SlideShare una empresa de Scribd logo

Mongo db 2.6_security_architecture

Mat Keep
Mat Keep

This document provides an overview of MongoDB's security architecture and best practices for compliance and data protection. It discusses the evolving data security landscape, regulatory compliance requirements, and how MongoDB implements authentication, authorization, auditing, encryption, and other controls. Specific features covered include roles-based access control, field level redaction, audit logging, network encryption, and integrations with third-party security tools. Resources for learning more about MongoDB security are also listed.

Tecnología
1 de 38
Descargar para leer sin conexión
Compliance & Data Protection in the Big Data Age - MongoDB Security Architecture Mat Keep MongoDB Product Management & Marketing mat.keep@mongodb.com @matkeep
2 Agenda •  Data Security Landscape and Challenges •  Best Practices and MongoDB Implementation •  Resources to Get Started
3 Security Breaches: More Users, More Cost http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
4 …and it’s getting worse •  $5.4m average cost of a data breach •  10% annual growth in financial impact of cybercrime •  96% of thefts come from database records Source: Symantec
5 Security: #2 Spending Increase
6 Security: Largest Skills Deficit
7 •  Data growth: 1.8 trillion gigabytes in 2011 to 7.9 trillion gigabytes by 2015 (IDC) •  Market Growth: Big data market forecast to reach $50bn by 2017 (Wikibon) •  Technologies Growth: DB-Engines now tracks over 210 data stores More Data, New Data
8 •  Analytics derived from “big data” becoming as valuable as traditional enterprise data •  Big data technologies must evolve to meet compliance standards of industry & government New Reality
9 •  Multiple standards –  PCI-DSS, HIPAA, NIST, STIG, EU Data Protection Directive, APEC data protection standardization •  Common requirements –  Data access controls –  Data protection controls –  Data permission –  Data audit Regulatory Compliance
10 Requirements Define Security Architecture Database
Best Practices & Enforcement in MongoDB
12 •  Confirming identity for everything accessing the database •  Create unique credentials for each entity •  Clients, admins/devs, software systems, other cluster nodes •  Integrated with the corporate authentication standards Authentication Application Reporting ETL application@enterprise.com reporting@enterprise.com etl@enterprise.com Joe.Blow@enterprise.com Jane.Doe@enterprise.com Sam.Stein@enterprise.com shard1@enterprise.com shard2@enterprise.com shard3@enterprise.com
13 •  Integrate with choice of corporate authentication mechanisms •  Kerberos protocol, with support for Active Directory •  PKI integration with x.509 Certificates, for clients and inter- cluster nodes •  IdM integration with LDAP support •  Red Hat Identity Management Authentication in MongoDB
14 •  Defines what an entity can do in the database •  Control which actions an entity can perform •  Grant access only to the specific data needed Authorization User Identity Resource Commands Responses Authorization
15 Authorization in MongoDB •  User-defined roles assign fine-grained privileges, applied per collection, delegate across teams
16 MongoDB Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl •  Enables a single document to to store data with multiple security levels
17 Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl
18 Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl
19 Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl
20 Field Level Redaction: Implementation
21 •  Capture actions in the database •  Access •  Data •  Database configuration •  Used for compliance and forensics Auditing Audit Trail Collection Database
22 Auditing in MongoDB •  Capture •  Schema operations & database configuration changes •  Authentication & authorization activities •  Configurable filters •  Write log to multiple destinations in JSON or BSON •  Partner solutions for capture of read / write activity •  IBM Guardium
23 •  Encoding of data in transit & at rest –  Connections to database, and between nodes –  Data stored on disk…protected against attacks targeting OS or physical storage –  Mechanisms to sign & rotate keys –  FIPS-compliant cryptography Encryption
24 Encryption in MongoDB •  SSL on all connections & utilities –  FIPS 140-2 mode –  Mix with non-SSL on the same port •  On-disk encryption via partner solutions –  Gazzang –  LUKS –  IBM Guardium –  Bitlocker & TrueCrypt
25 •  Monitor –  Visualize 100+ system metrics –  Custom alerts •  Backup –  Continuous incremental backups –  Point-in-time recovery •  Automate (tech preview) –  Provision in minutes –  Hot upgrades MongoDB Management Service
26 •  Network filters: Router ACLs and Firewall •  Bind IP Addresses: limits network interfaces •  Run in VPN •  Dedicated OS user account: don’t run as root •  File system permissions: protect data, configuration & keyfiles Environmental Control
Putting it all Together
28 Business Needs Security Features Authentication In Database LDAP* Kerberos* x.509 Certificates Authorization Built-in Roles User-Defined Roles Field Level Redaction Auditing Admin Operations* Queries (via Partner Solutions) Encryption Network: SSL (with FIPS 140-2) Disk: Partner Solutions MongoDB Enterprise-Grade Security *Requires a MongoDB Subscription
29 Try it Out •  MongoDB Security Architecture Whitepaper & Security Checklist •  Extensive tutorials in the documentation •  Download MongoDB Enterprise
30 For More Information Resource Location MongoDB Downloads mongodb.com/download Free Online Training education.mongodb.com Webinars and Events mongodb.com/events White Papers mongodb.com/white-papers Case Studies mongodb.com/customers Presentations mongodb.com/presentations Documentation docs.mongodb.org Additional Info info@mongodb.com Resource Location
32 Subscriptions Community Basic Standard Enterprise Mgt. Tools Cloud Cloud On-Prem & Cloud On-Prem & Cloud Advanced Security SSL Ÿ On-Demand Training Ÿ SLA N/A 4 hours 1 Hour 30 Minutes Support Community 9am – 9pm M – F 24x7x365 24x7x365 License AGPL AGPL Commercial Commercial
33 7,000,000+ MongoDB Downloads 150,000+ Online Education Registrants 30,000+ MongoDB Management Service (MMS) Users 25,000+ MongoDB User Group Members 20,000+ MongoDB Days Attendees Global Community
34 MongoDB Use Cases Big Data Product & Asset Catalogs Security & Fraud Internet of Things Database-as-a- Service Mobile Apps Customer Data Management Data Hub Social & Collaboration Content Management Intelligence Agencies Top Investment and Retail Banks Top US Retailer Top Global Shipping Company Top Industrial Equipment Manufacturer Top Media Company Top Investment and Retail Banks
35 MongoDB Products and Services MongoDB University Certification and Training for Developers and Administrators – Online & In-Person MongoDB Management Service (MMS) Cloud-Based Service for Monitoring, Alerts, Backup and Restore Subscriptions Development & Production – On-Prem Monitoring, Advanced Security, Professional Support and Commercial License Consulting Expert Resources for All Phases of MongoDB Implementations
36 MongoDB Company Overview 350+ employees 1,000+ customers 13 offices around the world Over $231 million in funding
37 •  27 of the Top 100 Organizations •  10 of the Top Financial Services Institutions •  10 of the Top Electronics Companies •  10 of the Top Media and Entertainment Companies •  10 of the Top Retailers •  10 of the Top Telcos •  8 of the Top Technology Companies •  6 of the Top Healthcare Companies Fortune 500 & Global 500
38 Costs – Measured in Billions

