scalegrid logo 308x56

Encrypting MongoDB Data-at-Rest

Posted:
Tweet
Share
Share
Pin
0 Shares

MongoDB is now the defacto database for a wide variety of applications, some of which, storing very sensitive data. When you store sensitive information in your MongoDB database, it’s important to encrypt the contents of your data disk. This gives you an extra layer of protection if your data disks, snapshots, or backups are lost or stolen. In some scenarios, encryption-at-rest is compulsory due to compliance requirements. For example, if an attacker gets access to your snapshots or backups, all the data is still encrypted and they still cannot access your raw application data.

Encrypt mongodb on disk

At ScaleGrid, we make it extremely easy to encrypt your MongoDB data volumes at rest. In the creation wizard, when creating a new MongoDB cluster, select the option to “Encrypt your disk” – and thats it! Our software will then take care of all the details of encryption, including setting up the volumes for encryption, setting up keys, backup, restore, etc.

Encryption Technology

Behind the scenes, we use block-level encryption to ensure the entire contents of your data disk are encrypted. We feel that’s the simple, cleanest option in the long term. Here are a few other options we considered:

  1. File system encryption

    File system encryption makes sense when you only want to encrypt a few files. In our case, we encrypt the entire MongoDB data volume.

  2. Application-level encryption

    This is not an option we would recommend. Getting cryptography right and securing keys at the application level is a non-trivial task, and is best left to the platform.

Backup & Restore

Once you’ve choose to encrypt your disks, your backups are automatically encrypted as well – no further action is needed on your part. Due to the encryption, the backups can now only be recovered on the specific cluster on which they were taken.

Encrypting Data-in-Motion

Encrypting your data in motion is essential when your data is traversing unsecured networks like the internet. ScaleGrid makes encrypting your data in motion a simple, trivial task. This is achieved by selecting the “Enable SSL” option in the creation wizard, enabling SSL on your MongoDB servers. If you’d also like to bring your own custom SSL certificate, please contact our support team. For more details, refer to the post on Setting up SSL.

If you have more questions about the encryption setup, please email us at [email protected].

Tweet
Share
Share
Pin
0 Shares

Check out Related Posts

How to Create Case-Insensitive Indexes in MongoDB
How to Create a MongoDB Case-Insensitive Index In this post, we'll show you how to build case-insensitive indexes in MongoDB using Collations, a new ...
The Three A's of MongoDB Security - Authentication, Authorization & Auditing
MongoDB has made impressive strides over the past 18 months. One of the MongoDB areas that's seen the most significant improvement has been it's sec...
Mastering Disk Space Management with MongoDB Storage Engines
MongoDB offers several storage engines that cater to various use cases. The default storage engine in earlier versions was MMAPv1, which utilized memo...

Anton is part of the marketing team at ScaleGrid. He has a Bachelor's degree in Information Systems and Digital Media with background in digital marketing for a wide variety of different industries.

Start Your Free 30 Day Trial

Search:

About us:

ScaleGrid is a fully managed database hosting service for MongoDB® , Redis™, MySQL, and PostgreSQL on public and private clouds.

Get more database tips, articles and the latest news by subscribing to our monthly newsletters!

scalegrid logo 308x56
Follow us
Facebook-f Twitter Linkedin-in Youtube
Products
Pricing
Company
Resources