Data Resiliency with Mongo RBAC
At Complyify, we take data seriously. Data drives business objectives. Data enables our partners to identify compliance wins and dog pile potential shortcomings. We believe, as stewards of our customer data, that efficient and secure retrieval of data is an integral business requirement. Today we’ll look at one component of our data management toolbox - secure data retrieval with Mongo Role-based Access Control through x.509 authorization.
By default, collection-based retrieval within Mongo is accessible to any entity able to establish a successful connection. Of course, access to the mongo server can be limited through traditional governance mechanisms such as placing the database behind your DMZ and enforcing SSL connections. However, it’s naive and often dangerous to lean on networking layer security for something as critical.
Instead, you can apply an additional layer of security wherein services and other agents are given privileges with certificates issued by your trusted certificate chain. Users are forced to authenticate with their unique CN and read/write permissions can be managed at the collection or database level.
This is especially useful when running a distributed microservice architecture. Individual services are issued certificates by a trusted CA and given /least-necessary privileges/ to the collections within their bounded context. In doing so, the domain model remains resilient to dilution from cross-service pollution. More importantly, foreign actors able to open a connection to our database are unable to extract information from the database without a valid certificate issued by the appropriate CA.
Role-based access control with x509 authorization is a powerful tool in the Complyify toolbox that, when combined with proper key management and access-control policies, enables us to deliver customer value with high confidentiality and availability.