$MDB Charts & Wired Article

I’m surprised no one on this board alerted to the huge $MDB news today.

https://twitter.com/peregreine/status/1534280040694816769

1) $MDB did not break out of the daily chart down channel, but it looks ready to give it a good try tomorrow. Do not forget to read and understand the implications of the Wired article on MongoDB today:

2) My post with snips from the Wired article about $MDB on Motley Fool today: https://discussion.fool.com/wired-mdb-their-new-encryption-suite…

10 Likes

Thanks Peregrinetrader,

These links you gave lead to more where the original wired article is. IMO, this may be a big deal for Mongo. I read it twice also and I felt strongly enough to act on it.
Just check your not a robot and the article opens.
https://archive.ph/8Sau0
Wired-
“Speed is a challenge in encrypted operations, where every extra key check and computation add complications to basic operations. But MongoDB claims that searches performed with Queryable Encryption are impressively fast and won’t cause unreasonable performance losses—a claim that customers will be able to test for themselves with the new preview. MongoDB is also open-sourcing much of the Queryable Encryption system, so users and other researchers can vet its underlying cryptography.”

I was going to wait till after Mongo’s likely weak Q2 Earnings to buy more;but, I moved up the timeline due to Peregrinetrader’s post here about Mongo’s release of ‘queriable encryption’ It’s not often I’ll trade on one data point; but, I must agree that IMO this is another level advancement in security and given I had the plan in place already, here we are.

Thanks again,

Jason

17 Likes

A short comment:

I already own MDB (14.0% of portfolio) because their Atlas software has been growing ~80% per year and has increasingly been “the tail that wags the dog”, meaning that Atlas growth rate is increasingly becoming MDB’s growth rate. That doesn’t seem to be widely appreciated in the investing community, so I figured this is a good place for some of our money… and I just wanted to mention it again on this board.

This news (highlighted at the Wired article) may make it an even better deal. Proof? For me, the proof will be in the pudding: How does this affect company performance? That’ll take time to develop. In the meantime, we’ll see to what extent it generates excitement in the IT and financial communities.

Rob
Former RB and BL Home Fool, Supernova Portfolio Contributor & Maintenance Fool
He is no fool who gives what he cannot keep to gain what he cannot lose.

5 Likes

Hi Rob,
Yes with Michael Gordon stating in the CC, “ 82% in the quarter compared to the previous year, and now represents 60% of total revenue compared to 51% in the first quarter of fiscal 2022 and 58% last quarter.”

And…my favorite part of this…

“Gross profit in the first quarter was $214.3 million representing a gross margin of 75%, which is up from the last quarter and up from 72% in the year ago period. Our strong year-over-year margin improvement is primarily driven by improved efficiencies that we were realizing in our Atlas business.”.

This business about Mongo buying the company that cracked the Queryable Encryption nut and getting it now ready for preview…I don’t see how this doesn’t move the needle and perhaps reshap some of the security landscape while their at it!

I’m now at ~10% and looking to add more😁

4 Likes

So it’s open source and will work with any database? So anyone can implement it into their software. I am not sure this is a big deal for MDB while it might be great for everyone else.

Andy

2 Likes

Mongo’s blog about the release https://www.mongodb.com/blog/post/mongodb-releases-queryable… states that Mongo is the only DB with this ability🤷???.

3 Likes

Hey Will I can believe that they are the only ones with it now but with it being open source many others will integrate it. Now MDB may make it better in coming releases I just don’t think it will be needle moving for at least a year or two, but I could be wrong.

Andy

1 Like

I do NOT think this moves the needle. While its a nice feature they are adding, this type of technology has been around for awhile among relational database providers.

Note how they worded the release, bold piece I added, but is a very important qualifier:

"With the introduction of Queryable Encryption, MongoDB is the only database provider that allows customers to run expressive queries, such as equality (available now in preview) and range, prefix, suffix, substring, and more (coming soon) on fully randomized encrypted data. "

EXPRESSIVE QUERIES. What is an expressive query? For the purposes of this, it does not include SQL queries.

SQL Server has had this feature since 2016 (Always Encrypted).

MDB has usually lagged their more mature counterparts in security and other areas.

Long MDB

13 Likes

“SQL Server has had this feature since 2016 (Always Encrypted).”

Always Encrypted is only client side not server side encryption…correct?

Compare to Queryable Encryption…

Data encrypted throughout its lifecycle: Queryable Encryption adds another layer of security for your most sensitive data, where data remains secure in-transit, at-rest, in memory, in logs, and in backups. Additionally, Queryable Encryption encrypts data as fully randomized on the server-side.
Queryable Encryption and Always Encrypted are not comparable…

More limitations of Always Encrypted…

5 LESSONS LEARNED WITH SQL ALWAYS ENCRYPTED

https://www.imaginet.com/2020/lessons-learned-sql-always-enc…

snip…

  1. Columns Double in Size
    You can expect the size of the columns you encrypt to roughly double. Depending on the number of columns you need to encrypt and the data type of those columns, this may be significant. We found this to be the most problematic with one customer that stores documents in their database as varbinary data. The database doubled in size when the document column was encrypted.

