Transcription
ENCRYPTION &KEY MANAGEMENTFOR MONGODBTHE DEFINITIVE GUIDE
“For many organizations using MongoDB, implementingstrong data security is top of mind. MongoDB leads thepack amongst common NoSQL database providers inproviding easy-to-use and easy-to-implement nativeencryption and options for third-party encryption keymanagement solutions. Utilize this guide to explorethe key concepts of encrypting data in MongoDB andprotecting encryption keys using enterprise encryptionkey management.Page 2
CONTENTSIntroduction 4NoSQL Databases 5Encrypting Data in MongoDB 6Encryption Performance 8Encryption Key Management in MongoDB 9What is Enterprise Encryption Key Management?10KMIP for Centralized Key Management 12Meeting Compliance 13Business Continuity 17Vendor Considerations 20Alliance Key Manager 22Page 3
INTRODUCTIONIN FEWER THAN TEN YEARS, MONGODB HASrisen to become a top player in nonrelationaldatabase providers, outcompeting and upsettingdatabase monoliths such as Oracle Database andMicrosoft SQL Server. Built on a model of low up-frontoperational costs alongside improved performance,MongoDB has become one of the most widelygrowing databases for organizations across retail,financial, and healthcare as well as startups.Beyond cost and performance, a key component ofMongoDB’s toolset is a robust plan to help customersachieve strong data security through encryptionof data in flight and at rest, along with options tosecure and manage encryption keys to meet industrycompliance requirements and meet data security bestpractices.management in MongoDB, let’s first start by discussingyour options to encrypt data in your MongoDBdatabase. If you’d like to first learn the fundamentalsof encryption and key management before divingin, check out The Definitive Guide to Encryption KeyManagement Fundamentals.eBook:The Definitive Guide toEncryption Key ManagementFundamentalsIf you are an organization who routinely considerssecurity and compliance when purchasing third-partysoftware, built-in security solutions can be extremelybeneficial to your security and compliance strategy.However, like with any new software, questionsaround deployment and how to get the most outof native encryption tools may still be a barrier toimplementation.In order to paint both a broad and in-depth picture ofhow to best deploy encryption and encryption keyDOWNLOADPage 4
NOSQL DATABASESMONGODB IS A NON-RELATIONAL, NOSQLdatabase, meaning that users may enter data intoMongoDB without defining tables and fields orestablishing indexes. This type of data storagehas many advantages including the ability to addinformation about a single entry that does notcorrespond to a column. NoSQL databases arethe preferred repository for big data since they aredesigned for holding mass amounts of non-relationaldata and can scale rapidly to meet an organization’svarious needs. While neither type of database is betterthan the other—only designed to perform differenttasks—when it comes to encrypting data it’s good toknow the similarities and differences.SQL, or relational databases, are much like aspreadsheet. They have rows and columns, and thecolumns define the data that is entered into eachrow. When choosing how to encrypt data, a user candecide to encrypt the entire database file, encryptindividual columns, or encrypt data at the applicationlayer prior to entering the data into the database.Ultimately, the most secure method is encryptingdata at the application layer; however, the barriersto achieving this are often large: it is sometimesquite difficult, if not impossible, to embed encryptioninto a third-party application. For this reason, manyorganizations choose to encrypt the column or thedatabase file. Encrypting at the column level mayseem like the ideal choice since encrypting only asingle column, and therefore less data, can decreaselatency and overall performance impacts of theencryption. However, the likelihood that your relationaldatabase comes with native column-level encryptionis low, and the cost of purchasing third-party columnlevel encryption is usually very high.“Therefore, the most commonmethod for encrypting databasesis file-level encryption since thedatabase can be transparentlyencrypted in storage and backupand is easily maintained by thedatabase administrator.“NoSQL databases such as MongoDB run into someof the same issues. The main difference betweenthe two is that since non-relational databases do notcategorize data by columns, column-level encryptioncannot be performed. Therefore, users may onlyencrypt data at the application or database-level.Again, since application-level encryption is oftendifficult and costly, whole database encryption on thestorage engine is preferred. Luckily for MongoDBusers, MongoDB provides native encryption so thatusers pay no extra cost to protect sensitive data.MongoDB also underwent extensive testing and hasimplemented additional features in order to optimizeperformance.Page 5
