🔒 Considerations for Managing Data Security:

• Compliance and privacy regulations 🔍
• Penalties: Leaders fully aware of costs for storing and managing data 💰
• Scalability: Grow in the future, demand requires 🚀
• Legacy Infrastructure: Easily comply with data regulations 👨‍💻
• Flexibility: Meet regulations, grow in breadth and complexity 🧠
• Cost: Manual processes, noncompliance 💸

🌍 Zones in Sharded Clusters:

• Sharding to deploy large data sets 📊
• Create zones of sharded data based on the shard key 🗺️

🔐 Network Isolation and Access:

• Virtual private cloud (VPC) 🛡️
• Isolating data, systems 🔒
• Highly available within each region ↔️
• Each shard of data will have multiple nodes 💻
• Automatically and transparently failover for zero downtime ⚠️

🌐 Multi-Cloud Clusters:

• AWS, Microsoft Azure, Google Cloud 🌍
• Define a geographic location for each document 📍
• Keep relevant data close to end users for regulatory compliance 🌍

🔒 IP Whitelists:

• Allow to specify a specific range of IP addresses to access 🔐
• Granular control over data 🔍

🔒 Queryable Encryption:

• Encryption of sensitive data from client side, stored as fully randomized 🔐
• Without sacrificing performance 🚀

🌍 MongoDB Atlas Global Clusters:

• Control data deployment to specific geographical regions for fulfilling data policies and compliance 🌍

🔒 Client-side Field-level Encryption:

• Protect data while being transmitted, at rest and in use 🔒
• Database never sees plaintext, but data remains queryable 🔍
• Privacy regulations (GDPR, CCPA, PII) 🌍
• Make data unreadable, unrecoverable: in memory, at rest, in backups, in logs 🔒

🔒 KMIP: Cryptographic Operations 🔒

• Defines how key management operations and data exchange between client and servers 🔑
• Supports any KMIP-enabled key provider (e.g., AWS, Google Cloud, Azure) 🌍
• Allows the use of custom in-house key management software 💻

🔒 Encrypted Data Example: 🔒

1. MongoDB driver requests key from KMIP key provider (e.g., AWS) 🔑
2. Driver uses the key to encrypt the SSN number 🔒
3. Driver submits the query to the database with the encrypted SSN number as ciphertext 🔒
4. Database returns the encrypted query results to the driver 🔒
5. Driver decrypts the query results using the keys 🔓

🔒 Encrypted Data Advantages: 🔒

• Reduces the risk of unauthorized access 🚫
• Reduces the risk of sensitive data disclosure 🚫
• Data is encrypted before leaving the application 🔒
• Protects data over the network, in database memory, at rest in storage and backups, and in system logs 🔒

🌍 MongoDB Segmenting Data by Location with Sharded Clusters: 🌍

Challenges:

• CPU and/or memory becomes overloaded 🔥
• Cannot respond to request traffic 🚦
• Increase in database response time 🕰️
• Out of storage 💽
• Network interface is overloaded 🌐

Solution: Sharding 🔧

• Horizontal scaling 🚀
• Additional database nodes (replicas) to share request traffic 💻
• Distributed across nodes in different regions for a balanced cluster 🌍
• Create zones of sharded data based on the shard key 🗺️
• Associate each zone with one or more shards in the cluster 🔗

Sharding Details:

• If additional database nodes go down, other nodes (replicas) can still serve read & write operations 🔁
• If additional database nodes go down, other nodes (replicas) can only serve read operations 📖

Reference:

https://www.mongodb.com/library/mainframe-modernization/reference-architecture-mainframe-modernization?lb-mode=overlay
Reference Architecture: Mainframe Modernization

https://www.mongodb.com/solutions/solutions-library
Solutions Library

Editor

Danny Chan, specialty of FSI and Serverless

Kenny Chan, specialty of FSI and Machine Learning