Skip to content

DOCS-3773 #1941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

DOCS-3773 #1941

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b4a1d3c
DOCS-3773 - remove Gazzang, harmonize with security whitepaper
Aug 20, 2014
6ad5c4f
Merge branch 'master' into DOCS-3773
Aug 22, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 24 additions & 10 deletions source/core/security-introduction.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,20 +85,34 @@ See :doc:`/tutorial/configure-ssl` for more information.
Encryption at Rest
~~~~~~~~~~~~~~~~~~

MongoDB has a partnership with Gazzang to encrypt and secure sensitive
data within MongoDB. The solution encrypts data in real time, and Gazzang
provides advanced key management that ensures only authorized processes
can access this data. The Gazzang software ensures that the cryptographic
keys remain safe and ensures compliance with standards including HIPAA,
PCI-DSS, and FERPA.
There are two broad classes of approaches to encrypting data at rest with
MongoDB, which can be used independently or in concert:

For more information on the partnership, refer to the following resources:
One option is to provide encryption on a per-field or per-document basis within
the application layer, either by writing custom encryption and decryption
routines or by making use of commercial solutions such as the `Vormetric Data Security Platform <http://www.vormetric.com/sites/default/files/sb-MongoDB-Letter-2014-0611.pdf>`_.

- `Partnership <https://www.mongodb.com/partners/technology/gazzang>`_
The other is to use one of a number of third-party libraries that integrate with
the operating system to provide transparent disk-level encryption that ensures
that only authorized processes can access protected data. Examples of such
solutions include:

- `Datasheet <http://www.gazzang.com/images/datasheet-zNcrypt-for-MongoDB.pdf>`_
- Linux Unified Key Setup (LUKS), which is available for most Linux
distributions and whose configuration is illustrated in `documentation from
Red Hat <https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html>`_,

- `Webinar <http://gazzang.com/resources/videos/partner-videos/item/209-gazzang-zncrypt-on-mongodb>`_
- `IBM Guardium Data Encryption <http://www-03.ibm.com/software/products/en/infosphere-guardium-data-encryption>`_, which provides support for disk-level
encryption under both the Linux and Windows operating systems,

- The aforementioned `Vormetric Data Security Platform <http://www.vormetric.com/sites/default/files/sb-MongoDB-Letter-2014-0611.pdf>`_, which also provides
disk- and file-level encryption, and

- `Bitlocker Drive Encryption <http://technet.microsoft.com/en-us/library/hh831713.aspx>`_, a feature available on Windows Server 2008 and 2012 that provides
disk encryption.

Properly configured disk encryption, when used alongside good security policies
that protect relevant accounts, passwords, and encryption keys, can help ensure
compliance with standards such as HIPAA, PCI-DSS, and FERPA.

Hardening Deployments and Environments
--------------------------------------
Expand Down