6 keys to MongoDB database security


Security is a trending topic again, thanks to recent data leaks involving big corporations. For example, as , Chinese companies have leaked an astonishing 590 million resumes. Most of the resume leaks occurred because of poorly secured databases, which were left exposed online without a password or ended up online following unexpected firewall errors. Of the eight hacks mentioned in the article, only one was related to MongoDB, but that breach accounted for around one-third of the documents exposed.

In another , an Indian government agency left details of millions of pregnant women exposed online. The exposed data contained detailed information about the patients, doctors, and medical centers. At the time this article was written, the MongoDB database was still exposed online without a password. The good news is that the medical records have been removed from the database.

Because of its NoSQL origin and document architecture design, MongoDB is much more flexible and scalable than SQL databases. As a result, typically much more data is stored in MongoDB than in traditional SQL databases, with MongoDB databases commonly exceeding a terabyte of data. The large amount of data that can be exposed in a single database makes breaches involving MongoDB much more devastating.

The good news is that much has been done to improve MongoDB security in the years since the product was launched in 2009. All of the breaches mentioned above could have been avoided with some simple actions.

What does MongoDB offer to mitigate security threats? Let’s explore a few areas and proposed solutions, as well as what the future holds for MongoDB.

Data encryption in MongoDB