- Access Control. Enforce access and permissions to sensitive data using industry standard mechanisms for authentication and authorization.
- Auditing. Enabling forensic analysis to track any action against the database.
- Encryption. End-to-end protection of data in-motion over the network and at-rest in persistent storage.
- Administrative Controls. Identify potential exploits faster and reduce their impact.
Authentication can be managed from within the database itself with Challenge/Response credentials or PKI x.509 certificates. MongoDB Enterprise Advanced provides additional integration with external security infrastructure including Kerberos, LDAP and Active Directory.
MongoDB allows administrators to define permissions for a user or application and control access to the data in the database. With MongoDB you can configure granular, user-defined roles, making it possible to realize a fine-grained separation of duties between different entities accessing and managing the database. Authorisation can be managed in MongoDB or via a central LDAP server. Read-only views allow administrators to implement field-level security through the filtering and masking of individual attributes.
Security administrators can use MongoDB's native audit log to track all access and operations taken against the database, with events written to the console, syslog or a file for forensic analysis.
MongoDB data can be encrypted on the network, on disk and in backups.
Support for TLS/SSL allows clients and other nodes in a cluster to connect to MongoDB over an encrypted channel. MongoDB supports FIPS 140-2 encryption when run in FIPS Mode with a FIPS-validated Cryptographic module.
The MongoDB Encrypted storage engine protects data at-rest. By natively encrypting database files on disk, administrators eliminate both the management and performance overhead of external disk and filesystem encryption mechanisms.
Proactive database management and backup is a critical element of any security strategy, enabling administrators to identify and protect against potential exploits before they become expensive breaches.
The most comprehensive solution is provided by the Ops Manager platform, included with MongoDB Enterprise Advanced. Ops Manager is the simplest way to run MongoDB on your own infrastructure, making it easy for operations teams to deploy, monitor, secure, back up and scale MongoDB:
- Simple configuration and management with a single click database operations, zero-downtime upgrades and patching.
- Proactive monitoring provides visibility into the performance of MongoDB clusters with tracking and alerts on over 100+ database health metrics.
- Disaster recovery with continuous, incremental backup and point-in-time recovery. Complete, running clusters can be restored in a few simple clicks.
MongoDB Atlas: Database as a Service For MongoDB
MongoDB Atlas provides all of the features of MongoDB, without the operational heavy lifting required for any new application. MongoDB Atlas is available on-demand through a pay-as-you-go model and billed on an hourly basis, letting you focus on what you do best.
MongoDB Atlas is secure by default, enforcing full access control to the database, IP whitelisting, AWS VPC peering, network encryption and optional data volume encryption.