MongoDB today announced at its developer conference MongoDB.local Chicago the general availability of Queryable Encryption, which it says is a first-of-its-kind technology that helps organizations protect sensitive data when it is queried and in-use on MongoDB. 

As data volumes skyrocket, so do the intricacies of modern applications. Coupled with growing regulatory demands, companies face a challenging task of managing sensitive information. Enter MongoDB Queryable Encryption: a tool that not only bolsters data protection, but also ensures a seamless developer experience, according to the company — no Ph.D. in cryptography needed.

“Protecting data is critical for every organization, especially as the volume of data being generated grows and the sophistication of modern applications is only increasing,” said MongoDB Chief Product Officer Sahir Azam. “Organizations also face the challenge of meeting a growing number of data privacy and customer data protection requirements. Now, with MongoDB Queryable Encryption, customers can protect their data with state-of-the-art encryption and reduce operational risk — all while providing an easy-to-use capability developers can quickly build into applications to power experiences their end-users expect.”

Breaking down the encryption game

Historically, encryption has been the cornerstone of data protection. Whether it’s in-transit across networks, at-rest in storage or in-use during processing, data encryption ensures sensitive information remains in the right hands. The roadblocks? Processing and analyzing encrypted data, which requires decryption.

The big takeaway from MongoDB’s Queryable Encryption is in its ability to keep data encrypted across its entire lifecycle — even during query processing. Picture this: A financial analyst needs to pull up a customer’s savings account details. With Queryable Encryption in play, the entire process, from querying to retrieval, keeps the data encrypted.

Only with a customer-controlled decryption key can the information be viewed, substantially mitigating the risk of unwanted exposure. The Holy Grail in encryption has been smart, high performance, secure access and retrieval of data unhackable. Now, says MongoDB, it’s here with Queryable Encryption. 

Open source with a secure global vision

The encryption technology has its roots in the MongoDB Cryptography Research Group and, notably, is open source. This move allows developers and businesses worldwide to dive deep into the cryptographic methods and code that power this state-of-the-art technology — further enhancing trust and compliance.

Moreover, MongoDB’s encryption is designed to integrate with key management services across major cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud, offering businesses flexibility in managing cryptographic keys.

MongoDB’s innovation hasn’t gone unnoticed. Renault Group, a big name in the auto industry, stands out as an enthusiastic early adopter. “MongoDB’s Queryable Encryption is pivotal for our data protection and compliance,” noted Xin Wang, a solutions architect at Renault. “As we look toward the future, we’re keen on delving deeper into this technology, especially as it pertains to performance optimization.”

For developers, grappling with data protection protocols can be a maze of complexities. MongoDB hopes to change that with its newly launched MongoDB Queryable Encryption.

Azam emphasizes the tool’s easy integration into application development, potentially reducing the steep learning curve often associated with encryption.

Developer-centric look at MongoDB’s encryption

At the heart of application development lies the crucial aspect of data management and searching data securely or encrypted. Traditional encryption processes, while effective, often introduce added layers of complexity during the data querying phase. MongoDB’s offering, on the other hand, promises consistent encryption, even during querying. This could prove a game-changer for sensitive workloads.

For a developer, this means less juggling. Imagine building a banking application: With Queryable Encryption, both the data retrieval and processing steps are encrypted, reducing the steps and potential pitfalls for developers. The promise? More secure applications, built more efficiently.

Open source: a collaborative playground for developers

The open-source nature of MongoDB’s encryption, birthed from its Cryptography Research Group, means a developer can dive deep into it, understand, tweak and even contribute to it. It’s an avenue for collective growth, though MongoDB will need to ensure the platform remains secure amid this transparency.

Additionally, its compatibility with major services such as AWS, Azure and Google Cloud suggests an ease of integration, making a developer’s life potentially less fragmented.

Game-changer for developers

While larger industry names like Renault Group have shown interest, it’s the developer community that will be the litmus test. 

MongoDB’s Queryable Encryption appears poised to offer developers a more streamlined approach to data security. Though it’s early days, the signs point to a potentially indispensable tool in a developer’s workflows. As with all tech, its true value will be determined by how well developers can integrate it into their daily grind.

Kenn White, a security principal at MongoDB, talked about the story behind the technology’s development that really captured attention. MongoDB’s journey from concept to reality, and the obstacles faced along the way, shed light on the immense complexities of modern encryption.

The road to queryable encryption

According to White, MongoDB faced a myriad of challenges in the creation of their new encryption technology. Encryption is intricate, where the smallest leaks or vulnerabilities can have huge ramifications. Issues such as buffer overflows had to be navigated meticulously because they might let attackers undermine security. MongoDB says it worked with crypto pros and experts to lock down all aspects of hacking encryption.  

The company took an external collaborative approach, partnering with Brown University’s Encrypted Systems Lab. The project gained valuable insights from academia. But theoretical knowledge wasn’t enough.

MongoDB recognized the gap between academia and real-world application and acquired the encryption team and encrypted search was on the road to real-world scenarios like server-side cache, coherency and state. Although MongoDB wouldn’t reveal the exact acquisition date, the strategic investment symbolizes their significant foray into advanced security for MongoDB and its high end customers and now for developers.

Performance: a crucial ingredient

Ensuring performance isn’t compromised is vital. While the initial tests for IoT streaming and heavy inserts revealed performance concerns, MongoDB dedicated five months to enhancing this. Performance is incredible and only getting better, says White.  “In real-time, the delay amounted to just milliseconds — a benchmark many developers will appreciate, especially for sensitive operations like credit card transactions,” he said.

White identifies the win for developers. “Recognizing that developers aren’t cryptography experts, their goal is to simplify the process — from auto-generating keys to ensuring compatibility with cloud providers’ transition to ‘bearer tokens,'” he said.

 MongoDB’s vision: beyond encryption

The release of Queryable Encryption isn’t just about adding a feature. It’s a step toward MongoDB’s vision of broader, distributed security across cloud platforms, countering both external and internal threats. As the digital landscape transforms, MongoDB seems poised to make encryption not just more robust but more user-friendly for developers everywhere.

If developers can get encryption that’s easy to use, that should make programming secure apps easier.

Images: MongoDB