ENCRYPTING DATA IN MONGODBIF YOU CHOOSE TO ENCRYPT YOUR DATA,MongoDB offers solutions for encrypting data inmotion as well as at rest.DATA IN MOTION ENCRYPTIONFor securing data in motion, all versions of MongoDBsupport TLS (Transport Layer Security) and SSL(Secure Socket Layer) to send and receive data overnetworks. TLS and SSL are the types of encryptioncommonly used to secure website traffic and filesharing. They are cryptographic protocols thatsecure data while it is traveling from one point toanother; however, before the data is sent and afterthe data arrives at its endpoint, the data appearsunencrypted, or “in the clear”. MongoDB providesample documentation on how to configure TLS andSSL protocols using certificates and public and privatekey pairs, also called asymmetric key systems.When considering encryption, MongoDB customersmust consider both governmental and privateregulations that require protecting sensitiveinformation. For example, the Payment Card Industry(PCI) requires that credit card numbers be encryptedin storage. The Health Insurance Portability andAccountability Act and Health Information Technologyfor Economic and Clinical Health Acts (HIPAA/HITECH) require protection of Electronic ProtectedHealth Information (ePHI). And there are manyother regulations that require proper protection ofPersonally Identifiable Information (PII). Administratorswho know their database stores sensitive data or PIIshould always encrypt the MongoDB database anduse proper key management.DATA AT REST ENCRYPTIONTo encrypt data at rest, MongoDB Enterprise offersnative, storage-based symmetric key encryptionat the file level. Whole database encryption is alsocalled Transparent Data Encryption (TDE). First offeredin version 3.2, MongoDB utilizes the AdvancedEncryption Standard (AES) 256-bit encryptionalgorithm, an encryption cipher which uses the samesecret key to encrypt and decrypt data. MongoDBalso provides the option to turn encryption on in“FIPS mode”, which means the encryption youuse in MongoDB is tested to the National Instituteof Standards and Technology Federal InformationProcessing Standard. Solutions validated to NISTFIPS are built to meet the highest standards andcompliance. The NIST FIPS encryption validation isoften required for government and Department ofDefense contractors; however, today most regulatorsconsider NIST-validated AES encryption an industrystandard and regulators typically require this standardof encryption to meet compliance regulations. Dataat-rest AES encryption is only available on MongoDBEnterprise and Atlas editions using the requiredWiredTiger storage engine.Page 6
ENCRYPTING DATA IN MONGODB (CONT)When encrypting data natively using TDE, it isimportant to know how encryption keys are stored inMongoDB. When a database administrator encryptsa database file, a unique, private encryption key isgenerated. Each encrypted database file generates anew private symmetric key, and all keys in the storagedevice are encrypted using a master key. Whiledatabase keys are stored alongside the encrypteddata, the MongoDB never allows the master key tobe stored on the same server as the encrypted data.This means that the database or security administratormust identify a secure storage location for the masterencryption key. MongoDB strongly recommendsa third-party enterprise key management solution;however, users have the option to store the key locallyusing a keyfile. This second option carries extremerisk, and is almost never recommended for keyprotection.WHITE PAPER:Introduction toEncrypting Data inMongoDBWhite PaperMONGODBWHITE PAPERwww.townsendsecurity.com724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 800.357.1019 fax 360.357.9047 www.townsendsecurity.comDOWNLOADPage 7
ENCRYPTION PERFORMANCEWHEN CHOOSING TO ENCRYPT YOUR MONGODBdatabase, users should consider performance.Performance impacts can become a primary concernfor MongoDB users who store large amounts ofdata that customers access daily through front-endapplications. When a bankingor retail application must recallthousands or millions of recordsfrom a database daily, any latencyPERFORMANCEor downtime can seriouslyimpact business continuity andoperations. This is why MongoDB has conductedperformance tests using Intel Xeon X5675 CPUs.Running at its highest load, the encrypted storageengine experiences an average latency between 10%20%, depending on the amount of data that a useris reading or writing to the database. When the userwrites only large amounts of data to the database, theperformance impacts fall on the higher side; however,in the more commons scenario of a user performingmostly read-only commands of the data, and theperformance for the majority of organizations will likelyfall between 5-10%.In order to optimize encryption, MongoDB encryptseach database using the encrypted storage engineWiredTiger. MongoDB acquired WiredTiger in2014, and it became the default storage engine forMongoDB beginning with version 3.2. WiredTigeris optimized for high performance, scalability, andsecurity—all features that align with MongoDB’svalue proposition. Additionally, WiredTiger optimizesencryption further by encrypting the database file tothe page level. This means that when a user reads orwrites data to the encrypted database, the operationwill only affect the page on which the data is stored,and not the entire database. This also reducesperformance impacts by limiting the amount of datathat must be encrypted and decrypted in order toencrypt or decrypt a single piece of data.