MongoDB Enterprise Encryption and Key Management
MongoDB Enterprise eliminates the overhead of file and folder-based encryption solutions by providing encryption support directly in the database engine. For encryption key management MongoDB recommends the use of an external encryption key management solution like Alliance Key Manager for MongoDB.
MongoDB customers can deploy Alliance Key Manager and install the PKI certificates on the database server to easily begin retrieving encryption keys. Using native command line operations, users can generate a master encryption key and encrypt database keys with Alliance Key Manager for MongoDB.
Never Lose Access to Encrypted Data
Alliance Key Manager mirrors keys between multiple load-balanced key management appliances over a secure and mutually authenticated TLS connection for hot backup and disaster recovery support.
Complete Audit Trail
Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity.
Meet Compliance Requirements
By easily deploying encryption and key management, MongoDB customers can meet a wide variety of compliance regulations including PCI DSS, HIPAA, FISMA, EU General Data Protection Regulation, and many others.
In addition to providing keys for MongoDB, Alliance Key Manager can also provide support for for many number of databases (SQL Server, MySQL, etc.) without additional license fees. This provides businesses with a predictable total cost of ownership.
The Platform You Are On
MongoDB customers can deploy Alliance Key Manager as a hardware security module (HSM), VMware virtual machine, or in the cloud as a native Amazon Web Services (AWS) EC2 instance or Microsoft Azure virtual machine. Alliance Key Manager supports seamless migration and hybrid implementations.
Deployment & Training Services Are Included
Complexity is usually the largest concern in integrating encryption key management. Townsend Security has simplified the process. When businesses choose Alliance Key Manager, they not only receive industry leading encryption key management, but free deployment and security hardening services. Townsend Security’s services team will:
- Install and initialize Alliance Key Manager (AKM) virtual image
- TLS certificate management, download and expiration date tracking
- Redundancy implementation of mirroring
- Backup configuration support
- Security log forwarding via Syslog
- MFA activation
- Installation and configuration of Admin Console for key lifecycle management
- Key retrieval configuration including vSphere, SQL TDE, MongoDB TDE, etc...