Security and compliance are a challenging part of every data resilience strategy due to a constantly evolving landscape. Think about your own organization. What challenges have you faced? Regulations change, new threats emerge, and what was compliant last year might not meet today's standards. Organizations have to protect their data from loss and downtime, but also ensure it remains secure and meets regulatory requirements during normal operations and throughout the recovery process. In this video, we'll explore some of the common threats that put your data at risk and the industry regulations designed to protect against them. Then we'll show you exactly how MongoDB Atlas features help you tackle these challenges head on, all while keeping you compliant with regulations and your data secure. Before we dive into security features, let's talk about compliance. Compliance is the following of established rules and standards for data security, privacy, and storage. Depending on your industry, you may face strict regulatory requirements to safeguard against data loss and cyber attacks. Regulatory frameworks like these typically require you to implement specific controls around backup policies, recovery testing, audit trails, and incident response procedures. Compliance requirements help shape a stronger data resilience strategy by defining clear standards for how you protect, monitor, and recover your data. Whether your compliance needs are mandatory or voluntary, MongoDB Atlas provides the tools to demonstrate adherence to regulatory standards while protecting your data from loss and unauthorized access. While compliance tells you what you need to protect and to what standard, security provides the how, the actual tools and practices to achieve that protection. The moment you set up a MongoDB Atlas cluster, you're protected by default from many cyber threats by built in security features. Every connection to your database uses encryption and transit, which means your data is unreadable for unauthorized parties as it travels from your application to the server. Atlas also encrypts all your data at rest, meaning everything stored in your cluster and backups is encrypted automatically. You don't have to configure anything. This secure by default stance ensures your baseline compliance is met from day one. For organizations with stricter security needs, like those in healthcare, finance, or education, Atlas offers advanced options for encryption at rest. You can use a bring your own key or BYOK approach with customer key management through AWS Key Management Service, Azure Key Vault, or Google Cloud KMS. When combined with strong security policies for passwords and access control, this level of encryption helps you meet compliance standards like HIPAA, PCI DSS, and GDPR. For more information on how to enable this feature, check out our skill on encryption at rest. Beyond protecting data at rest or in transit, MongoDB provides advanced data and use encryption features like client side field level encryption and queryable encryption. These let you encrypt sensitive data in your application before it ever leaves for the database. But security isn't just about encrypting your data. It's also about controlling who has access to your data. At the organization level, Atlas resource policies help you control how resources are configured in the first place. By defining rules in the cedar policy language (https://www.cedarpolicy.com/) with the Atlas Admin API or in the Atlas UI, like this example, you can ensure that every cluster and project meets compliance requirements. For example, here we're preventing a user from creating or editing a cluster in a specified region. MongoDB Atlas also lets you set up an IP access list, which acts like a guest list for your database. Only IP addresses you explicitly trust can connect to your cluster, blocking everyone else at the door. You can also use private endpoints to establish secure connections between your cloud provider and Atlas without traversing public networks. Both are simple but powerful ways to prevent unauthorized access attempts. While cyber attacks often dominate the conversation around threats to data resiliency, it's equally important to address the risks posed by human error and malicious actions from internal bad actors, which can undermine even the most robust security measures. Role based access control, or RBAC, is your first line of defense against unauthorized access risks. RBAC allows you to define granular permissions for users and applications, ensuring that team members only have access to the data and operations they need for their role. By limiting who can perform sensitive actions, like deleting databases or modifying configurations, you significantly reduce the risk of both accidental and intentional damage. For more information on authentication and authorization techniques, check out our skill on securing MongoDB Atlas. Another safeguard against destructive mistakes is termination protection, which prevents the accidental deletion of production clusters. If you enable this feature in your cluster's configuration settings, when someone tries to delete a protected cluster through the UI, API, or infrastructure as code tools, they'll be blocked and prompted to disable protection first. Even with Atlas's comprehensive security features, there's still a challenge many organizations face. Data regulations aren't universal. They vary significantly by region. What works for compliance in one location might not in another. For example, GDPR mandates that EU citizen data must be stored within the European Union. This creates complexity when you're operating globally. MongoDB Atlas addresses these challenges through multi cloud clusters that support data sovereignty. You can deploy your database and backups across specific regions and cloud providers to meet local regulations. As we've seen, Atlas provides automated encryption, data at rest protection, and region specific configurations to maintain compliance seamlessly. While we've seen how workload isolation prevents resource contention, it is also a powerful tool for security and compliance. In a resilient architecture, isolation allows you to constrain sensitive data operations like PII processing or financial auditing to dedicated nodes in specific geographic regions. By keeping these high risk workloads physically and logically separate from your general production traffic, you reduce vulnerability to threats and satisfy strict data sovereignty requirements without compromising the rest of your environment. With all of these features working in harmony, MongoDB Atlas takes the complexity out of keeping your data safe and meeting regulatory requirements. Let's quickly recap what we covered in this video. Security and compliance are fundamental pillars of data resilience, working together to keep your data safe, accessible, and legally protected. As cyber attacks are on the rise, MongoDB Atlas provides certain encryption features by default that help to protect your data, as well as additional features like queryable encryption in cases where more security is required. Other Atlas features like cluster termination protection and role based access control can help protect against mistakes or bad actors. Finally, if you need to comply with certain regulations, Atlas provides data sovereignty support with multi cloud clusters and workload isolation. Compliance also usually involves a backup and recovery strategy. We'll cover this in the next video. To learn more about security best practices and how to implement the strategies covered in this video, check out the security skill badges at MongoDB University.