[Read more about MongoDB’s performance testing]In summary, MongoDB offers a robust data-at-restencryption solution that meets the security andperformance needs for the majority of its users. TheNIST FIPS options enable users to meet compliancerequirements around encryption, and the advancedstorage engine WiredTiger automatically supportsyour changing data security needs. While severalthird-party encryption solutions are available toMongoDB users, it is unlikely that these solutions willscale easily alongside your MongoDB deployment.“The performance for the majority oforganizations will likely fall between5-10%.”Page 8
ENCRYPTION KEY MANAGEMENT INMONGODBEncryption & TokenENCRYPTION KEY MANAGEMENT IS THE METHODyou use to protect and manage your encryption keys.The term “key management” confuses some peoplesince simply writing down yourencryption key on a sticky noteand placing it in a locked drawercould be considered “managing”a key. However, in the contextof this page, encryption keymanagement refers to what datasecurity specialists also referred to as “enterprise” or“professional” key management. Enterprise encryptionkey management should meet the key managementframework and recommendations as outlined by NISTin Special Publications SP-800-130 and SP-800-57.As defined by NIST, key management is the methodin which a user protects encryption keys, managesthe entire key lifecycle, distributes encryption keys,and implements additional layers of security to protectkeys and limit user access.MongoDB does not include an enterprise encryptionkey management solution, and users must purchasea solution from a third-party key managementsolution provider. MongoDB allows users to manageencryption keys using a third-party key managementvendor through a standard key management protocolcalled the Key Management Interoperability Protocol(KMIP). KMIP is supported in MongoDB EnterpriseEditions and enables customers to protect encryptionusing a number of tested and validated enterprise keymanagement partners.MongoDB provides the option to manage the masterencryption key in a local file; however, this method ofkey protection is not recommended.Key Management:If you have begun to research third party keymanagement solutions that will help you to do strongkey management, look to see if the key managementserver (virtual or hardware) carries a NIST FIPS 140-2and/or PCI certification. These certifications ensurethat the key management software has been testedby third parties to ensure they meet the higheststandards in key management technology.Secure CommunicaEncryption key management is the cornerstoneof an effective encryption strategy. Without keymanagement, encryption stands alone as only half ofa solution. When you leave the keys to unlock yoursensitive business and customer data exposed, thenyou expose your entire organization to the risk ofdata loss or theft. Luckily, MongoDB was born in theage of modern data security and developed theirno-SQL database with the forethought and insight toincorporate strong encryption and key managementsolutions. Today, with MongoDB Enterprise, MongoDBcustomers can meet encryption and key managementbest practices easily through implementing nativeencryption and deploying a third-party enterprise keymanagement solution.Logging:AuthenticationPage 9
WHAT IS ENTERPRISEKEY MANAGEMENT?ENTERPRISE ENCRYPTION KEY MANAGEMENTincludes both technological and policy-based controlsintegrated to provide the highest level of securityaround an organization’s encryption keys. Both typesof controls are important to protecting encryptionkeys.KEY MANAGEMENT CONTROLSOn a technological and physical level, encryptionkeys should be stored in a logically or physicallyseparate hardware or virtual key server, dedicatedto performing only key management activities suchas key generation, storage, and distribution. The keymanager should house a FIPS 140-2 validated pseudorandom number generator to create new keys andstore those keys in a secure key database. Keys usedfor encrypting data (data encryption keys, or DEKs)should be key-wrapped and encrypted using keyencryption keys (KEKs)--these keys are only used toencrypt DEKs inside the secure key database.Once generated and in use, encryption keys shouldbe distributed for use over a secure Transport LayerSecurity (TLS) session using certificates to authenticatethe user requesting the encryption key. An enterprisekey management server should use the most recent,recommended version of TLS 1.2, as vulnerabilitieswere discovered in TLS 