MongoDB Security Datasheet

MongoDB Enterprise Advanced features extensive capabilities to defend, detect and control access to your data, enabling you to meet the demands of regulatory compliance.

  • Access Control. Enforce access and permissions to sensitive data using industry standard mechanisms for authentication and authorization.
  • Auditing. Enabling forensic analysis to track any action against the database.
  • Encryption. End-to-end protection of data in-motion over the network and at-rest in persistent storage.
  • Administrative Controls. Identify potential exploits faster and reduce their impact.

Authentication

Authentication can be managed from within the database itself with Challenge/Response credentials or PKI x.509 certificates. MongoDB Enterprise Advanced provides additional integration with external security infrastructure including Kerberos, LDAP and Active Directory.

Authorization

MongoDB allows administrators to define permissions for a user or application and control access to the data in the database. With MongoDB you can configure granular, user-defined roles, making it possible to realize a fine-grained separation of duties between different entities accessing and managing the database. Authorisation can be managed in MongoDB or via a central LDAP server. Read-only views allow administrators to implement field-level security through the filtering and masking of individual attributes.

Auditing

Security administrators can use MongoDB's native audit log to track all access and operations taken against the database, with events written to the console, syslog or a file for forensic analysis.

Encryption

MongoDB data can be encrypted on the network, on disk and in backups.

Support for TLS/SSL allows clients and other nodes in a cluster to connect to MongoDB over an encrypted channel. MongoDB supports FIPS 140-2 encryption when run in FIPS Mode with a FIPS-validated Cryptographic module.

The MongoDB Encrypted storage engine protects data at-rest. By natively encrypting database files on disk, administrators eliminate both the management and performance overhead of external disk and filesystem encryption mechanisms.

Database Management

Proactive database management and backup is a critical element of any security strategy, enabling administrators to identify and protect against potential exploits before they become expensive breaches.

The most comprehensive solution is provided by the Ops Manager platform, included with MongoDB Enterprise Advanced. Ops Manager is the simplest way to run MongoDB on your own infrastructure, making it easy for operations teams to deploy, monitor, secure, back up and scale MongoDB:

  • Simple configuration and management with a single click database operations, zero-downtime upgrades and patching.
  • Proactive monitoring provides visibility into the performance of MongoDB clusters with tracking and alerts on over 100+ database health metrics.
  • Disaster recovery with continuous, incremental backup and point-in-time recovery. Complete, running clusters can be restored in a few simple clicks.

MongoDB Atlas: Database as a Service For MongoDB

MongoDB Atlas provides all of the features of MongoDB, without the operational heavy lifting required for any new application. MongoDB Atlas is available on-demand through a pay-as-you-go model and billed on an hourly basis, letting you focus on what you do best.

MongoDB Atlas is secure by default, enforcing full access control to the database, IP whitelisting, AWS VPC peering, network encryption and optional data volume encryption.