A list of Always Encrypted limitations from Microsoft…

https://docs.microsoft.com/en-us/sql/relational-databases/se….

Always Encrypted isn’t supported for the columns with the below characteristics. For example, if any of the following conditions apply to the column, the ENCRYPTED WITH clause can’t be used in CREATE TABLE/ALTER TABLE for a column:

Columns using one of the following data types: xml, timestamp/rowversion, image, ntext, text, sql_variant, hierarchyid, geography, geometry, alias, user defined-types.
FILESTREAM columns
Columns with the IDENTITY property.
Columns with ROWGUIDCOL property.
String (varchar, char, etc.) columns with non-bin2 collations.
Columns that are keys for clustered and nonclustered indices when using randomized encryption (deterministic encryption is supported).
Columns included in full-text indexes (Always Encrypted does not support Full Text Search).
Computed columns.
Columns referenced by computed columns (when the expression does unsupported operations for Always Encrypted).
Sparse column set.
Columns that are referenced by statistics when using randomized encryption (deterministic encryption is supported).
Columns using alias types.
Partitioning columns.
Columns with default constraints.
Columns referenced by unique constraints when using randomized encryption (deterministic encryption is supported).
Primary key columns when using randomized encryption (deterministic encryption is supported).
Referencing columns in foreign key constraints when using randomized encryption or when using deterministic encryption, if the referenced and referencing columns use different keys or algorithms.
Columns referenced by check constraints.
Columns captured/tracked using change data capture.
Primary key columns on tables that have change tracking.
Columns that are masked (using Dynamic Data Masking).
Columns in Stretch Database tables. (Tables with columns encrypted with Always Encrypted can be enabled for Stretch.)
Columns in external (PolyBase) tables (note: using external tables and tables with encrypted columns in the same query is supported).
Table-valued parameters targeting encrypted columns aren’t supported.


MongoDB Queryable Encryption Preview:

https://www.mongodb.com/blog/post/mongodb-releases-queryable…

Current state and challenges around data security

Although existing encryption solutions (in-transit and at-rest) cover many regulatory use cases, none of them protects sensitive data while it is in use. In-use data encryption often is a requirement for high-sensitivity workloads for customers in financial services, healthcare, and critical infrastructure organizations. Currently, challenges around in-use encryption technologies include:

In-use encryption is highly complex, involving custom code from the application side in order to encrypt, process, filter, and decrypt the data to show it to the users. It also involves managing encryption keys in order to encrypt/decrypt the data.

Developers need cryptography experience in order to design a secure encryption solution.

Current solutions have limited or no querying capabilities, which makes using encrypted data in applications difficult.

Some of the existing tools, such as homomorphic encryption or secure enclaves have performance unsuited to scalable encrypted search, require proprietary hardware, or have uncertain security properties.

Introducing Queryable Encryption

Queryable Encryption removes operational heavy-lifting, resulting in faster app development without sacrificing data protection, compliance, and data privacy security requirements.

Diagram of how queryable encryption works

Here is a sample flow of operations in which an authenticated user wants to query the data, but now the user is able to query on fully randomly encrypted data. In this example, let’s assume we are retrieving the SSN number of a user.

When the application submits the query, MongoDB drivers first analyze the query.

Recognizing the query is against an encrypted field, the driver requests the encryption keys from the customer-provisioned key provider, such as AWS Key Management Service (AWS KMS), Google Cloud KMS, Azure Key Vault, or any KMIP-enabled provider, such as HashiCorp Vault.

The driver submits the query to the MongoDB server with the encrypted fields rendered as ciphertext.

Queryable Encryption implements a fast, searchable scheme that allows the server to process queries on fully encrypted data, without knowing anything about the data. The data and the query itself remain encrypted at all times on the server.

The MongoDB server returns the encrypted results of the query to the driver.

The query results are decrypted with the keys held by the driver and returned to the client and shown as plaintext.

Advantages of Queryable Encryption

Rich querying capabilities on encrypted data: MongoDB is the only database provider that allows customers to run rich query expressions like range, equality, prefix, suffix, and more on encrypted data. (equality search is in the Preview release and the rest will follow in future releases) This is a huge advantage for customers as they can run expressive queries while securing their data confidently.

Data encrypted throughout its lifecycle: Queryable Encryption adds another layer of security for your most sensitive data, where data remains secure in-transit, at-rest, in memory, in logs, and in backups. Additionally, Queryable Encryption encrypts data as fully randomized on the server-side.

