Security in Government Solutions: Why Secure By Default is Essential
Data security in government agencies is table stakes at this point. Everyone knows it’s essential, both for compliance and data protection purposes. However, most government agencies are working with solutions that require frequent security patches or built-on tools to protect their data. Today, the federal government is pushing its agencies to move to modernize their solutions and improve their security posture. For example, the DHS and Cybersecurity and Infrastructure Security Agency’s recently issued technical rule for modernization of the Protected Critical Information Infrastructure program – a program that provides legal protections for cyber and physical infrastructure information submitted to DHS. “The PCII Program is essential to CISA’s ability to gather information about risks facing critical infrastructure,” said Dr. David Mussington, Executive Assistant Director for Infrastructure Security. “This technical rule modernizes and clarifies important aspects of the Program, making it easier for our partners to share information with DHS. These revisions further demonstrate our commitment to ensuring that sensitive, proprietary information shared with CISA remains secure and protected.” So how can government agencies modernize their data infrastructure and find solutions that not only protect data but also power innovation? Let’s look into a few different strategies. 1. Why secure by default is key Secure by default means that any piece of software uses default security settings that are configured for the highest possible security out of the box. CISA Director Jen Easterly has addressed how using solutions that are secure by default is critical for any organization. “We have to have [multi-factor authentication] by default. We can't charge extra for security logging and [single sign-on],” Easterly said . “We need to ensure that we're coming together to really protect the technology ecosystem instead of putting the burden on those least able to defend themselves.” “The American people have accepted the fact that they’re constantly going to have to update their software,” she said. “The burden is placed on you as the user and that’s what we have to collectively stop.” Easterly is right. Secure-by-design solutions are vital to the success of data protection. The expectation should alway be that solutions have built-in, not bolt-on security features. One approach that’s gaining traction both in the public and private sectors is zero trust environments. In a zero trust environment, the perimeter is assumed to have been breached. There are no trusted users, and no user or device gains trust simply because of its physical or network location. Every user, device, and connection must be continually verified and audited. As the creator of zero trust, security expert John Kindervag, summed it up: “Never trust, always verify.” For government agencies, that means the underlying database must be secure by default, and it needs to limit users’ opportunities to make it less secure. 2. Security isn't just on-prem anymore; cloud is secure, too Cloud can be a scary word for public sector organizations. Trusting your sensitive data to the cloud might feel risky for those who handle some of the country’s most sensitive data. But, cloud providers are stepping up to meet the security needs of government agencies. There is no need to fear the cloud anymore. Government agencies and other public sector organizations nationwide are navigating cloud modernization through the lens of increased cybersecurity requirements outlined in the 2021 Executive Order on Improving the Nation’s Cybersecurity . “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.” Also, the major cloud providers are well established, purpose-built options for government users. AWS GovCloud, for example, is more than a decade old and was “ the first cloud provider to build cloud infrastructure specifically designed to meet U.S. government security and compliance needs.” This push by the federal government toward cloud modernization and increased cybersecurity will be a catalyst in upcoming years for rapid cloud adoption and greater dependence on cloud solutions designed specifically for government users. 3. Security features purpose-built for goverment needs are essential Government agencies are held to a higher standard than those in the private sector. From data used in sometimes life-or-death missions to data for students building their futures in educational institutions (and everything in between), security has real-world consequences. Today, security is non-negotiable and like we explored above, it’s especially crucial that public sector entities have built-in security measures to keep data protected. So, what built-in features should you look for? Network isolation and access It’s critical that your data and underlying systems are fully isolated from other organizations using the same cloud provider. Database resources should be associated with a user group, which is contained in its own Virtual Private Cloud (VPC), and access should be granted by IP access lists, VPC peering, or private endpoints. Encyption in flight, at rest, and in use Encryption should be the standard. For example, when using MongoDB Atlas, all network traffic is encrypted using Transport Layer Security (TLS). Encryption for data at rest is automated using encrypted storage volumes. Customers can use field-level encryption to encrypt sensitive workloads which enables you to encrypt data in your application before you send it over the network to MongoDB clusters. Users can bring their own encryption keys for an additional level of control. Granular database auditing Granular database auditing allows administrators to answer detailed questions about systems activity by tracking all commands against the database. This ensures you always know who has access to what data and how they’re using it. Multi-factor authentication User credentials should always be stored using industry-standard and audited one-way hashing mechanisms, with multi-factor authentication options including SMS, voice call, a multi-factor app, or a multi-factor device, ensuring only approved users have access to your data. MongoDB Atlas for Government: Purpose-built for public sector As we’ve discussed, solutions that are purpose-built with built-in security are ideal for government agencies, and choosing the right one is the best way to keep sensitive data protected. MongoDB Atlas for Government on AWS GovCloud recently secured its FedRAMP Moderate authorization thanks to these security measures built into the solution. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. To ensure the utmost levels of security, Atlas for Government is an independent, dedicated environment for the U.S. public sector, as well as ISVs looking to build U.S. public sector offerings. Public Sector organizations carry a heavy burden when it comes to keeping data protected. However, with the right data platform underpinning modern applications – a platform with built-in security features – progress doesn’t mean you have to compromise on security. Want to learn more about data protection best practices for public sector organizations? Watch our recent security webinar for more insight .
