MongoDB Security – Resources to Keep NoSQL DBs Secure

Forrest Lymburner


We’ve almost become desensitized to the news. It seems that every other day there is a data breach at a major enterprise resulting in confidential customer information being stolen and sold to the highest bidder.

Data breaches rose by 40% in 2016 and once all the numbers are calculated, 2017 is expected to blow that number out of the water. Yahoo announced the largest breach in history in 2017, other companies like Xbox, Verizon, Equifax, and more also announced major breeches.

Because of the 2017 MongoDB Ransomware Hack, security for MongoDB is hot on everyone’s minds.

We decided to pull together some of our top resources that you can use to ensure your MongoDB instances remain secure.

Here are our most popular and relevant resources on the topic of MongoDB Security…

ClusterControl & MongoDB Security

Data is the lifeblood of your business. Whether it’s protecting confidential client data or securing your own IP your business could be doomed should critical data get into the wrong hands. ClusterControl provides many advanced deployment, monitoring and management features to ensure your databases and their data are secure. Learn how!

How to Secure MongoDB with ClusterControl – The Webinar

In March of 2017, at the height of the MongoDB ransomware crisis, we hosted a webinar to talk about how you can keep MongoDB secure using ClusterControl. With authentication disabled by default in MongoDB, learning how to secure MongoDB becomes essential. In this webinar we explain how you can improve your MongoDB security and demonstrate how this is automatically done by ClusterControl.

Using the ClusterControl Developer Studio to Stay Secure

In our blog “MongoDB Tutorial: Monitoring and Securing MongoDB with ClusterControl Advisors” we demonstrated nine of the advisors from our repository for MongoDB that can assist with MongoDB security.

Audit Logging for MongoDB

In our blog “Preemptive Security with Audit Logging for MongoDB” we show that having access to an audit log would have given those affected by the ransom hack the ability to perform pre-emptive measures. The audit log is one of the most underrated features of MongoDB Enterprise and Percona Server for MongoDB. We will uncover its secrets in this blog post.

The 2017 MongoDB Ransom Hack

In January of 2017 thousands of MongoDB servers were held for ransom simply because they were deployed without basic authentication in place. In our first blog on the ransome hack, “Secure MongoDB and Protect Yourself from the Ransom Hack” we explain what happened and some simple steps to keep your data safe. In the second blog, “How to Secure MongoDB from Ransomware – Ten Tips” we went further showing even more things you could do to make sure your MongoDB instances are secure.

The Importance of Automation for MongoDB Security

Severalnines CEO Vinay Joosery shares with us the blog “How MongoDB Database Automation Improves Security” and discusses how the growing number of cyberattacks on open source database deployments highlights the industry’s poor administrative and operational practices. This blog explores how database automation is the key to keeping your MongoDB database secure.

ClusterControl for MongoDB

Users of MongoDB often have to work with a variety of tools to achieve their requirements; ClusterControl provides an all-inclusive system where you don’t have to cobble together different tools.

ClusterControl offers users a single interface to securely manage their MongoDB infrastructures and mixed open source database environments, while preventing vendor lock-in; whether on premise or in the cloud. ClusterControl offers an alternative to other companies who employ aggressive pricing increases, helping you to avoid vendor lock-in and control your costs.

ClusterControl provides the following features to deploy and manage your MongoDB stacks…

  • Easy Deployment: You can now automatically and securely deploy sharded MongoDB clusters or Replica Sets with ClusterControl’s free community version; as well as automatically convert a Replica Set into a sharded cluster if that’s required.
  • Single Interface: ClusterControl provides one single interface to automate your mixed MongoDB, MySQL, and PostgreSQL database environments.
  • Advanced Security: ClusterControl removes human error and provides access to a suite of security features automatically protecting your databases from hacks and other threats.
  • Monitoring: ClusterControl provides a unified view of all sharded environments across your data centers and lets you drill down into individual nodes.
  • Scaling: Easily add and remove nodes, resize instances, and clone your production clusters with ClusterControl.
  • Management: ClusterControl provides management features that automatically repair and recover broken nodes, and test and automate upgrades.
  • Advisors: ClusterControl’s library of Advisors allows you to extend the features of ClusterControl to add even more MongoDB management functionality.
  • Developer Studio: The ClusterControl Developer Studio lets you customize your own MongoDB deployment to enable you to solve your unique problems.

To learn more about the exciting features we offer for MongoDB click here or watch this video.

Subscribe below to be notified of fresh posts