Recomendados

MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB
 
Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Globus
 
Accelerating a Path to Digital with a Cloud Data Strategy
Accelerating a Path to Digital with a Cloud Data StrategyAccelerating a Path to Digital with a Cloud Data Strategy
Accelerating a Path to Digital with a Cloud Data StrategyMongoDB
 
Null talk
Null talkNull talk
Null talkAgam Jain
 
Identity based secure distributed data storage schemes
Identity based secure distributed data storage schemesIdentity based secure distributed data storage schemes
Identity based secure distributed data storage schemesSahithi Naraparaju
 
Identity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage SchemeIdentity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage SchemeVenkatesh Devam ☁
 
Data Sharing: Ensure Accountability Distribution in the Cloud
Data Sharing: Ensure Accountability Distribution in the CloudData Sharing: Ensure Accountability Distribution in the Cloud
Data Sharing: Ensure Accountability Distribution in the CloudSuraj Mehta
 
Implementing Your Full Stack App with MongoDB Stitch (Tutorial)
Implementing Your Full Stack App with MongoDB Stitch (Tutorial)Implementing Your Full Stack App with MongoDB Stitch (Tutorial)
Implementing Your Full Stack App with MongoDB Stitch (Tutorial)MongoDB
 

Recomendados

MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB
 
Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Globus
 
Accelerating a Path to Digital with a Cloud Data Strategy
Accelerating a Path to Digital with a Cloud Data StrategyAccelerating a Path to Digital with a Cloud Data Strategy
Accelerating a Path to Digital with a Cloud Data StrategyMongoDB
 