MongoDB Atlas for Government on AWS Achieves FedRAMP® Moderate Authorization
MongoDB has achieved the formal FedRAMP® Moderate Authorized designation for MongoDB Atlas for Government (US) , the most secure way for the US Government to deploy, run, and scale MongoDB in the cloud. Additionally, MongoDB has worked with an independent auditor to validate our ability to support customers subject to Criminal Justice Information Services (CJIS) requirements regarding how sensitive data is created, viewed, modified, transmitted, disseminated, stored, and destroyed. MongoDB Atlas for Government Atlas for Government is an independent, dedicated environment of MongoDB Atlas for the US public sector, as well as ISVs looking to build US public sector offerings. This developer data platform – an integrated set of data and application services that share a unified developer experience – supports a wide range of use cases including transactional workloads, time series data, search, and petabyte data storage. Built on AWS and running in US AWS regions, Atlas for Government has been generally available since June 2021 and provides the simplest way to deploy, operate, and scale modern applications, all in a FedRAMP Moderate Authorized environment. Atlas for Government highlights include: MongoDB clusters deployed in AWS GovCloud or AWS US East/West (US) regions , and leverage the full functionality of MongoDB's document database, Atlas Search, fully automated backup, time series, and more. Guaranteed high availability with a ~99.995% uptime SLA which auto-scales up or down to accommodate fluctuations in data consumption, affording greater flexibility and cost control. Unparalleled security , with all security features built-in at no additional cost. Also, Atlas for Government is operated by MongoDB employees who are US persons on US soil. Support for both AWS GovCloud regions so customers can create multi-GovCloud region clusters and backups that stay within those regions and copy to both. ISVs can use Atlas for Government to store US government data and rapidly build their own FedRAMP offerings. All encryption within Atlas for Government is FIPS validated. These features make Atlas for Government uniquely positioned to support mission-critical applications across the US public sector. How MongoDB powers key use cases across the public sector MongoDB Atlas is already powering innovative applications in a number of sectors. And now, Atlas for Government is primed to power critical applications across public sector agencies and the ISVs that support them. Healthcare MongoDB is built to bring together data from disparate databases, systems, and data formats to create a single view of the patient. And with Atlas for Government’s dynamic schema, government agencies can enrich their view of patients with data from new sources, such as connected health devices. Both MongoDB and FHIR natively support the JSON format, the standard that supports rich data structures and objects prevalent in healthcare such as patient data, claims, policies, and treatment information. Financial services Agencies that participate in financial services activities must fully commit to digital transformation – liberating data, empowering developers, and embracing disruption — to keep up with the expectations of instantaneous transactions. Whether it's trading platforms and end-to-end digital loan origination, or AI/ML-driven fraud detection systems and financial 'super apps', Atlas for Government enables innovation and speed for government agencies that conduct payments and core banking applications. Federal, state, and local government National, regional, and local governments are facing pressing challenges with rising costs, changing regulations, and complex technological demands. The traditional systems currently in place are expensive and improperly equipped to handle modern needs for scale, cost efficiency, and flexibility. Atlas for Government opens doors for new initiatives like building smart cities, planning for traffic and construction updates, and improving the welfare of citizens. Education From groundbreaking data-based research to the administrative management of schools’ complex ecosystems, proper data management can transform how educational institutions operate. A modern data platform helps institutions navigate complex challenges like providing continuous learning, teaching with limited resources, and retaining students and staff. Atlas for Government offers an intuitive, secure, cost-effective solution for institutions dedicated to all stages of education. How do I get started? Customers can fill out the form on the MongoDB Atlas for Government page and a MongoDB specialist will get in touch with further details to set up. The specialist will help you set up Atlas for Government clusters (US) and you can either launch a new workload, migrate your existing Atlas workload to Atlas for Government, or re-platform your existing workloads by engaging with our professional services. Please also refer to the technical documentation for Atlas for Government for more details, or learn more on MongoDB University .
