MarkLogic Server is the most secure multi-model database. Network and application security is important, but we are driven by the principle that data must be secured at its core where it resides in the database. That’s why large investment banks, major healthcare organizations, and classified government systems all trust MarkLogic Server with their most critical data assets. They trust MarkLogic’s database security policy.
MarkLogic Server offers advanced enterprise data security controls that are beyond what any multi-model database offers. Data loss prevention and other security principals are central to what we do.
Security is not a feature that needs to be turned on and configured. When data is loaded, it is immediately secured.
MarkLogic has scalable controls for authentication, ensuring that the system easily integrates into your environment.
MarkLogic has granular access controls to govern what a user can do and see. Each user is associated with any number of roles, and each role is given privileges that determine what they can do. Also, each document has permissions dictating which roles can see and edit it. Security checks verify the necessary credentials before granting the requested action, and security information is stored in a specific security database in MarkLogic.
MarkLogic secures data at the collection level, document level, and even element/property level (like cell-level security in a relational database). This goes beyond what other document databases provide as it’s very hard to engineer on the back-end and maintain performance, but MarkLogic does it.
MarkLogic closely monitors database activity and makes it possible to audit document access and updates, configuration changes, administrative actions, code execution, and changes to access control.
Cutting-edge data encryption protects against unauthorized access of the database by a SysAdmin or Storage Admin. It allows data, configuration, and logs to be encrypted while the files are resting on disk using AES-256 encryption, and it conforms to FIPS 140 criteria.
In addition to RBAC, MarkLogic can also employ other security models such as Attribute-Based Access Control (ABAC), Policy-Based Access Control (PBAC), or Label-Based Access Control (LBAC). These models further restrict access based on attributes (e.g., social security number, IP address, user’s age, or time of day), policies, or simple labels representing “high” or “low” levels of trust.
Out-of-the-box, MarkLogic provides you with the industry-leading security you need. But your organization may require the Advanced Security add-on, which includes three additional capabilities.
MarkLogic deployments are architected to ensure complete data privacy. That is why when you’re using MarkLogic Server, no one except those you authorize ever get access to the data you store in MarkLogic. Ever.
For self-managed MarkLogic deployments, MarkLogic support teams may get access to authorized telemetry data that includes performance data, configuration data, and log data in order to more quickly solve support problems. The telemetry feature can be easily toggled on or off.
MarkLogic Server is in production on mission-critical systems with demanding security requirements, which is why the database has achieved top security certifications from various third parties.
International standard (ISO/IEC 15408) for a common set of functional and assurance security requirements, evaluated by licensed labs.
MarkLogic is the only non-relational database to have this.
Documented guidelines for deploying in U.S. DoD/DISA IT systems that provide guidance on how to set up and configure a product.
MarkLogic has been “STIG’d” for multiple US federal projects. Broad STIG approval from DISA expected in early 2020.
General Data Protection Regulation (GDPR) that went into effect in May 2018 with the goal of strengthening personal data protection in Europe.
MarkLogic complies with GDPR, and helps customers comply with GDPR.