Securing MongoDB Part 1: Data Security Requirements for Regulatory Compliance

Company

MongoDB

Date Published

Feb. 3, 2016

Author

Mat Keep

Word count

1806

Language

English

Hacker News points

None

URL

www.mongodb.com/blog/post/securing-mongodb-part-1-data-security-requirements-for-regulatory-compliance

Summary

As the frequency and severity of data breaches continue to escalate, securing databases becomes top priority for businesses. To address this, MongoDB presents a 4-part blog series on best practices and controls available in MongoDB to create a secure, compliant database platform. The first installment focuses on general requirements for data security and regulatory compliance, highlighting common foundational requirements across various directives, including restricting access to data, measures to protect against accidental or malicious disclosure of sensitive information, separation of duties when running applications and accessing data, and recording user activities in an audit trail. The series also covers user access management, logging operations against the database, data protection via encryption, environmental and process controls, and provides a holistic security architecture for MongoDB, including authentication, authorization controls, auditing, and encryption.