MongoDB Atlas for Government Achieves "FedRAMP In-process"
We are pleased to announce that MongoDB Atlas for Government has achieved the FedRAMP designation of “ In-process ”. This status reflects MongoDB’s continued progress toward a FedRAMP Authorized modern data platform for the US Government. Earlier this year, MongoDB Atlas for Government achieved the designation of FedRAMP Ready . MongoDB is widely used across the Federal Government, including the Department of Veterans Affairs, the Department of Health & Human Services (HHS), the General Services Administration, and others. HHS is also sponsoring the FedRAMP authorization process for MongoDB. What is MongoDB Atlas for Government? MongoDB Atlas for Government is an independent environment of our flagship cloud product MongoDB Atlas. Atlas for Government has been built for US government needs. It allows federal, state, and local governments as well as educational institutions to build and iterate faster using a modern database-as-a-service platform. The service is available in AWS GovCloud (US) and AWS US East/West regions. MongoDB Atlas for Government Highlights: Atlas for Government clusters can be created in AWS GovCloud East/West or AWS East/West regions. Atlas for Government clusters can span regions within AWS GovCloud or within AWS. Atlas core features such as automated backups, AWS PrivateLink, AWS KMS, federated authentication, Atlas Search, and more are fully supported Applications can use client-side field level encryption with AWS KMS in GovCloud or AWS East/West. Getting started and pricing MongoDB Atlas for Government is available to Government customers or companies that sell to the US Government. You can buy Atlas for Government through AWS GovCloud or the AWS marketplace . Please fill out this form and a representative will get in touch with you. To learn more about Atlas for Government, visit the product page , check out the documentation , or read the FedRAMP FAQ .
MongoDB Atlas for Government
We are pleased to announce the general availability of MongoDB Atlas for Government, which is an independent environment of our flagship cloud product MongoDB Atlas that’s built for US government needs. It will allow federal, state, and local governments as well as educational institutions to build and iterate faster using a modern database-as-a-service platform. The service is available in AWS GovCloud (US) and AWS US East/West regions. We are also pleased to announce that MongoDB Atlas for Government has been approved as FedRAMP Ready . FedRAMP Ready indicates that a third-party assessment organization has vouched for a cloud service provider’s security capabilities, and the FedRAMP PMO has reviewed and approved the Readiness Assessment Report. MongoDB Atlas for Government Highlights: Atlas for Government clusters can be created in AWS GovCloud East/West or AWS East/West regions. Atlas for Government clusters can span regions within AWS GovCloud or within AWS (but not across those two environments). Atlas core features such as automated backups, AWS PrivateLink, AWS KMS, federated authentication, Atlas Search, and more are fully supported Applications can use client-side field level encryption with AWS KMS in GovCloud or AWS East/West. Getting Started and Pricing: MongoDB Atlas for Government is available to Government customers or companies that sell to the US Government. You can buy Atlas for Government through AWS GovCloud or AWS marketplace . Of course, you can also work directly with MongoDB; please fill out this form and a representative will get in touch with you. To learn more about Atlas for Government, visit the product page , check out the documentation , or read the FedRAMP FAQ .