1.1 and TLS 1.0.Lastly, enterprise key managers should performreal-time backup and high availability functions toprevent downtime and ensure business continuity.To accomplish this, each key server should performactive-active mirroring to one or more high availabilityservers as well as perform routine, automatedbackups to secure storage drives.All of these functions are critical to meeting bestpractices and securing encryption keys. However,beyond the technology, an enterprise key managershould implement user rules and administrativeoptions that enforce particular policies and policybased best practices.ENCRYPTION KEY LIFECYCLEA critical administrative component to encryption keymanagement is the ability to manage the completeencryption key life cycle. NIST defines all stages ofa key’s life including key generation, pre-activation,activation, distribution, revocation, post-activation,backup, escrow, and deletion.ExpirationActivationPre-ActivationKey rowDestructionPage 10
WHAT IS ENTERPRISE KEY MANAGEMENT? (CONT)Through an administrative console, securityadministrators should be able to implement controlsthat allow access to keys by designating key usersor user groups. They should also be able to setautomatic key rotation policies so that keys areretired and rolled over after any period of time.These controls help organizations meet data securityrequirements for some regulated industries suchas the payment card industry. The Payment CardIndustry Data Security Standard (PCI DSS) outlineskey management requirements for card holders orprocessors that can typically only be met using anenterprise-level encryption key management solution.POLICY BASED CONTROLSBeyond managing the key lifecycle, an enterprise keymanager should actively audit and log all activity andfunctions performed on the key management serverand record these logs to an external event monitoringor logging server so that malicious activity can bedetected in real time. Your key management solutionshould be compatible with common event monitoringsolutions and export logs in standardized formats inreal time.Your key management solution should also inherentlyenforce policy-based security functions that meetkey management best practices such as separationof duties and dual control. Separation of dutiesensures that no single person controls multiple keymanagement procedures and subsequent distributionof an encryption key. The person requesting the keyand the person managing the key should be twodifferent people. Dual control prevents any singleperson from controlling a key management process.For example, two security administrators should berequired to authenticate access to the key server.While these policy-based controls are sometimesoptional, they should always be available and easyto implement in your encryption key managementsolution.“Your key managementsolution should alsoinherently enforcepolicy-based securityfunctions that meetkey managementbest practices such asseparation of duties anddual control.”Page 11
KMIP FOR CENTRALIZEDKEY MANAGEMENTWHEN MONGODB DECIDED TO IMPLEMENT KMIP,the decision was likely a deliberate strategy to helpusers either leverage the enterprise key managementsolution they already own, or use a new KMIPcompatible key management solution.KMIP enables usersto truly achievecentralized keymanagement. Ahistorical problemsurrounding keymanagement was the difficulty of an organizationto store and manage encryption keys acrossmultiple platforms, operating systems, and oftendepartments. By implementing the KMIP standard,MongoDB contributes to easier implementation of keymanagement throughout organizations, and thereforehelps make key management more user-friendly,which is what MongoDB is best known for.KMIP also enables MongoDB customers to choosetheir own KMIP compliant key management solutionto maintain complete custody of the key managementserver, and therefore the keys. Whether deploying thekey manager in the cloud, in a virtual environment,or on-site, owning a third-party KMIP compliant keymanager allows users to retain total control of theirkeys without sharing access with cloud serviceproviders or software vendors.CENTRALIZED KEYMANAGEMENT IN THE CLOUDWithout deploying a strong encryption keymanagement solution, encryption of sensitive dataon its own is considered ineffective. The same goesfor deploying a key management solution alongsideyour data in the Cloud. Therefore, having options forwhere you deploy key management is an importantfactor in your key management strategy. An effectivekey management solution should not only centralizeyour key management, it should protect your datawherever it is located, whether in the Cloud, a virtualenvironment, or on-site hardware.In combination with a robust database encryptionsolution from MongoDB, your encryption keymanagement solution will elevate your securityposition and total level of control.Your Key Management Provider Should Foster GrowthAlliance Key ManagerVMVirtualizedOn-PremiseCloudFor greatest flexiblity, choose an EKM Provider that works well on-premise,in virtualized, and in cloud environmentsPage 12