Null talk
Null talkNull talk
Null talkAgam Jain
 
Identity based secure distributed data storage schemes
Identity based secure distributed data storage schemesIdentity based secure distributed data storage schemes
Identity based secure distributed data storage schemesSahithi Naraparaju
 
Identity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage SchemeIdentity Based Secure Distributed Storage Scheme
Identity Based Secure Distributed Storage SchemeVenkatesh Devam ☁
 
Data Sharing: Ensure Accountability Distribution in the Cloud
Data Sharing: Ensure Accountability Distribution in the CloudData Sharing: Ensure Accountability Distribution in the Cloud
Data Sharing: Ensure Accountability Distribution in the CloudSuraj Mehta
 
Implementing Your Full Stack App with MongoDB Stitch (Tutorial)
Implementing Your Full Stack App with MongoDB Stitch (Tutorial)Implementing Your Full Stack App with MongoDB Stitch (Tutorial)
Implementing Your Full Stack App with MongoDB Stitch (Tutorial)MongoDB
 
Ensuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudEnsuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudSuraj Mehta
 
Webinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB DataWebinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB DataMongoDB
 
A Security and Privacy Measure for Encrypted Cloud Database
A Security and Privacy Measure for Encrypted Cloud DatabaseA Security and Privacy Measure for Encrypted Cloud Database
A Security and Privacy Measure for Encrypted Cloud DatabaseIJTET Journal
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Data sharing with accountability in cloud
Data sharing with accountability in cloudData sharing with accountability in cloud
Data sharing with accountability in cloudSusheenthiran Sujith
 
Secure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingSecure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingPriyank Rupera
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storagePapitha Velumani
 
Secure distributed de duplication systems with
Secure distributed de duplication systems withSecure distributed de duplication systems with
Secure distributed de duplication systems withShakas Technologies
 
JAVA TITLES 2014
JAVA TITLES 2014JAVA TITLES 2014
JAVA TITLES 2014SHPINE TECHNOLOGIES
 
Ensuring Distributed Accountability for Data Sharing in the Cloud
Ensuring Distributed Accountability for Data Sharing in the CloudEnsuring Distributed Accountability for Data Sharing in the Cloud
Ensuring Distributed Accountability for Data Sharing in the CloudSwapnil Salunke
 
What's New With Globus
What's New With GlobusWhat's New With Globus
What's New With GlobusGlobus
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilitySunkaraHariNarayana
 
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...MongoDB
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...HostedbyConfluent
 
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Kangaroot
 
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRUso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRMariaDB plc
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB
 

Más contenido relacionado

La actualidad más candente

Ensuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudEnsuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudSuraj Mehta
 
Webinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB DataWebinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB DataMongoDB
 
A Security and Privacy Measure for Encrypted Cloud Database
A Security and Privacy Measure for Encrypted Cloud DatabaseA Security and Privacy Measure for Encrypted Cloud Database
A Security and Privacy Measure for Encrypted Cloud DatabaseIJTET Journal
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Data sharing with accountability in cloud
Data sharing with accountability in cloudData sharing with accountability in cloud
Data sharing with accountability in cloudSusheenthiran Sujith
 
Secure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingSecure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingPriyank Rupera
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storagePapitha Velumani
 
Secure distributed de duplication systems with
Secure distributed de duplication systems withSecure distributed de duplication systems with
Secure distributed de duplication systems withShakas Technologies
 
Ensuring Distributed Accountability for Data Sharing in the Cloud
Ensuring Distributed Accountability for Data Sharing in the CloudEnsuring Distributed Accountability for Data Sharing in the Cloud
Ensuring Distributed Accountability for Data Sharing in the CloudSwapnil Salunke
 
What's New With Globus
What's New With GlobusWhat's New With Globus
What's New With GlobusGlobus
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilitySunkaraHariNarayana
 

La actualidad más candente (12)

Ensuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudEnsuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the Cloud
 
Webinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB DataWebinar: Best Practices for Securing and Protecting MongoDB Data
Webinar: Best Practices for Securing and Protecting MongoDB Data
 
A Security and Privacy Measure for Encrypted Cloud Database
A Security and Privacy Measure for Encrypted Cloud DatabaseA Security and Privacy Measure for Encrypted Cloud Database
A Security and Privacy Measure for Encrypted Cloud Database
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
Data sharing with accountability in cloud
Data sharing with accountability in cloudData sharing with accountability in cloud
Data sharing with accountability in cloud
 
