The idea of encrypting databases in different ways is not new. But in practice, there were limitations on where and when the data was actually protected. Databases are often "server-side" encrypted, which means that random unknowns can not simply query it for information, but that accredited users can access all or part of the information that is available to them. they contain. But it also means that anyone with full access to data, such as the database operator and administrators, can decrypt and access everything. This puts data at risk from both outside hackers with stolen IDs and dishonest intruders who have been granted more access than necessary.
Lily Hay Newman covers information security, digital privacy and hacking for WIRED.
Other types of encryption systems, however, usually add both complexity and cost. That's why companies like MongoDB have taken as long to offer something that is both usable and secure. And since companies as large as Adobe and Google use the MongoDB database architecture, this solution could have a disproportionate impact.
"One of the reasons this has not been done is that they did not perceive customer demand as it is easy to perceive today," he says. said Davi Ottenheimer, vice president of trust and digital ethics of MongoDB. All of these highly publicized database violations have finally begun to realize the value of strong encryption.
MongoDB calls the new Field Level Encryption feature. It works as an end-to-end encrypted messenger, which scrambles the data when transferred to the Internet, by revealing it only to the sender and the recipient. In such a client-side encryption scheme, databases using zone-level encryption will require not only a system connection, but also specific keys to process and decrypt specific blocks of data locally on the device. 39, a user, as needed. This means that MongoDB and cloud providers will not be able to access customer data, and that database administrators or remote managers do not need to access any of them. .
For regular users, few things will be visibly different. If their credentials are stolen and they do not use multifactor authentication, an attacker will still be able to access anything that the victim can obtain. But the new feature aims to eliminate single points of failure. With field-level encryption in place, a hacker who steals an administrative user name and password or finds a software vulnerability that gives them access to the system will still not be able to use those holes to access data. readable.
According to Ottenheimer, the main objective was to try to offer this security in the form of customers who would actually adopt a classical cybersecurity problem. "We really tried to make it easier for developers to publish," he said. "We want them to be able to publish new products and codes as quickly as possible."
Field Level Encryption is based on well tested public encryption standards and is open source. It can therefore be subject to thorough scrutiny by the cryptanalysis community. This audit process has already begun, but it will grow considerably during the beta test phase of the tool, which is scheduled to begin next week. Brown University cryptographer Seny Kamara assessed parcel-level encryption and said MongoDB had already made changes based on his team's comments.
"This cryptographic technology is new and, like many cryptographic techniques, there are compromises between efficiency and security," he said. "MongoDB's efforts to involve the cryptography community are unusual and well received.Being proactive in obtaining new cryptography is certainly the right way to do things."
As with any defense mechanism, field level encryption has some limitations and caveats. More importantly, MongoDB databases are what are known as "NoSQL" databases, which means that they can handle all sorts of unstructured data and flourish on many servers as they grow. However, although MongoDB offers the most common type of NoSQL database, called SQL Database or Relational Database, it remains globally more common. This means that field-level encryption, or something like that, will not come soon to all databases. In addition, the new feature poses issues for managing different system encryption keys at cloud providers. It also makes it difficult for the database to perform certain types of information, sorting, and querying because the data is scrambled and unreadable.
Nevertheless, given the scope of MongoDB, field-level encryption is an important step that the company hopes other database manufacturers will now be as motivated to take. And Kenn White, head of product safety for MongoDB, said he thought the company would be able to overcome more and more of these limitations as it works with beta testers and beyond. Above all, the purpose of the new defense, I said, is to limit as much as possible access to the data. I compared the feature to putting valuables in a safe, and then placing the safe in a locked storage unit. Even if someone forces the storage provider to cut the lock, he will still have to deal with your safe.
Nothing can ever be a panacea for total security, however. "If you put a pair of bolt cutters and an adhesive note with the safety combo on the ground outside your device, then yes, I have nothing," White says. "But if you have confidential workloads, you no longer need to trust MongoDB.If a backup is installed in a cloud, no one can read the encrypted fields." "Attack or an internal violation," is better placed. "
More great cable stories