MEETING COMPLIANCEIMPLEMENTING DATA SECURITY IN YOURorganization can be a massive undertaking if you aretrying to connect multiple systems across a dispersedorganization. This undertakingcan become even moredaunting for companies thatmust meet industry-specificdata security regulations. Notonly do they have to do datasecurity well, they often have to prove it to an auditor.Along with implementing complicated technology,organizations must keep detailed documentation ofhow each technology helps to meet different aspectsof a certain regulation. A joy for certain detail-oriented,documentation-loving people, and a headache forthose who want to implement technology withoutmuch fuss or bureaucracy.Data security regulations serve a useful purposehowever, which is to ensure and inform customers,partners, and stakeholders that you have in factimplemented various data security tools to protectnot only your own organization, but them as well.Over the past 10 years, several highly-publicized databreaches have revealed that data security does notexist in a vacuum, even when you think it does. Theinterconnected nature of our businesses, the way theyoperate internally and externally, and the networksacross organizations that ensure we stay connected24/7 means that the holes into our systems arebecoming harder and harder to plug. A small breachin one organization could easily lead to a devastatingbreach in another. Consider the Target breach of 2013,where hackers were able to enter the retail giant’snetwork through a network connection to their HVACprovider.Meeting industry data security regulations improvestrust, loyalty and customer and partner retention inindustries like retail and banking where a hackertrying to get in is no longer a matter of “if”—it’s “when”.That’s why it’s critical to choose technologies thatmake your data security plan easier, not harder. Manytech companies strive for security certifications andvalidations that increase trustworthiness in their brandand help their customers to easily check off boxesin their compliance documentation, helping them toovercome their own headaches of meeting industryregulations.Like in other aspects of its database, MongoDB doesthis well when it comes to encryption and encryptionkey management. By providing their customerswith native database-level AES encryption and theopportunity to to use enterprise encryption keymanagement solutions that have been validated bythe National Institute of Standards in Technology(NIST), MongoDB helps customers achieve bothsecurity and compliance more easily than many of itscompetitors.Page 13
MEETING COMPLIANCE (CONT)NATIONAL INSTITUTE OFSTANDARDS AND TECHNOLOGY(NIST)When evaluating your MongoDB database solutionalongside your encryption key management solution,it is important to look for certain certificationsand validations. With MongoDB Enterprise, youalready know that you will be using NIST-validatedAES encryption. When looking at encryption keymanagement solutions, the top validation to look for isNIST FIPS 140-2.NIST FIPS 140-2NIST FIPS 104-2 is a NIST standard that outlinessecurity requirements for cryptographic modules (FIPSPUB 140-2). This publication outlines requirementsfor hardware and software modules that generatecryptographic outputs and are used to protect data.It covers requirements for encryption algorithms,implementation of those algorithms, operatorroles and authentication, encryption key life cyclerequirements, physical security of the module, andoperating system requirements. Levels of security,which can be assigned to the module, are alsodefined, and correspond to the physical security of themodule, including tamper evident and tamper proofcomponents.Encryption key management systems that haveachieved a NIST FIPS 140-2 validation have beentested to the standard by a third-party charteredunder the National Voluntary Laboratory AccreditationProgram (NVLAP), which tests and assesses how wellan encryption key management solution conforms toNIST standards. These tests are notoriously difficult topass, and take many months, or years, as well as manyiterations of the module to achieve a passing grade.Encryption key management solutions that havepassed these tests are considered the best solutionsacross the industry.OASIS KMIPThe Organization for the Advancement of StructuredInformation Standards (OASIS) is a standards bodythat promotes the development and adoption of datastandard for technology including data security.The second and perhaps equally importantcertification to look for when assessing encryptionkey management solutions for MongoDB is the OASISKey Management Interoperability Protocol (KMIP). Thisprotocol was designed to streamline key managementintegrations and meet consumers’ need to easilyswitch key management providers. Software providerssuch as MongoDB who have implemented client-sideKMIP code and tested it for protocol conformity canintegrate KMIP-compliant key management serverswithout any additional development. By implementingKMIP, MongoDB has sent the message that theyare not only compatible with many enterprise-levelencryption key management solutions, but that theyrespect their customers’ need to choose the keymanagement solution that they prefer due to cost,flexibility of deployment, or features.Page 14