Secure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwardingSecure erasure code based cloud storage system with secure data forwarding
Secure erasure code based cloud storage system with secure data forwarding
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
 
Secure distributed de duplication systems with
Secure distributed de duplication systems withSecure distributed de duplication systems with
Secure distributed de duplication systems with
 
JAVA TITLES 2014
JAVA TITLES 2014JAVA TITLES 2014
JAVA TITLES 2014
 
Ensuring Distributed Accountability for Data Sharing in the Cloud
Ensuring Distributed Accountability for Data Sharing in the CloudEnsuring Distributed Accountability for Data Sharing in the Cloud
Ensuring Distributed Accountability for Data Sharing in the Cloud
 
What's New With Globus
What's New With GlobusWhat's New With Globus
What's New With Globus
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountability
 

Similar a Mongo db 2.6_security_architecture

Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...MongoDB
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...HostedbyConfluent
 
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Kangaroot
 
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRUso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRMariaDB plc
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB
 
Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5Globus
 
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)Globus
 
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
Creating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseCreating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseEDB
 
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax
 
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security Mydbops
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 

Similar a Mongo db 2.6_security_architecture (20)

Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
Webinar: Compliance and Data Protection in the Big Data Age: MongoDB Security...
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB Enterprise
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDB
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...
Mitigating One Million Security Threats With Kafka and Spark With Arun Janart...
 
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
 
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRUso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
 
Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5
 
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
 
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
 
Creating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseCreating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres Database
 
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
DataStax | Best Practices for Securing DataStax Enterprise (Matt Kennedy) | C...
 
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security Achieving compliance With MongoDB Security
Achieving compliance With MongoDB Security
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
Accelerating DynamoDB with DAX
Accelerating DynamoDB with DAX Accelerating DynamoDB with DAX
Accelerating DynamoDB with DAX
 

Más de Mat Keep

Blockchain & the IoT
Blockchain & the IoTBlockchain & the IoT
Blockchain & the IoTMat Keep
 
10-Step Methodology to Building a Single View with MongoDB
10-Step Methodology to Building a Single View with MongoDB10-Step Methodology to Building a Single View with MongoDB
10-Step Methodology to Building a Single View with MongoDBMat Keep
 
MongoDB at Baidu
MongoDB at BaiduMongoDB at Baidu
MongoDB at BaiduMat Keep
 
MongoDB_Spark
MongoDB_SparkMongoDB_Spark
MongoDB_SparkMat Keep
 
Business of iot_mongodb_spark
Business of iot_mongodb_sparkBusiness of iot_mongodb_spark
Business of iot_mongodb_sparkMat Keep
 
PayPal Big Data and MySQL Cluster
PayPal Big Data and MySQL ClusterPayPal Big Data and MySQL Cluster
PayPal Big Data and MySQL ClusterMat Keep
 
MySQL HA Solutions
MySQL HA SolutionsMySQL HA Solutions
MySQL HA SolutionsMat Keep
 
MySQL Cluster NoSQL Memcached API
MySQL Cluster NoSQL Memcached APIMySQL Cluster NoSQL Memcached API
MySQL Cluster NoSQL Memcached APIMat Keep
 
MySQL Cluster performance best practices
MySQL Cluster performance best practicesMySQL Cluster performance best practices
MySQL Cluster performance best practicesMat Keep
 
My sql 5.6_replwebinar_may12
My sql 5.6_replwebinar_may12My sql 5.6_replwebinar_may12
My sql 5.6_replwebinar_may12Mat Keep
 
NoSQL and MySQL webinar - best of both worlds
NoSQL and MySQL webinar - best of both worldsNoSQL and MySQL webinar - best of both worlds
NoSQL and MySQL webinar - best of both worldsMat Keep
 

Más de Mat Keep (11)

Blockchain & the IoT
Blockchain & the IoTBlockchain & the IoT
Blockchain & the IoT
 
10-Step Methodology to Building a Single View with MongoDB
10-Step Methodology to Building a Single View with MongoDB10-Step Methodology to Building a Single View with MongoDB
10-Step Methodology to Building a Single View with MongoDB
 