Strong technical controls for critical data privacy use cases: Strong technical controls allow customers to meet the strictest data privacy requirements for confidentiality and integrity using standards-based cryptography. Customers maintain control of encryption keys at all times, and data encryption/decryption happens only on the client-side. This guarantees that only authorized users with access to the client-side application and the encryption keys are able to see the plaintext data. These strong controls can help customers meet data privacy requirements mandated by HIPAA, GDPR, CCPA, and more.

Faster application development: Developers don’t need to be experts in cryptography to protect data with the highest levels of confidentiality and integrity. Unlike an SDK, where the wrong design choice could lead to weakened security, Queryable Encryption is a comprehensive encryption solution using standard-based cryptography and strong key management built-in. It is easy to set up and is supported on popular MongoDB drivers.

Reduce institutional risk: Customers who are migrating to the cloud can confidently store their more sensitive data in MongoDB Atlas. Queryable Encryption allows customers to maintain control of their data while allowing rich, expressive querying capabilities on fully randomized encrypted data.

MongoDB enables strong security defaults to ensure that security configurations such as authentication, authorization, in-transit and at-rest encryption are always on, to make it easy for customers to develop and focus on their business needs. Queryable Encryption adds another layer of security, which is a strong form of technical control enabling our customers to protect data throughout its lifecycle, and you’ll have the ability to run rich queries on the encrypted data.

6 Likes

WillKoe, it’s obvious that you know what you’re talking about. Unfortunately, I’m having a very hard time parsing your opinion - even whether it’s pro or con - on how this affects our conversation.

If it isn’t too much trouble, could you please translate your very informed information into 1 or 2 short paragraphs of English that a geezer who knows computers, but is not a techie by any standards, can understand?

It would be greatly appreciated by me, and hopefully others.

Thanks for considering.

D

5 Likes

RaptorD2,

I disagree with FinallyFoolin’s statement…

“I do NOT think this moves the needle. While its a nice feature they are adding, this type of technology has been around for awhile among relational database providers.”

However I would not assume “you know what you’re talking about”…I am not a software engineer/database manager etc. but I do have some very basic, limited experience with encryption & relational databases.

From what I researched, Always Encrypted for SQL has many limitations and is not even remotely comparable to Queryable Encryption.

Secondly, SQL is inferior vs. MongoDB’s NoSQL when handling “big data”. NoSQL is also faster and more scalable.

I don’t fully understand how SQL queries work or how database engines interact with SQL servers but it looks me that the biggest drawback with Always Encrypted is the client application handles the actual data encryption and decryption outside of the SQL Server environment. In other words the database engine stores the encryption configuration ie. for what columns(fields) are to be encrypted, what encryption algorithm to use and when a query is submitted by the client to the SQL server to process, only then is the data encrypted on the SQL server and returned to the client to be decrypted by the client driver which retrieves an encryption key.

With MongoDB’s Queryable Encryption the data and the query itself remain encrypted at all times on the server, in-transit, at-rest, in memory, in logs, and in backups. This is a far more secure solution IMO.

SQL Always Encrypted was designed to protect sensitive data from unauthorized users i.e. SQL server administrators, database administrators etc. and only allow access to approved individuals.

Queryable Encryption is designed to prevent outside entities i.e. hackers or other bad actors from accessing sensitive data.

10 Likes

Re: General Capabilities
Peter Offringa-
In addition to launching new product offerings that target specific workloads, MongoDB added several capabilities that extend the security, management and ease-of-use of the MongoDB platform for all customer workloads.

I’m re-posting something WillKoe posted that was removed, I believe due to his having copied and pasting too much from the original article from Peter Offringa at Softwarestackinvesting.com and much from Mongo’s Blog posts.

Here is just a little:
Peter Offringa-
“In an even more confident move, MongoDB plans to open source the technology behind the new encryption capability. They will share the code, the algorithms and the math with the broader community. This will generate the benefit of peer review and suggested improvements from academia. While opening up the code could inspire competitors, I suspect they would have challenges in implementing an exact copy. Their database architecture may not be well-suited to the technique or they may encounter performance issues. Additionally, portions of the interface into MongoDB’s system may remain obfuscated or proprietary. In sum, I think the benefits of open sourcing outweigh the risks.

If anything, this capability allows MongoDB to claim superior data security over competitive solutions. In today’s environment, just the marketing message provides a big advantage for MongoDB. Additionally, it removes yet another barrier to adoption, many of which MongoDB has been knocking down one-by-one. At first, it wasn’t performant. Then, didn’t support transactions. Then, it wasn’t as secure. All of these have been addressed, allowing MongoDB to continue its trajectory towards addressing the most mission-critical, scalable and security sensitive data workloads."

Best,

Jason

6 Likes