We are in the process of setting up a PCI compliant server (with Firehost's help). We are using MongoDB as our primary database. I am having some concerns about the encryption, though. Are there any advantages of Field-level data encryption over Disk encryption (maybe with something like truecrypt)? Which would be the preferred choice for a PCI compliant MongoDB database server?
Asked
Active
Viewed 1,645 times
1 Answers
2
Field level encryption is important in case of SQL injections or your database server getting hacked. Assuming application and database are on different servers, the data will still be encrypted by application server.
Full-disk encryption would help in case of hardware theft as otherwise encrypted server will not be protected in case it is broken into as your encrypted partitions will be mounted so you database (MongoDB) can access it.
From this I would say that Field-level data encryption should be your focus.