MongoDB at Baidu
MongoDB at BaiduMongoDB at Baidu
MongoDB at Baidu
 
MongoDB_Spark
MongoDB_SparkMongoDB_Spark
MongoDB_Spark
 
Business of iot_mongodb_spark
Business of iot_mongodb_sparkBusiness of iot_mongodb_spark
Business of iot_mongodb_spark
 
PayPal Big Data and MySQL Cluster
PayPal Big Data and MySQL ClusterPayPal Big Data and MySQL Cluster
PayPal Big Data and MySQL Cluster
 
MySQL HA Solutions
MySQL HA SolutionsMySQL HA Solutions
MySQL HA Solutions
 
MySQL Cluster NoSQL Memcached API
MySQL Cluster NoSQL Memcached APIMySQL Cluster NoSQL Memcached API
MySQL Cluster NoSQL Memcached API
 
MySQL Cluster performance best practices
MySQL Cluster performance best practicesMySQL Cluster performance best practices
MySQL Cluster performance best practices
 
My sql 5.6_replwebinar_may12
My sql 5.6_replwebinar_may12My sql 5.6_replwebinar_may12
My sql 5.6_replwebinar_may12
 
NoSQL and MySQL webinar - best of both worlds
NoSQL and MySQL webinar - best of both worldsNoSQL and MySQL webinar - best of both worlds
NoSQL and MySQL webinar - best of both worlds
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Mongo db 2.6_security_architecture

