Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Back To Schedule
Thursday, September 12 • 3:30pm - 4:15pm
Beyond data-at-rest: Advances in Native NoSQL Database Encryption

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Highly sensitive databases require enhanced technical measures to protect the confidentiality of their workloads. Typical controls in our application toolkit for these scenarios include implementing well-defined, mature authentication & authorization, and strong network (data-in-transit) & storage (data-at-rest) encryption paired with modern key management practices. Some systems further offer database-specific encryption mechanisms which work at the physical datafile level (and even the column- or row- level in a relational database) on top of any underlying OS full-disk or whole volume encryption. But fundamentally, these are server-side encryption models where the threat is physical media breach, backup leaks, or possibly protection from certain classes of operating system attacks; the assumption is that the database administrator, root user, or system level processes running on the machine are fully entrusted to access plaintext data and their associated keys.

This session will take a deep dive into the threat models, designs and recent developments in client-side (data-in-use) encryption, including lessons learned from recent work bringing native client-side query integration into the most widely deployed open source NoSQL database in the world. We will discuss the security guarantees, confidentiality/performance trade-offs, and limitations among different types of authenticated encrypted search. Reference query design patterns will be presented, with example code demonstrating strong end-to-end encryption on public cloud or in on-premise datacenters.

avatar for Kenneth White

Kenneth White

Product Security, MongoDB
Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product... Read More →

Thursday September 12, 2019 3:30pm - 4:15pm EDT
Lincoln 5