Joel Odom

2 results

Strengthen Data Security with MongoDB Queryable Encryption

MongoDB Queryable Encryption is a groundbreaking, industry-first innovation developed by the MongoDB Cryptography Research Group that allows customers to encrypt sensitive application data, store it securely in an encrypted state in the MongoDB database, and perform equality and range queries directly on the encrypted data—with no cryptography expertise required. Adding range query support to Queryable Encryption significantly enhances data retrieval capabilities by enabling more flexible and powerful searches. Queryable Encryption is available in MongoDB Atlas, Enterprise Advanced, and Community Edition. Encryption: Protecting data through every stage of its lifecycle Encryption is a critical security method for ensuring protection of sensitive data and compliance with regulations like GDPR, CCPA, and HIPAA. It involves rendering data unreadable to anyone without the decryption key. It can protect data in three ways: in-transit (over networks), at-rest (when stored), and in-use (during processing). While encryption in-transit and at-rest are standard for all databases and are well-supported by MongoDB , encryption in-use presents a unique challenge. Encryption in-use is difficult because encrypted data is unreadable—it looks like random characters and symbols. Traditionally, the database can’t run queries on encrypted data without decrypting it first to make it readable. However, if the database doesn’t have a decryption key, it has to send encrypted data back to the application or system (i.e., the client) that has the key so it can be decrypted before querying. This is a pattern that doesn’t scale well for real-world applications. This puts organizations in a difficult spot: in-use encryption is important for data privacy and regulatory compliance, but it's hard to implement. In the past, companies have either chosen not to encrypt sensitive data in-use or have employed less secure workarounds that complicate their operations. MongoDB Queryable Encryption: Safeguarding data in use without sacrificing efficiency MongoDB Queryable Encryption solves this problem. It allows organizations to encrypt their sensitive data, like personally identifiable information (PII) or protected health information (PHI), and to run equality and range queries directly on that data without having to decrypt it. Queryable Encryption was developed by the MongoDB Cryptography Research Group , drawing on their pioneering expertise in cryptography and encrypted search, and Queryable Encryption has been peer-reviewed by leading cryptography experts worldwide. Unmatched in the industry, MongoDB is the only data platform that allows customers to run expressive queries directly on non-deterministically encrypted data. This represents a groundbreaking advantage for customers, allowing them to maintain robust protection for their sensitive data without sacrificing operational efficiency or developer productivity by still enabling expressive queries to be performed on it. Organizations of all sizes, across all industries, can benefit from the impactful outcomes enabled by Queryable Encryption, such as: Stronger data protection: Data stays encrypted at every stage—whether in-transit, at-rest, or in-use—reducing the risk of sensitive data exposure or breaches. Enhanced regulatory compliance: Provides customers with the necessary tools to comply with data protection regulations like GDPR, CCPA, and HIPAA by ensuring robust encryption at every stage. Streamlined operations: Simplifies the encryption process without needing costly custom solutions, specialized cryptography teams, or complex third-party tools. Solidified separation of duties: Supports stricter access controls, where MongoDB and even a customer's database administrators (DBAs) don’t have access to sensitive data. Use cases for Queryable Encryption MongoDB Queryable Encryption has many use cases for organizations that host sensitive data, regardless of their size or industry. The recent addition of range query support to Queryable Encryption broadens those use cases even wider. Here are some examples to help illustrate how Queryable Encryption could be used to protect and query sensitive data: Financial Services Credit Scoring: Assess creditworthiness by querying encrypted data such as credit scores and income levels. For example, segment your customers based on credit scores between 600 and 750. Fraud Detection: Detect anomalies by querying encrypted transaction amounts for values that exceed typical spending patterns, such as transactions above $10,000. Insurance Risk Assessment: Personalize policy offerings by querying encrypted client data for risk levels within specified ranges, enhancing customer service without exposing sensitive information. Claims Processing: Automate claims processing by querying encrypted claims data for amounts within specific ranges or for claims within time periods, streamlining operations while safeguarding information. Healthcare Medical Research: Execute range-based searches on encrypted medical records, such as querying encrypted datasets for patients within specific age ranges or for abnormal lab results for medical research. Billing and Insurance Processing: Perform secure range queries on encrypted billing data to process insurance claims and payments while protecting patient financial details. Education Grading Systems: Process encrypted student scores to award grades within specific ranges, ensuring compliance with FERPA while protecting student privacy and maintaining data security. Financial Aid Distribution: Analyze encrypted income data within certain ranges to determine eligibility for scholarships and financial aid. Comprehensive data protection at every stage With Queryable Encryption, MongoDB offers unmatched protection for sensitive data throughout its entire lifecycle—whether in-transit, at-rest, or in-use. Now, with the addition of range query support, Queryable Encryption meets even more of the demands of modern applications, unlocking new use cases. To get started, explore the Queryable Encryption documentation .

