MongoHQ wrote a helpful blog on the encryption features in MongoDB. Its a big deal for the larger, more cautious companies as well as smaller ones, so it behooves a MongoDB host in company like MongoHQ to help share information about MongoDB's security.
The two primary levels for encryption are:
- “Data-in-motion” is protected by encrypting the data in transit; solved with SSL/TLS. We’ll have more to say about this in a future post.
- “Data-at-rest” is protected by encrypting stored information, the topic of this post.
Data-at-rest encryption can be solved with any/all of the following:
- Encrypt the entire drive
- Encrypt individual files or databases on the disk
- Encrypt entire documents (rows in SQL-land) or individual attributes (columns in SQL-land) at the application level
The post also emphasizes that application-level encryption is paramount.