MongoDB Deep Dive

• Agenda��Features of MongoDB�CRUD �Indexes ( Types )�Sharding - Overview�Queryable Encryption with Demo�Certification Path & few Pointers�Atlas

WELCOME

What is MongoDB ?

Non Relational�> Alternative to traditional RDBMS as workload and data volume needs change

Document Oriented Database�> Simple human readable JSON Data model

Dynamic Schemas�> Flexible schemas, agile development, developer friendly

Built-in Replication for High Availability�> Provides data redundancy; automatically recovers from node failures

Built-in Sharding for Horizontal Scalability�> Auto partition; supports very large data sets and high throughput operations

High Performance�> 5X – 10X times faster than traditional RDMBS

MongoDB ( Hu’mongo’us ) is a scalable, high-performance, open-source, document oriented Database. Written in C++

About Queryable Encryption

Queryable Encryption is the next generation of in-use encryption technology that allows querying on a fully randomly encrypted data

​

• Run expressive queries on randomly encrypted data – Run various query types like equality, prefix/suffix, substring, range etc. Equality is available in Preview.
• End-to-End encryption – Data is encrypted through out data lifecycle
• Faster app development – no cryptography experience required

Moving and storing data: most databases have it covered

In-flight, over the network

TLS Encryption

Data is decrypted when it's received on the DB server

Reminder: TLS is to protect against network eavesdropping

Moving and storing data: most databases have it covered

​

At-rest, on disk

Volume Encryption

Storage Engine Encryption

Network

Data is decrypted when the DB starts up

Reminder: At-rest encryption is (mostly) to protect non-running databases & backups

But what about data here?

​

Network

Disk

In-use, in memory

Very few practical solutions exist to protect data in-use

Data is in plaintext while its being processed by the database

​

Data is vulnerable to insider access and active database breaches:

• Authorized and compromised administrators , DBAs & users
• RAM scraping
• Process inspection

In-use, in memory

This is why we built Client-Side Field Level Encryption!

Option#1 – No encryption of data from client side

Query to find ssn = “901-10-4312”

{payer: “Acme Corp”, ssn: “901-10-4312”}

{payer: “Jones Inc”, ssn: “901-10-4312”}

…

{payer: “Baker Co”, ssn: “901-10-4312”}

1 million records total

10 records with ssn = “901-10-4312”

10 records fetched with ssn = “901-10-4312”

• Fast querying
• But data is not secure in-use

Option#2 – Using popular cloud SDK client-side encryption

​

Query to ssn = “901-10-4312”

{payer: “Acme Corp”, ssn: “901-10-4312”}

{payer: “Jones Inc”, ssn: “901-10-4312”}

…

{payer: “Baker Co”, ssn: “901-10-4312”}

1 million records total

10 records with ssn: “901-10-4312”

​

{payer: “Acme Corp”, ssn: “3DwK354xz”}

{payer: “Jones Inc”, ssn: “23awW124xz”}

…

{payer: “Baker Co”, ssn: “75fdwswed”}

1 million records total

10 Randomly encrypted field

10 records fetched with ssn = “901-10-4312”

​

All 1 million records fetched

​

• Client-side processing & decryption
• Filtering of records on the client side (performance hit)

​

Problem: You can't actually directly search encrypted fields. Not feasible for many use cases.

Queryable Encryption

• Encrypt the sensitive data (fields)
• Easy development cycle
• No crypto experience required
• Encrypted throughout the data lifecycle
• Rich expressive queries

• MongoDB is the only platform to implement fast searchable encryption scheme
• Server-side processing of encrypted data
• Server does not know anything about the data

​

Query to find ssn = “901-10-4312”

​

​

​

​

​

{payer: “Acme Corp”, ssn: “3DwK354xz”}

{payer: “Jones Inc”, ssn “23awW124xz”}

…

{payer: “Baker Co”, ssn: “75fdwswed”}

1 million records total

10 Randomly encrypted fields

10 records fetched with ssn = “901-10-4312”

An Industry First: Queryable Encryption

Query from an authenticated client

MongoDB

Driver

1

6

2

Encrypted fields are always stored, transmitted, processed, and retrieved as ciphertext, including queries

5

3

Customer Provisioned

Key Provider

​

Cloud Provider KMS,

On-prem HSM/Key Service,

Cross-cloud KMS

​

​

​

4

ssn encrypted search key: "d76b3ad038c0e0ed"

"er493grtee4erw"

"f72a9a1103d88b6"

• Fast searchable encryption scheme
• Server-side processing of encrypted data
• Server knows nothing about the data

Customer Environment

MongoDB Data Platform

Queryable Encryption – Key Benefits

Rich querying capabilities on encrypted data

Run expressive queries like range, equality, prefix, suffix, substring, and more on encrypted data

Ground breaking technology, standards based cryptography

Based on strong, standards-based cryptographic primitives

End-to-end fully randomized encryption

Data never exists in the clear outside of the client

Dramatically reduces attack surface

Faster application development

No crypto experience required

Intuitive and easy for developers to set up and use

Strong technical controls for critical data privacy use cases

Meet the strictest data privacy requirements for confidentiality and integrity �(HIPAA, GDPR, CCPA)

​

Reduce institutional risk

Confident in storing and processing your sensitive workloads in MongoDB Atlas (Cloud)

Queryable Encryption Use Cases

• High sensitivity data and confidential workloads
• Financial Services
• Payments
• Health Care
• Human Resources
• Critical Infrastructure
• PII/PHI
• Support workloads requiring HIPAA, GDPR*, CCPA, PCI…
• Highly sophisticated adversary models
• Early adopters/sophisticated security teams

DEMO TIME

1) MongoDB is a _________________ Database ?

​

A) Graph

B) Key value

C) Document

D) All of the above

1) MongoDB is a _________________ Database ?

​

A) Graph

B) Key value

C) Document

D) All of the above

2) Which feature of MongoDB ensures the high availability maintenance in the case of server failures ?

​

​

1. Indexes on all of the documents
2. Replication
3. Proper storage engine
4. Sharding
5. Proper defined user roles

​

2) Which feature of MongoDB ensures the high availability maintenance in the case of server failures ?

​

​

1. Indexes on all of the documents
2. Replication
3. Proper storage engine
4. Sharding
5. Proper defined user roles

​

3) Which of the following are compression algorithms available for WiredTiger in MongoDB 4.0? Select all that applicable .

​

1. zlib
2. snappy
3. bzip2

3) Which of the following are compression algorithms available for WiredTiger in MongoDB 4.0? Select all that applicable .

​

1. zlib
2. snappy
3. bzip2

4) What is the URL to access MongoDB Atlas .

​

1. https://cloud.mongodb.com/
2. https://mongodb.com/
3. https://mongodb.cloud.com/
4. https://mongodb.atlas.com/

​

4) What is the URL to access MongoDB Atlas .

​

1. https://cloud.mongodb.com/
2. https://mongodb.com/
3. https://mongodb.cloud.com/
4. https://mongodb.atlas.com/

​

5) A collection and a document in MongoDB is equivalent to............. Concepts (RDBMS) respectively.

​

A. Table and Column

B. Table and Row

C. Column and Row

D. Database and Table

5) A collection and a document in MongoDB is equivalent to............. Concepts (RDBMS) respectively.

​

A. Table and Column

B. Table and Row

C. Column and Row

D. Database and Table

APPENDIX