MEETING COMPLIANCE (CONT)ENCRYPTION AND KEYMANAGEMENT INDUSTRYSTANDARDS & REGULATIONSNIST certifications cover requirements set forthby other industry-based data security regulations,as these industries look to NIST when developingrequirements for encryption and key management.Below is a list of common industry complianceregulations that NIST and other security certificationswill help you meet.PCI DSS: Payment Card Industry Data SecurityStandards is a set of data security requirementsset forth by the Payment Card Industry SecurityStandards Council for organizations that takeand process cardholder data such as creditcard numbers and the names and addressesassociated with them. PCI DSS sections 3 outlinesrequirements for encryption and encryption keymanagement protocols.HIPAA/HITECH Act: The Health InsurancePortability and Accountability Act and HealthInformation Technology for Economic and ClinicalHealth Act outlines data security regulations for thehealthcare industry. Unfortunately, HIPAA and theHITECH Act don’t specifically require encryptionof sensitive data, but a backdoor “safe harbor”mandate states that if a healthcare organization orone of its Business Associates does experiencea data breach, and protected health information(PHI) is not obscured using encryption or someWHITE PAPER:What Data NeedsEncrypted In MongoDB?A Checklist for MeetingComplianceWhite PaperMONGODBWHITE PAPERwww.townsendsecurity.com724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 800.357.1019 fax 360.357.9047 www.townsendsecurity.comDOWNLOADPage 15
MEETING COMPLIANCE (CONT)other method, then that organization will be heavilypenalized.GLBA/FFIEC: The Gramm-Leach-Bliley Act underthe Federal Financial Institutions ExaminationsCouncil (FFIEC) requires financial institutions toprotect sensitive customer information. The FFIECis clear that information security controls mustbe implemented to comply with a written plan toprotect consumer data.GDPR: While the European Union (EU) does notmandate that all organizations immediately encryptsensitive data as part of the General Data PrivacyRegulation (GDPR), there is an exclusion for subjectdata breach notification and financial penalties forthose organizations who use encryption and othersecurity methods to protect the data.“When evaluating yourMongoDB databasesolution alongsideyour encryption keymanagement solution, itis important to look forcertain certifications andvalidations.”Luckily for MongoDB users across many industries,the ease of implementing encryption and keymanagement tools in MongoDB will ultimately helpthem to meet specific requirements for most industrybased data security regulations. The important thingis to look for validations and certifications that a keymanagement vendor has achieved to ensure thatyour solution will help you to meet compliance withease. Especially look for solutions that have beenvalidated for specific regulations, such as PCI-DSS, asthese validations ensure that the technology has beentested by independent labs to the highest securitystandards and can often act as a “check box” forcompliance.Page 16
BUSINESS CONTINUITYTHIS SECTION WILL ADDRESS BUSINESScontinuity best practices for encryption keymanagement in MongoDB, and how hybriddeployments and autoscaling can improve businesscontinuity in your MongoDB database architecture.INTRODUCTION TO BUSINESSCONTINUITYAlmost all organizations today rely on software tooperate, which means that the idea of softwaresuddenly no longer being available can be anightmare. Critical components of business operationsrely heavily upon continual, real-time availability ofboth front-end and back-end software throughoutthe entire business day. Whether relying uponpoint-of-sale software to process thousands ofcustomer credit and debit cards or utilizing a patienthealthcare database from which a hospital mustrecall hundreds of patient details day in and day out,essential business operations rely almost entirelyupon the functionality and availability of software.When encryption and encryption key managementcome into play in the equation of business continuity,this additional layer of complexity can often scareorganizations away from implementing these tools.System administrators often ask, “What if en
should always encrypt the MongoDB database and use proper key management. DATA AT REST ENCRYPTION To encrypt data at rest, MongoDB Enterprise offers native, storage-based symmetric key encryption at the file level. Whole database encryption is also called Transparent Data Encryption (TDE). First offered in version 3.2, MongoDB utilizes the Advanced
