Security is a top of mind consideration when you move data into the cloud. After all, it’s out of your direct control and you’re depending on third-party service providers to have strong enough security measures to defend against many threats. MongoDB Atlas offers multiple levels of security to alleviate your concerns and keep your data safe in transit and at rest.
MongoDB Atlas includes granular role-based access control and field-level access control. The role-based method is based on the user’s role in the system. For example, a database administrator and a secretary have vastly different requirements for the data they access. An advantage to role-based access control is that it automatically applies to users of that level, which streamlines the onboarding process for new or promoted employees.
Field-level access control evaluates the data itself to see whether a user should access it. Some organizations have job roles that collaborate across teams and departments, which makes the role-based system insufficient for this use case. The field-level access dynamically determines user access.
You have full customization options on your data, which allows you to designate exactly what data certain users can view or edit.
Amazon Web Services’ Virtual Private Cloud feature enables you to create a private cloud while using public cloud architecture. MongoDB Atlas supports VPC peering for securely transferring data and resources between the VPCs.
VPC peering brings two VPCs together as though they were in the same network. You can establish peering connections with your VPCs or leverage another AWS account for this purpose. Another way of using VPC peering is to connect VPCs throughout different regions. You eliminate the potential for a single point of failure, as the virtual networks are not tied to specific physical hardware. Some ways that you can use VPCs include creating file sharing networks or resource sharing. Performance is also improved because you don’t run into any bottlenecks.
You can restrict client access to MongoDB Atlas via an IP whitelist. The only way someone can access this resource is to have their IP on this list. When you combine this feature with strong physical access control, you add an essential layer of protection for your important data.
Data Encryption in Transit
MongoDB Atlas has TLS/SSL (transport) encryption in place for data when it’s in flight when connecting to the database. This encryption method makes the data readable only to the client that it’s intended to reach. Even if the information is intercepted during transport, an attacker would not be able to decipher it. MongoDB requires a minimum of 128-bit encryption for TLS/SSL database encryption.
Data Encryption at Rest
You have access to an optional feature that encrypts your storage engines and cloud provider backups through AWS Key Management Service. This service gives you access to centralized key management, AWS services integration, application-level data encryption, and FIPS 140-2 validated hardware security modules.
Protecting databases is a difficult task when cybercriminals are constantly coming up with new attack methods. It’s natural to be concerned about your company’s data, especially due to the significant consequences that occur following a data breach or another type of intrusion. MongoDB Atlas gives you access to excellent security measures for your databases, and that’s just one more reason to migrate to this platform.
Want to learn about four other reasons you should start planning your migration? Download “5 Reasons to Migrate to MongoDB Atlas.”
Subscribe to Our Blog
Never miss a post! Stay up to date with the latest database, application and analytics tips and news. Delivered in a handy bi-weekly update straight to your inbox. You can unsubscribe at any time.
Most people will encounter this error when their application tries to connect to an Oracle database service, but it can also be raised by one database instance trying to connect to another database service via a database link.
Imagine over 100 logins on the source server, you need to migrate them to the destination server. Wouldn’t it be awesome if we could automate the process?