  • 1. Compliance & Data Protection in the Big Data Age - MongoDB Security Architecture Mat Keep MongoDB Product Management & Marketing mat.keep@mongodb.com @matkeep
  • 2. 2 Agenda •  Data Security Landscape and Challenges •  Best Practices and MongoDB Implementation •  Resources to Get Started
  • 3. 3 Security Breaches: More Users, More Cost http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • 4. 4 …and it’s getting worse •  $5.4m average cost of a data breach •  10% annual growth in financial impact of cybercrime •  96% of thefts come from database records Source: Symantec
  • 7. 7 •  Data growth: 1.8 trillion gigabytes in 2011 to 7.9 trillion gigabytes by 2015 (IDC) •  Market Growth: Big data market forecast to reach $50bn by 2017 (Wikibon) •  Technologies Growth: DB-Engines now tracks over 210 data stores More Data, New Data
  • 8. 8 •  Analytics derived from “big data” becoming as valuable as traditional enterprise data •  Big data technologies must evolve to meet compliance standards of industry & government New Reality
  • 9. 9 •  Multiple standards –  PCI-DSS, HIPAA, NIST, STIG, EU Data Protection Directive, APEC data protection standardization •  Common requirements –  Data access controls –  Data protection controls –  Data permission –  Data audit Regulatory Compliance
  • 12. 12 •  Confirming identity for everything accessing the database •  Create unique credentials for each entity •  Clients, admins/devs, software systems, other cluster nodes •  Integrated with the corporate authentication standards Authentication Application Reporting ETL application@enterprise.com reporting@enterprise.com etl@enterprise.com Joe.Blow@enterprise.com Jane.Doe@enterprise.com Sam.Stein@enterprise.com shard1@enterprise.com shard2@enterprise.com shard3@enterprise.com
  • 13. 13 •  Integrate with choice of corporate authentication mechanisms •  Kerberos protocol, with support for Active Directory •  PKI integration with x.509 Certificates, for clients and inter- cluster nodes •  IdM integration with LDAP support •  Red Hat Identity Management Authentication in MongoDB
  • 14. 14 •  Defines what an entity can do in the database •  Control which actions an entity can perform •  Grant access only to the specific data needed Authorization User Identity Resource Commands Responses Authorization
  • 15. 15 Authorization in MongoDB •  User-defined roles assign fine-grained privileges, applied per collection, delegate across teams
  • 16. 16 MongoDB Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl •  Enables a single document to to store data with multiple security levels
  • 17. 17 Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl
  • 18. 18 Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl
  • 19. 19 Field Level Redaction User 1 -  Confidential -  Secret {  _id:  ‘xyz’,      field1:  {            level:  [  “Confidential”  ],          data:  123      },        field2:  {            level:  [  “Top  Secret”  ],          data:  456      },      field3:  {            level:  [  “Unclassified”  ],          data:  789      }   }   User 2 -  Top Secret -  Secret -  Confidential User 3 -  Unclassified FieldLevelAccessControl
  • 20. 20 Field Level Redaction: Implementation
  • 21. 21 •  Capture actions in the database •  Access •  Data •  Database configuration •  Used for compliance and forensics Auditing Audit Trail Collection Database
  • 22. 22 Auditing in MongoDB •  Capture •  Schema operations & database configuration changes •  Authentication & authorization activities •  Configurable filters •  Write log to multiple destinations in JSON or BSON •  Partner solutions for capture of read / write activity •  IBM Guardium
  • 23. 23 •  Encoding of data in transit & at rest –  Connections to database, and between nodes –  Data stored on disk…protected against attacks targeting OS or physical storage –  Mechanisms to sign & rotate keys –  FIPS-compliant cryptography Encryption
  • 24. 24 Encryption in MongoDB •  SSL on all connections & utilities –  FIPS 140-2 mode –  Mix with non-SSL on the same port •  On-disk encryption via partner solutions –  Gazzang –  LUKS –  IBM Guardium –  Bitlocker & TrueCrypt
  • 25. 25 •  Monitor –  Visualize 100+ system metrics –  Custom alerts •  Backup –  Continuous incremental backups –  Point-in-time recovery •  Automate (tech preview) –  Provision in minutes –  Hot upgrades MongoDB Management Service
  • 26. 26 •  Network filters: Router ACLs and Firewall •  Bind IP Addresses: limits network interfaces •  Run in VPN •  Dedicated OS user account: don’t run as root •  File system permissions: protect data, configuration & keyfiles Environmental Control
  • 27. Putting it all Together
  • 28. 28 Business Needs Security Features Authentication In Database LDAP* Kerberos* x.509 Certificates Authorization Built-in Roles User-Defined Roles Field Level Redaction Auditing Admin Operations* Queries (via Partner Solutions) Encryption Network: SSL (with FIPS 140-2) Disk: Partner Solutions MongoDB Enterprise-Grade Security *Requires a MongoDB Subscription
  • 29. 29 Try it Out •  MongoDB Security Architecture Whitepaper & Security Checklist •  Extensive tutorials in the documentation •  Download MongoDB Enterprise
  • 30. 30 For More Information Resource Location MongoDB Downloads mongodb.com/download Free Online Training education.mongodb.com Webinars and Events mongodb.com/events White Papers mongodb.com/white-papers Case Studies mongodb.com/customers Presentations mongodb.com/presentations Documentation docs.mongodb.org Additional Info info@mongodb.com Resource Location
  • 31.
  • 32. 32 Subscriptions Community Basic Standard Enterprise Mgt. Tools Cloud Cloud On-Prem & Cloud On-Prem & Cloud Advanced Security SSL Ÿ On-Demand Training Ÿ SLA N/A 4 hours 1 Hour 30 Minutes Support Community 9am – 9pm M – F 24x7x365 24x7x365 License AGPL AGPL Commercial Commercial
  • 33. 33 7,000,000+ MongoDB Downloads 150,000+ Online Education Registrants 30,000+ MongoDB Management Service (MMS) Users 25,000+ MongoDB User Group Members 20,000+ MongoDB Days Attendees Global Community
  • 34. 34 MongoDB Use Cases Big Data Product & Asset Catalogs Security & Fraud Internet of Things Database-as-a- Service Mobile Apps Customer Data Management Data Hub Social & Collaboration Content Management Intelligence Agencies Top Investment and Retail Banks Top US Retailer Top Global Shipping Company Top Industrial Equipment Manufacturer Top Media Company Top Investment and Retail Banks
  • 35. 35 MongoDB Products and Services MongoDB University Certification and Training for Developers and Administrators – Online & In-Person MongoDB Management Service (MMS) Cloud-Based Service for Monitoring, Alerts, Backup and Restore Subscriptions Development & Production – On-Prem Monitoring, Advanced Security, Professional Support and Commercial License Consulting Expert Resources for All Phases of MongoDB Implementations
  • 36. 36 MongoDB Company Overview 350+ employees 1,000+ customers 13 offices around the world Over $231 million in funding
  • 37. 37 •  27 of the Top 100 Organizations •  10 of the Top Financial Services Institutions •  10 of the Top Electronics Companies •  10 of the Top Media and Entertainment Companies •  10 of the Top Retailers •  10 of the Top Telcos •  8 of the Top Technology Companies •  6 of the Top Healthcare Companies Fortune 500 & Global 500
  • 38. 38 Costs – Measured in Billions