How to do a complete security audit of your Mongo Cloud account

Riyaz Walikar
Feature image


MongoDB is an open-source document-oriented database. It is used to store a larger amount of data and also allows you to work with that data. It is a cloud service with data distribution and mobility across AWS, Azure, and Google Cloud, built-in automation for resources and workload optimization. As it deals with important data of an organization or application there must be systematic evaluation of the company’s information system to confirm the security of the systems physical configuration and environment, software, information handling processes and user practices.

A security audit is a systematic evaluation of the security of a company’s information system by measuring how well it confirms an established set of criteria. Security audit is required since MongoDB Cloud is an integral part of the infrastructure and is essential to keep it secure.

Checklist For Mongo Cloud Audit

  1. Verifying the number of clusters present in an organization.

    A sharded cluster in MongoDB is a collection of datasets distributed across many shards (servers) in order to achieve horizontal scalability and better performance in read and write operations.


  1. List all the users present in the individual projects.


  1. Database users and their permissions in Production projects. The permissions should be given according to the requirement of an individual user.


  1. To check users having access to Network Access. This is the list of IPs/Security groups whitelisted for access to the clusters in the projects.


  1. Check the Realm apps connected to Database

    The apps are being used for taking actions based on different events in the database. The apps directly interact with the database and there are functions written to perform this activity which are executed based on triggers.


  1. Third Party Services integration in Realm Apps


  1. List the unused Third-Party services in Realm Apps


  1. List the Users having access to the Realm app. Among all the users present for Realm application, the user which is currently in Enabled state will have the devices configured.The following should be verified,

    1. Team members who have access to these credentials
    2. Devices that have current session
    3. Team members who have access to the current devices



Mongo Cloud is a service which provides an organization or an application to manage the data. It is important to maintain the security of Mongo Cloud as the data which is stored is critical. Therefore it is required to verify any actions or the entities that performed certain actions and monitor the changes made to the Mongo Cloud on a regular basis through the security Audit.

← Back to Academy