October 16, 2024

通过独特的可查询加密技术,MongoDB为数据安全提供覆盖全生命周期的保护

MongoDB可查询加密( Queryable Encryption )由MongoDB加密研究小组(Cyptography Research Group)开发,是具有突破性意义的业界首创技术。该技术允许客户对应用中的敏感数据进行加密,不但可以将其以加密状态安全地存储在MongoDB数据库中,还可直接在加密数据上执行等值查询和范围查询,且无需具备加密专业知识。在原有可查询加密技术中增加了范围查询,进一步增强了数据检索功能,使搜索更加灵活和强大。目前,可查询加密在MongoDB Atlas、企业高级版(Enterprise Advanced)和社区版(Community Edition)中均可用。 覆盖数据安全全生命周期的加密技术 企业要确保对于敏感数据的保护并符合各种相关法律法规,如欧盟的《通用数据保护条例》 (GDPR)等,加密技术至关重要。这涉及将数据转换为任何没有解密密钥的人都无法读取的形式。加密可以通过三种方式保护数据:传输中(通过网络时)、静态(存储时)、使用中(处理期间)。传输中和静态数据的加密是所有数据库的标配( MongoDB也不例外 ),但使用中的数据加密却带来了独特的挑战。 对于使用中数据的加密之所以困难,是因为加密后的数据不可读,看起来像是一串随机的字符和符号。传统上,数据库无法直接对加密数据进行查询,而必须先将其解密为可读形式。然而,如果数据库没有解密密钥,它就必须将加密数据发送回拥有密钥的应用程序或系统(如客户端),以便在查询之前进行解密。很显然,这种模式在实际应用中不具备扩展性。 这使企业陷入两难境地:对使用中数据的加密在数据隐私保护和法规合规性方面至关重要,但却难以实现。过去,公司要么选择不对使用中的敏感数据进行加密,要么采用安全性较低的变通方法,而后者会导致操作变得更加复杂。 MongoDB 可查询加密:保护使用中的数据,且不影响效率 MongoDB 可查询加密解决了这一难题。它允许组织对敏感数据(如个人身份、医疗信息等)进行加密,并能够在不解密的情况下直接对这些数据执行等值查询和范围查询。 可查询加密由 MongoDB加密研究小组 (Cyptography Research Group)开发,得益于团队成员所具备的密码学和加密搜索领域领先的专业知识,已经通过了全球顶尖密码学专家的同行评审。让MongoDB独特于业界其他厂商的是,MongoDB是目前唯一一个允许客户直接在非确定性加密数据上运行复杂查询的数据平台。客户可以因此获得突破性的优势,能够对敏感数据进行表达式查询,在不牺牲运营效率或开发者生产力的同时,为敏感数据提供强大的保护。 各行各业、各种规模的组织都能从可查询加密带来的显著成果中受益,例如: 数据保护更强: 数据在传输、存储和使用中的每个阶段都保持加密状态,从而降低了敏感数据泄露或被攻破的风险。 增强法规合规性: 通过确保数据在每个阶段都进行加密,为客户提供遵守如GDPR等数据保护法规所需的工具。 简化操作: 无需昂贵的定制解决方案、专业的加密团队或复杂的第三方工具,即可简化加密过程。 明确的职责分离: 支持更严格的访问控制,甚至MongoDB和客户自身的数据库管理员(DBA)都无法访问敏感数据。 MongoDB 可查询加密的使用场景 MongoDB 可查询加密可广泛用于各类需要对敏感数据进行保护的组织,不论其所在行业和规模大小。而且,可查询加密新增了对范围查询的支持,这进一步扩大了使用场景。以下为部分示例,用以说明可以如何使用可查询加密来保护和查询敏感数据: 金融服务 信用评分:通过查询加密数据(如信用评分和收入水平)来评估信用度。例如,根据信用评分在某个分数范围内的客户来进行客户细分。 欺诈检测:通过查询加密的交易金额,查找超越一般消费模式的异常值,如交易金额超过10万元的交易,以此来检测欺诈行为。 保险 风险评估:通过查询加密的客户数据,在指定范围内查找风险等级,从而个性化提供保险建议,提升客户服务质量,同时不披露敏感信息。 理赔处理:通过查询加密的理赔数据,查找金额在特定范围内或特定时间段内的理赔案件,实现理赔处理自动化,在简化操作流程的同时保护信息安全。 医疗健康 医学研究:对加密的医疗记录执行基于范围的搜索,例如查询特定年龄段内的患者或医学研究中异常的实验室结果的加密数据集。 账单和保险处理:对加密的账单数据执行安全的范围查询,以处理保险索赔和支付,同时保护患者的财务信息。 教育 评分系统:处理加密的学生分数,以在特定范围内评定分数等级,保护学生隐私并维护数据安全。 经济资助分配:分析特定范围内的加密收入数据,以确定学生是否符合奖学金、助学金的资格 保护数据安全生命周期的每一个环节 MongoDB可查询加密技术,可以为敏感数据在其整个生命周期内(无论是在传输、静态还是使用中)提供无与伦比的保护。现在,通过增加对范围查询的支持,MongoDB可查询加密技术更好地满足了现代应用程序的需求,并解锁了新的使用场景。 如需了解更多信息,可登录查阅 MongoDB可查询加密网页 。

October 16, 2024