Presented by MongoDB
Across most database types, in-use encryption is a sticking point when it comes to security and scalability. In-transit and at-rest data encryption are becoming table stakes for most large modern cloud services.
Unfortunately, traditional database queries can’t be run on encrypted data, so many organizations end up employing complicated, possibly vulnerable, workarounds such as tokenization or black box proxies that don’t scale. Or, even worse yet, they simply skip encryption altogether.
When encryption is used, on close examination many systems and services use a delegated key approach (such as "column encryption") where effectively the database (and the DBA) has access to keys, and thus can decrypt and access sensitive data. This may be an acceptable tradeoff in some cases, but the issue of trust model and risk should be considered with clear eyes.
An important question to ask is: does a DBA, system admin or cloud service provider (including MongoDB) really need access to raw customer data like credit card numbers or social security numbers? There is a big difference between a service that promises it won't look at data residing or flowing through it, versus one who uses technical controls so that its staff can't see the cleartext as it's being processed and moved through the system. In the case of highly sensitive workloads, such as personally identifiable information (PII) or financial information, when assessing risk and the "blast radius" of a potential database breach, leak or compromise, this becomes all the more critical.
In the current state of never-ending attacks on organizations’ data by criminal black hats and other threat actors, CISOs are looking for more effective strategies for ensuring confidential data remains private.
The MongoDB Cryptography Research Group came up with a solution: MongoDB Queryable Encryption, an industry-first high-performance searchable encryption scheme from the pioneers in encrypted search. The group, led by Dr. Seny Kamara, distinguished scientist and head of MongoDB Research, comprises a team of leading PhD cryptographers and cryptography engineers. Their overarching goal is to continue to advance the state of the art in encrypted search and privacy-preserving technologies, helping MongoDB maintain its reputation as a secure and privacy-focused database platform.
MongoDB Queryable Encryption safeguards data through its full lifecycle and provides strong confidentiality protection with a good balance of security and performance. Sensitive data is protected in-transit, at-rest, in-use, in logs and backups -- and only ever decrypted on the client-side. Queryable Encryption supports equality and range searches, with additional query types such as prefix, suffix and substring text search planned for upcoming releases.
“No one is doing it like we’re doing it,” says Kenn White, security principal at MongoDB. “What sets it apart is that we're combining known, well-vetted cryptographic primitives with novel encrypted search techniques that our cryptography team has developed based on decades of research. The core code is Apache-licensed open source, published and is continually assessed. Other approaches for encrypted search sometimes discussed in the academic world don’t work for our customers’ real-time production workloads, which require queries on millions -- or hundreds of millions -- of records on the order of milliseconds. It’s the first-generation end-to-end encryption that's specifically built for in-use database encryption at scale in distributed systems.”
Here's why three of the top five retail banks, the top three investment banks in the world, two of the top four health insurance companies -- not to mention the entire national pension system of a western European country -- work with MongoDB to secure their data.
Setting Queryable Encryption apart
Queryable Encryption is a first-of-its-kind in-use encryption technology that helps businesses protect sensitive data when it is queried and actively in use on MongoDB. It offers stronger data protection at every stage, enhanced regulatory compliance and a streamlined encryption process without the need for custom solutions, specialized cryptography teams or complex third-party tools.
Queryable Encryption offers automatic encryption -- encrypted read and write operations without adding explicit code to encrypt and decrypt fields -- and explicit encrypted read and write operations through the MongoDB drivers encryption library.
It relies purely on proven security and cryptography algorithms, rather than on the weaker trusted hardware and trusted enclave models, and can handle real-time production workloads that require customers to access queries to millions of records in milliseconds.
But as developers started using the platform, they reported that equality and range searches aren’t the only kinds of searches needed in their applications.
“They also need performant, expressive queries on client-side encrypted data, including substring search,” White explains. “Ours is the first and currently only solution of its kind to offer the more natural, realistic searches that real app developers need and use -- say, searching every financial balance between $1K and $10K, or all users with a certain string of letters in their name, or every medical record that contains the word ‘nausea,’ and so on. That’s one of our major distinguishing features.”
Ultra-fast performance
There are other encrypted query solutions out there, using advanced algorithms that explore potential approaches to the issue, but ultimately what sets Queryable Encryption apart is its ability to scale.
“Our customers don’t run databases with 1,000 records -- they have 20 million, 100 million records, and search results need to come back on the order of milliseconds,” White says. “When we designed this system, one of our top goals was to enable the most performant searches out there on encrypted data. Our customers have large, distributed systems -- core transaction systems, core banking systems, critical systems with their "crown jewels" that need to be protected, but require developers to be able to run rich, expressive searches on that encrypted data.”
Of course, performance depends on the workload, and MongoDB has optimized the algorithm around the Create, Read, Update, Delete (CRUD) operators, or the core transactions in a typical web app. They designed Queryable Encryption for the sweet spot of CRUD systems, which for most web services and web apps are heavy reads, or searches and minimal writes (inserts/updates). In rigorous testing, they found little difference between cleartext operations and encrypted selective queries, but even more complicated queries come back in the five- to seven-millisecond range. Massive batch writing inserts have a larger hit on latency, but that’s true whether the data is encrypted or not.
The road ahead
MongoDB is continuing to expand the capabilities of Queryable Encryption, White says. Next on the list is text search -- prefix and suffix queries, which, for example, could immediately kick off a search when a user begins to type a word. They’re also investing particularly in customer adoption features -- addressing customer wish lists, and adding functions that make it easier for customers to use, and to address any pain points.
Their cryptography group is working full-time on ways to help every organization bring their workloads safely and securely into the cloud.
See the Quick Start Guide to Queryable Encryption plus a full description of its features and benefits to get you up and running fast.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com