and exposures suffered by organisations that stored large amounts of data in MongoDB servers.
In May, security researcher Bob Diachenko discovered publicly indexed MongoDB database hosted on Amazon AWS infrastructure that contained over 275 million records with personally identifiable information (PII) on Indian citizens but was not secured from external access.
According to Diachenko, the unprotected MongoDB database contained 275,265,298 records with personally identifiable information (PII) on Indian citizens that included names, email addresses, gender, mobile phone numbers, dates of birth, current salary, employment history, education levels, and professional skills of millions of Indian citizens.
In March, security researcher Satyam Jain stumbled upon an exposed MongoDB database that contained real-time locations of as many as 238,000 users of the Family Locator app. Upon reviewing the database, TechCrunch noted that none of the data in the database was encrypted, that "each account record contained a user’s name, email address, profile photo and their plaintext passwords".
Admins without client access privileges can no longer access encrypted data in MongoDB databases
There were just two out of hundreds of instances when organisations stored data in MongoDB databases but failed to secure them with passwords or additional authentication. However, according to MongoDB, such data exposures will drastically come down thanks to Field Level Encryption that it recently introduced in MongoDB 4.2.
Thanks to Field Lever encryption, encryption in MongoDB databases will from now on be handled from the client-side instead of from the server-side. What this means is that system administrators will no longer be able to access encrypted data stored in operating systems, the database server, logs, and backups without obtaining client access along with the keys necessary to decrypt the data.
Hence, if malicious actors gain administrator privileges to certain public-facing databases, they will not be able to access encrypted data as they will have to acquire explicit client access privileges and encryption keys to read such data.
"We partnered with two of the world’s leading authorities on database cryptography, including a co-author of the IETF Network Working Group Draft on Authenticated AES encryption, to develop Field Level Encryption. Drawn from academia and industry, these teams have provided expert guidance on MongoDB’s Field Level Encryption design and reviewed the Field Level Encryption software implementation," said Lena Smart, CISO at MongoDB.
"Field Level Encryption enables users to have encrypted fields on the server—stored in-memory, in system logs, at-rest and in backups—which are rendered as ciphertext, making them unreadable to any party who does not have client access or the keys necessary to decrypt the data," the company said.
Field Level Encryption in MongoDB databases will also allow organisations to be GDPR-compliant as far as honouring customers' right to be forgotten is concerned. If a customer requests that his personal data be deleted from an organisation's databases, the organisation can comply with the request by simply destroying the customer key. This will ensure that any data related to the particular customer will be rendered useless.