Developer data platform MongoDB has announced the general availability of queryable encryption, an end-to-end data encryption technology for securing sensitive application workflows. It is designed to reduce the risk of data exposure for organizations and helps businesses protect sensitive information when it is queried/in-use on MongoDB.
MongoDB’s queryable encryption can be used with AWS Key Management Service, Microsoft Azure Key Vault, Google Cloud Key Management Service, and other services compliant with the key management interoperability protocol (KMIP) to manage cryptographic keys, the company said.
General availability includes support for equality queries, with additional query types (e.g., range, prefix, suffix, and substring) available in upcoming releases, the firm added. MongoDB first introduced a preview version of queryable encryption at MongoDB World last year.
Queryable encryption provides the capability to reduce the attack surface for confidential data in several use cases. Data remains encrypted at insert, storage, and query, with both queries and their responses encrypted over the wire and randomized for resistance to frequency analysis. However, there is a cost to space and time requirements for queries involving encrypted fields.
Users select fields to encrypt based on data sensitivity
With the general availability of queryable encryption, customers can secure sensitive workloads for use cases in highly regulated or data-sensitive industries such as financial services, health care, government, and critical infrastructure by encrypting data while it is being processed and in use, MongoDB said in a press release. Users can select the fields in MongoDB databases that contain sensitive data that need to be encrypted.
For example, an authorized application end-user at a financial services company may need to query records using a customer’s savings account number. When configured with MongoDB queryable encryption, the content of the query and the data in the savings account field will remain encrypted when traveling over the network, while it is stored in the database, and while the query processes the data to retrieve relevant information, according to the firm.