Do MongoDB employees have access to the data in my collections?

I use MongoDB Realm which is linked to an Atlas cluster. I store sensible user data in this cluster.

Do MongoDB employees have access (read or write) to the data in the collections in my cluster?

Hi Jean-Baptiste,

Thanks for the great question. The short answer is no, role based access control and the principle of least privilege prevent MongoDB employees from having read or write access to the data in the collections in your cluster.

However, a more complete answer would point out that certain “break glass” scenarios exist in which appropriate MongoDB Production Support employees could leverage metadata or logs in context of recovery from a failure scenario that could in turn contain snippets of sensitive customer data: this is where governance comes in. MongoDB Cloud is a mature cloud platform operated with a governance philosophy in line with our information security management system which in turn adopts the best practices of the ISO-27001, PCI-DSS, SOC-2, and HIPAA standards, as validated by third party auditors.

For an in-depth review of our Technical and Operational Security Controls, please review this resource:

For further reading on MongoDB’s industry-leading security capabilities built for financial services, healthcare, and government use cases, I recommend the whitepaper available a https://www.mongodb.com/cloud/trust and in particular would point out the Client-Side Field Level Encryption capability which allows you to configure subsets of your schemas (namely for the data of highest classification level where you’re willing to trade off reduced queryability for guaranteed confidentiality) which ensures that only ciphertext ever enters the MongoDB Cloud trust boundary for those schema subsets.

Cheers
-Andrew

4 Likes

@Andrew_Davidson Thank you for the great, complete answer!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.