Governments globally are under growing pressure to digitise citizen-driven services, while ensuring high levels of data security and privacy. The trend has been supercharged in APAC by the opportunity and concerns associated with implementing AI to improve services. 

Some countries are actively working on regulations and policies to help manage this balancing act. The Australian Government has, for example, developed its own Data and Digital Government Strategy, which aims to serve as a blueprint for the use and management of data and digital technologies through to 2030.

From the very beginning, MongoDB has enabled the public sector to balance speed and innovation with security and control. Specifically, industry-leading capabilities like Queryable Encryption (QE) augment the foundational security features every database requires.

While many public sector organisations today use encryption to help raise data security levels, a core challenge remains. Digital transformation—and technologies like AI—are heavily dependent on organisations’ ability to access data. However, traditional encryption makes data unusable while it is in an encrypted state. This means that more data security often comes at the cost of innovation.

Organisations have been forced to make a difficult choice: either decrypt data to run the rich query applications required, thereby creating security vulnerabilities. Alternatively, keep it encrypted and sacrifice critical functionality.

MongoDB’s Queryable Encryption solves this quandary. It is a groundbreaking, industry-first in use encryption technology that utilises innovative cryptography built and designed by MongoDB’s Cryptography Research Group. Organisations can encrypt sensitive data, such as personally identifiable information (PII) or protected health information (PHI), while still running queries directly on that data without exposing it to the database server. Therefore, organisations are no longer forced to compromise on security or functionality.

This blog looks at how QE works and why it is uniquely well-positioned to enable public sector organisations to safeguard data while innovating.

Queryable Encryption: Securing data across multiple classifications

Government agencies, defence organisations, and highly regulated industries often work with information that must be separated by security classification: OFFICIAL, PROTECTED, SECRET, and TOP SECRET.

Traditional approaches require separate systems for each classification. This usually results in data silos and duplication, complex synchronisation and manual sanitisation workflows, and high infrastructure and compliance costs.

MongoDB’s QE enables a different approach by delivering a single, consolidated data model where sensitive fields are encrypted with classification-specific field keys. Therefore, only authorised clients can read or write specific fields, even if they exist in the same document.

Multi-domain security has four key benefits:

• Fixed classifications per field: Data fields (title, summary, or content) are encrypted based on the security level, consistent across all records.
• Controlled access: Users get "keys" only for their approved levels. Higher-level data stays locked and unreadable.
• Searchable without risk: Users can perform searches, e.g. keyword matches or tags on encrypted data without decrypting everything. This keeps queries fast and secure.
• One database, multiple domains: Public sector institutions can store everything in MongoDB. This reduces complexity and costs compared to employing multiple disparate systems.

Use case: Documents with fixed classifications

The challenge for public sector organisations often involves balancing accessibility with airtight security. How does MongoDB's Queryable Encryption help achieve this?

Take the case of Sarah, a data analyst at a fictitious agency tasked with coordinating information across OFFICIAL and PROTECTED classifications. Each set of data is stored and protected in air-gapped systems, i.e., isolating critical information to protect it from unauthorised access and cyber attacks. It takes over two hours for her colleagues to manually sanitise and export data. She then spends the next four hours stitching stale information together in spreadsheets. The whole exercise takes up a complete working day.

These silos prevent Sarah from doing quality unified analyses, and slows decisions during critical moments. If there was a fast-moving crisis, senior staff could not receive the most accurate  answers they would need in under an hour.

Now imagine Sarah's agency had implemented multi-domain security of the kind described earlier. All data would live securely in one system, accessible based on clearance levels. When Sarah queries the repository, she sees OFFICIAL and PROTECTED data unlocked and ready for analysis. Concurrently, SECRET information remains encrypted and inaccessible, protecting against the risk of data leakage.

Sarah’s director, who holds a SECRET clearance, can access and analyse all classification levels seamlessly, fostering collaboration without compromising security. This setup not only strengthens data security but also empowers Sarah’s team. As importantly, developers across the agency are now ideally placed to build innovative services that deliver better outcomes for citizens.

This is how the architecture would look for Sarah's agency: \

• Client-level access control: Each client application is built to handle up to a maximum classification level.
• Separate key vaults: One per classification tier, containing only Data Encryption Keys (DEKs) for that tier and below.
• Customer Master Keys (CMKs): Each key vault’s DEKs are encrypted with a CMK tied to its classification tier.
• Controlled writes: Clients can only insert/update fields they are authorised to access.
• Controlled reads: Fields without accessible DEKs remain encrypted, even if retrieved. These encrypted fields can be removed via projection or client-side deletion if desired.

The advantage is that even if a lower-classified client attempts to query higher-classified fields, the queries will be rejected. This is because the client cannot access the DEKs for these fields. For any data returned that the client cannot access, the DEKs will remain encrypted and be dropped from the user's view.

MongoDB QE unifies high-security, multi-classification data handling in a single system, reducing complexity while increasing compliance confidence. Furthermore, with the latest release of MongoDB 8.2, Queryable Encryption now also offers expanded search capabilities, and allows for even more flexible queries on data that remains fully encrypted end-to-end.

These new capabilities provide organisations with the tools to perform flexible text searches on encrypted data. Data protection is strengthened, simplifying compliance and removing the need for complex workarounds such as external search indexes - all without any changes to any application code.

For governments looking to deliver outstanding digital services to their citizens, features like Queryable Encryption create an environment for innovation with privacy and security built in.