MongoDB Releases Queryable Encryption Preview

Cynthia Braund and Pramod Borkar

#MongoDB World

Today we are announcing the Preview release of Queryable Encryption, which allows customers to encrypt sensitive data from the client side, store it as fully randomized encrypted data on the database server side, and run expressive queries on the encrypted data.

With the introduction of Queryable Encryption, MongoDB is the only database provider that allows customers to run expressive queries, such as equality (available now in preview) and range, prefix, suffix, substring, and more (coming soon) on fully randomized encrypted data. This is a huge advantage for organizations that need to run expressive queries while also confidently securing their data.

Why is Queryable Encryption an important technology?

With the proliferation of different types of data being transmitted and stored in the cloud, protecting data is increasingly important for companies. Enterprises with high-sensitivity workloads require additional technical options to control and limit access to confidential and regulated data. For many enterprise and federal customers, compliance obligations dictate that the sensitivity of certain workloads requires the separation of duties of personnel. For example, analysts at a stock brokerage firm may query to find clients and the number of shares, the broker can make stock transactions on behalf of the investor, and database administrators (DBAs) manage the data, while the sensitive and personally identifiable information (PII), such as social security number (SSN), should be completely hidden.

Another important focus area for organizations is complying with data privacy and customer data protection mandates. This applies both to customers who use the data, and vendors who store the data for them. Data privacy regulations can involve complying with laws within and outside your industry that help protect sensitive data. Making sure that you are following all necessary measures to protect your customers’ most sensitive data is a process. Data protection and privacy are typically applied to high-sensitivity information, such as personal health information (PHI) and PII.

Current state and challenges around data security

Although existing encryption solutions (in-transit and at-rest) cover many regulatory use cases, none of them protects sensitive data while it is in use. In-use data encryption often is a requirement for high-sensitivity workloads for customers in financial services, healthcare, and critical infrastructure organizations. Currently, challenges around in-use encryption technologies include:

  • In-use encryption is highly complex, involving custom code from the application side in order to encrypt, process, filter, and decrypt the data to show it to the users. It also involves managing encryption keys in order to encrypt/decrypt the data.

  • Developers need cryptography experience in order to design a secure encryption solution.

  • Current solutions have limited or no querying capabilities, which makes using encrypted data in applications difficult.

  • Some of the existing tools, such as homomorphic encryption or secure enclaves have performance unsuited to scalable encrypted search, require proprietary hardware, or have uncertain security properties.

Introducing Queryable Encryption

Queryable Encryption removes operational heavy-lifting, resulting in faster app development without sacrificing data protection, compliance, and data privacy security requirements.

Diagram of how queryable encryption works

Here is a sample flow of operations in which an authenticated user wants to query the data, but now the user is able to query on fully randomly encrypted data. In this example, let’s assume we are retrieving the SSN number of a user.

  1. When the application submits the query, MongoDB drivers first analyze the query.

  2. Recognizing the query is against an encrypted field, the driver requests the encryption keys from the customer-provisioned key provider, such as AWS Key Management Service (AWS KMS), Google Cloud KMS, Azure Key Vault, or any KMIP-enabled provider, such as HashiCorp Vault.

  3. The driver submits the query to the MongoDB server with the encrypted fields rendered as ciphertext.

  4. Queryable Encryption implements a fast, searchable scheme that allows the server to process queries on fully encrypted data, without knowing anything about the data. The data and the query itself remain encrypted at all times on the server.

  5. The MongoDB server returns the encrypted results of the query to the driver.

  6. The query results are decrypted with the keys held by the driver and returned to the client and shown as plaintext.

Advantages of Queryable Encryption

  1. Rich querying capabilities on encrypted data: MongoDB is the only database provider that allows customers to run rich query expressions like range, equality, prefix, suffix, and more on encrypted data. (equality search is in the Preview release and the rest will follow in future releases) This is a huge advantage for customers as they can run expressive queries while securing their data confidently.

  2. Data encrypted throughout its lifecycle: Queryable Encryption adds another layer of security for your most sensitive data, where data remains secure in-transit, at-rest, in memory, in logs, and in backups. Additionally, Queryable Encryption encrypts data as fully randomized on the server-side.

  3. Strong technical controls for critical data privacy use cases: Strong technical controls allow customers to meet the strictest data privacy requirements for confidentiality and integrity using standards-based cryptography. Customers maintain control of encryption keys at all times, and data encryption/decryption happens only on the client-side. This guarantees that only authorized users with access to the client-side application and the encryption keys are able to see the plaintext data. These strong controls can help customers meet data privacy requirements mandated by HIPAA, GDPR, CCPA, and more.

  4. Faster application development: Developers don't need to be experts in cryptography to protect data with the highest levels of confidentiality and integrity. Unlike an SDK, where the wrong design choice could lead to weakened security, Queryable Encryption is a comprehensive encryption solution using standard-based cryptography and strong key management built-in. It is easy to set up and is supported on popular MongoDB drivers.

  5. Reduce institutional risk: Customers who are migrating to the cloud can confidently store their more sensitive data in MongoDB Atlas. Queryable Encryption allows customers to maintain control of their data while allowing rich, expressive querying capabilities on fully randomized encrypted data.

MongoDB enables strong security defaults to ensure that security configurations such as authentication, authorization, in-transit and at-rest encryption are always on, to make it easy for customers to develop and focus on their business needs. Queryable Encryption adds another layer of security, which is a strong form of technical control enabling our customers to protect data throughout its lifecycle, and you’ll have the ability to run rich queries on the encrypted data.

Advanced Cryptography Research Group

Queryable Encryption was designed by MongoDB’s Advanced Cryptography Research Group, headed by Seny Kamara and Tarik Moataz, who are pioneers in the field of encrypted search. The Group conducts cutting-edge peer-reviewed research in cryptography and works with MongoDB engineering teams to transfer and deploy the latest innovations in cryptography and privacy to the MongoDB data platform.

Resources

For more information on Queryable Encryption, refer to the following resources: