It’s not every day that an organisation like ANFSI, the digital agency for France’s internal security forces, comes to MongoDB with a three month deadline to fully migrate to its database – and almost zero experience with the software. 

But Jose Nunes, who runs a mobile security specialist team supporting the French police and other agencies, was under pressure to move applications of an existing, legacy private cloud environment and refactor for more modern platforms.

His instinct was to prioritise open-source – not least because his lean team of “around a dozen people” does not have a huge budget either: "Many developers look for new technologies, we’re ‘geeks!’ he admits. "If we see that this technology adds value, we try to implement it.”

José, for security reasons, won’t talk in detail about the nature of the environment that he had to migrate, other than to highlight that it involved large amounts of data from forces on the move, often from mobile devices. 

But that curious mindset and desire to innovate led his team to MongoDB. It ticked an open-source, scalable and easy to use box. Some swift testing later, they knew it was where they wanted to land – and although they were going to run it on-premises, they needed help architecting and optimising. 

Bespoke guidance 

As a Senior Consulting Architect at MongoDB, Professional Services team, Xuelan Sun oversees around 50 projects a year.

He’s rarely seen a successful migration of such a critical application in such a tight timeframe: “On top of that, it’s a project with a fairly high level of confidentiality. It wasn’t easy,” Xuelan tells The Stack.

But ANSFI’s desire to work in close partnership and willingness to learn and innovate fast helped hugely.

Sun says: “The first thing we identified that could benefit the team and the project was that we provide customised training – not just sharing good practice and then letting our client fend for themselves. Our team’s value lies in being a strategic partner, enabling our clients to implement MongoDB solutions as efficiently as possible.” 

See also: "Everyone was laughing: Now they take us more seriously..." Europe’s biggest retailer turns cloud provider

“[In this customised training] we share real feedback, we do real, concrete, practical exercises and above all, have a constant dialogue with all the trainees about their existing technical challenges at the time – that meant that after just two weeks of training, we were able to go straight into the project phase.”

José, who oversaw the project for ANFSI, agrees: “All the training provided beforehand was designed according to our needs, our infrastructure and our knowledge. It enabled us to feel much more at ease with this technology. We didn’t work through it by trial and error; we quickly knew what we’re doing.”

“The major advantage we had with MongoDB was upskilling… this has allowed us to think differently with regard to later projects,” said Nunes. He highlights both the resilience and the security lessons his team learned on the project. 

Olympics robustness test

In the build-up to the 2024 Paris Olympics, the team at ANFSI were tasked with ensuring that, in the event of an attack, their digital infrastructure was as robust as possible. The requirement was stark; could ANFSI destroy the application and its databases and restore it – at pace and under huge pressure? 

Using some homegrown internal tools, alongside MongoDB’s Ops Manager tool, they were able to mimic an attack and then restore all infrastructure in around 30 minutes. Strikingly, they did this “in production”.

“You’re either a risk-taker or you’re not,” said Nunes. “The advantage is that we are now relatively calm about technical problems. We can destroy it and restore it easily, so there’s now a level of calmness in relation to technology.”

See also: MongoDB eyes "Java apps running on Oracle”

MongoDB’s Ops Manager has become an important part of its management. (Ops Manager is the self-hosted management platform that enables you to deploy, monitor, back up, and scale MongoDB on your own infrastructure.) 

And MongoDB’s Sun is impressed with how they grasped it: “In a private cloud, admins like José have to configure the tool themselves. It’s not just deploying on a few machines… you have to prepare all the levels, from infrastructure level, followed by tool level, then the database, the application level, schema design. Good practices have to be applied at all levels; you really have to have almost 100% control. 

“That’s how José was able to disassemble and restore and automate all the solutions, to be really ready to withstand attacks…” he says, clearly impressed.

Top-level encryption

ANSFI also needed encryption at all stages of the data journey. 

During the working relationship with MongoDB, the French security team discovered MongoDB’s Queryable Encryption and were keen to deploy it.

This lets them:

  • Encrypt sensitive data fields from the client-side.
  • Store sensitive data fields as fully non-deterministically encrypted data on the database server-side.
  • Run expressive queries on the encrypted data.
  • Always blind the database server and its administrators to the stored data and queries.

Nunes is amusingly blunt about this: “At the start, when we went with MongoDB, that wasn't our goal. We didn’t even know about its encryption features. The idea was to have scalable infrastructure… but as we gained confidence in MongoDB we discovered queryable encryption, which lets us encrypt information in a database without it having access to the decryption key…”

This means that in the unlikely event that ANFSI is breached and the attacker gains access to the agency’s systems, they still wouldn’t be able to access the encrypted data.

“We can encrypt certain fields that are sensitive such as a person’s identity, social security number and health information,” adds Sun – although the team doesn’t want to talk in more detail about the precise deployment. 

Nunes and his colleagues at ANFSI still use open source solutions for some applications, with modifications. But Nunes is clearly impressed by the partnership: “We rarely work with software publishers,” he admits.

“But now we are using MongoDB in other projects, because it’s easy for us, we have upskilled… And if you want something secure, robust and managed, there’s no mystery: go through a software publisher and [get] its experts’ support,” concludes Nunes. “MongoDB has been there for us in this respect. It does the job perfectly.”

Delivered in partnership with MongoDB

The link has been copied!