20 Understanding Atlas and MongoDB security features

This chapter covers

Learning Atlas’s shared responsibility model
Using authentication, authorization, and auditing
Encrypting data using customer-managed keys
Securing network connections
Defending Atlas in depth

In the digital age, cybersecurity is essential for protecting sensitive information from a wide range of advanced threats. Strong security measures help maintain data confidentiality (keeping information private), integrity (ensuring that data isn’t altered without permission), and availability (keeping data accessible). These three elements are the foundation for building customer trust, securing personal and business data, and meeting legal requirements across industries. Without effective cybersecurity, data breaches can lead to serious financial loss, regulatory penalties, and lasting reputational damage. Also, with remote work and cloud-based systems becoming the norm, the risk of cyberattacks is higher than ever, making cybersecurity a critical priority for every organization.

20.1 Understanding the shared responsibility model

20.2 Managing authentication

20.2.1 Choosing an Atlas database cluster authentication method

20.2.2 Integrating with HashiCorp Vault

20.2.3 Choosing the authentication method

20.3 Handling authorization

20.3.1 Understanding the principle of least privilege

20.3.2 Differentiating Atlas user roles

20.3.3 Using MongoDB RBAC

20.4 Auditing Atlas

20.5 Encrypting data in Atlas

20.5.1 Encrypting data in transit

20.5.2 Encrypting data at rest

20.5.3 Managing encryption keys yourself

20.5.4 Encrypting during processing

20.6 Securing the network

20.6.1 Using an IP access list

20.6.2 Peering networks

20.6.3 Using private endpoints

20.7 Implementing defense in depth