Encryption At Rest¶
Application Level Encryption¶
Application Level Encryption provides encryption on a per-field or per-document basis within the application layer. To encrypt document or field level data, write custom encryption and decryption routines or use a commercial solution such as the Vormetric Data Security Platform.
Storage Encryption encrypts all MongoDB data on the storage or operating system to ensure that only authorized processes can access protected data. A number of third-party libraries can integrate with the operating system to provide transparent disk-level encryption. For example:
- Linux Unified Key Setup (LUKS)
- LUKS is available for most Linux distributions. For configuration explanation, see the LUKS documentation from Red Hat.
- IBM Guardium Data Encryption
- IBM Guardium Data Encryption provides support for disk-level encryption for Linux and Windows operating systems.
- Vormetric Data Security Platform
- The Vormetric Data Security Platform provides disk and file-level encryption in addition to application level encryption.
- Bitlocker Drive Encryption
- Bitlocker Drive Encryption is a feature available on Windows Server 2008 and 2012 that provides disk encryption.
Properly configured disk encryption, when used alongside good security policies that protect relevant accounts, passwords, and encryption keys, can help ensure compliance with standards, including HIPAA, PCI-DSS, and FERPA.