MongoDB will encrypt your data to protect it from hackers


Data stored in MongoDB will be encrypted at rest by the company, in one of several new features announced at MongoDB World in New York.

The database firm is targeting regulated areas such as healthcare, financial services and government with its forthcoming ability to encrypt data at rest, but is also responding to concern over widespread data breaches suffered over the last two years.

Strategy VP Kelly Stirman told IT Pro: "The interest has become much more mainstream because of these bad examples, and the part that we can help with is in terms of ensuring the security of the data that's inside the database.

"This is something we've done with partners in the past but I think most users of MongoDB would rather it just handles that for them. Involving another vendor, no, [customers think] just save me the hassle and do it for us."

US retailer Target paid out $19 million for leaking millions of customer records in 2013, and Juniper Research predicts cyber breaches will cost firms $2.1 trillion by 2019.

The encryption keys will be secured by the industry standard Key Management Interoperability Protocol (KMIP).

While most services encrypt data in-flight, it is generally more expensive to encrypt it at rest, and Stirman indicated MongoDB would most likely charge for the feature when it's released as part of version 3.2 later this year.

The news comes as one of a string of announcements about the forthcoming update, with another being Document Validation, which introduces the ability to apply schemas to MongoDB.

Schemas are typical in SQL databases, providing a structured set of fields into which the data you store must fit. However, NoSQL databases eschew them in order to store more unstructured information, such as social media, photos and videos.

MongoDB usually allows an application to define the scheme for a particularly dataset in a technique called dynamic schema, but is introducing Document Validation to allow its users to create mandatory fields when they wish to.

Asked whether lacking a strict schema can intimidate users, CEO Dev Ittycheria told IT Pro: "I think it is, for people who are not comfortable [with a dynamic schema].

"It's not that there's no schema, it's that the schema can change and you just want a way to validate the data you're putting into the database."

Lastly, MongoScout will provide a new graphic interface between database administrators and MongoDB to help them find the data they're looking for more easily.

In addition to displaying individual documents, MongoScout can analyse datasets to visualise the fields and their values, while administrators and developers can use it to improve their indexing and validation rules.

Eliot Horowitz, co-founder and CTO of MongoDB, said: "As the range of applications built on MongoDB continues toexpand, we believe the capabilities announced today will be extremely well received as they deliver on our core promise - to help organisations move faster, and dramatically simplify access to data to a broader audience."

All these updates, and yesterday's BI Connector tool, which links SQL data analysis tools like Tableau to the MongoDB database, will be released as part of version 3.2, due out in the fourth quarter of 2015.