Modal Title
Data / Security / Software Development

MongoDB 6.0 Offers Client-Side End-to-End Encryption

In this latest edition of The New Stack Makers podcast, we discuss a new developer-friendly feature of the MongoDB database — end-to-end client-side encryption, which allows an application to query an encrypted database, one that encrypts the queries themselves, an industry first, according to Kenneth White, who discussed this technology in depth to TNS publisher Alex Williams, in a conversation recorded at MongoDB World, held last week in New York.  
Jun 16th, 2022 6:40am by
Featued image for: MongoDB 6.0 Offers Client-Side End-to-End Encryption

“Developers aren’t cryptographers. We can only do so much security training, and frankly, they shouldn’t have to make hard choices about this encryption mode or that encryption mode. It should just, like, work,” said Kenneth White, a security principal at MongoDB, explaining the need for MongoDB’s new Queryable Encryption feature.

In this latest edition of The New Stack Makers podcast, we discuss MongoDB‘s new end-to-end client-side encryption, which allows an application to query an encrypted database and keep the queries in transit encrypted, an industry first, according to the company.

MongoDB 6.0 Offers Client-Side End-to-End Encryption

White discussed this technology in depth to TNS publisher Alex Williams, in a conversation recorded at MongoDB World, held last week in New York.  

MongoDB has offered the ability to encrypt and decrypt documents since MongoDB 4.2, though this release is the first to allow an application to query the encrypted data. Developers with no expertise in encryption can write apps that use this capability on the client-side, and the capability itself (available in preview mode for MongoDB 6.0) adds no noticeable overhead to application performance, so claims the company.

Data remains encrypted all times, even in memory and in the CPU; The keys never leave the application and cannot be accessed by the server. Nor can the database or cloud service administrator be able to look at the raw data.

For organizations, queryable encryption greatly expands the utility of using MongoDB for all sorts of sensitive and secret data. Customer service reps, for instance, could use the data to help customers with issues around sensitive data, such as social security numbers or credit card numbers.

In this podcast, White also spoke about the considerable engineering effort to make this technology possible — and make it easy to use for developers.

“In terms of how we got here, the biggest breakthroughs weren’t cryptography, they were the engineering pieces, the things that make it so that you can scale to do key management, to do indexes that really have these kinds of capabilities in a practical way,” White said.

It was necessary to serve a user base that needs maximum scalability in their technologies. Many have “monster workloads,” he notes.

“We’ve got some customers that have over 800 shards, meaning 800 different physical servers around the world for one system. I mean, that’s massive,” he said. “So it was a lot of the engineering over the last year and a half [has been] to sort of translate those math and algorithm techniques into something that’s practical in the database.”

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.