There were a number of high-profile cybersecurity incidents in 2025, particularly in the European manufacturing sector. Data reveals that manufacturing was the number one target for ransomware globally.
Why is this sector so interesting to criminals? The answer lies in the high stakes of industrial operations. Criminal groups target industrial environments to steal intellectual property, paralyze systems via ransomware, or manipulate data to disrupt material management.
Figure 1. Top ransomware victims per sector.
Source: BitSight Trace | State of the Underground (2025)
Operational success now depends on a continuous stream of data flowing from the factory floor to the control level. As telemetry needs grow, manufacturers require systems capable of ingesting massive volumes of real-time information to drive strategic decision-making. MongoDB has become critical infrastructure in this landscape; where its document model offers the flexibility to store diverse data types without schema redesigns. At the same time, its architecture ensures seamless real-time management. However, industrial environments present their own set of challenges to preserve performance while ensuring high security standards.
To navigate these challenges, MongoDB collaborated with HackRTU, a company specializing in industrial cybersecurity services, which has worked in different environments where databases play a fundamental role in the management of industrial processes. Their solid technological knowledge using databases such as MongoDB allows their team to facilitate the deployment of these technologies by applying fine-tuned guidelines to each client and following internationally recognised standards such as those contained in the IEC 62443 family.
In this blog post, Aarón Flecha Menéndez and Víctor Bello Cuevas, HackRTU co-founders, share their expertise on common industrial challenges. They explain how to leverage MongoDB’s built-in security features and, crucially, how to fine-tune these configurations to build resilience against security threats.
Pillars for secure and reliable industrial data systems
Three fundamental pillars define any scalable and reliable technology for the manufacturing sector:
Availability: Systems must ensure information exchange with automatic failover to guarantee production continuity and environment resilience. Some of these requirements are reflected in the IEC 62443 family at the infrastructure level (IEC 62443-3-3), specifically regarding protection against loss of availability. Technologies can support this through mechanisms like MongoDB’s replica set, which directs failover behavior to maintain uptime during outages.
Performance: Increasing telemetry requires technology that handles heavy communications loads with minimal latency. A key advantage in this environment is the ability to automate data retention policies directly within the database. For example, TTL indexes automatically remove aging, non-critical machine data to free up resources for real-time operations.
Integrity: A fundamental pillar of cybersecurity, integrity is well-established in IT but also plays a critical role in specific OT areas. In scenarios like information exchange between an ERP and an industrial environment, a modified product bundle or an altered order quantity creates real operational risks. Consequently, the ability to fine-tune write verification or enforce data structures is essential. Features like Write Concern parameters and Schema Validation options are examples of how technology can address these needs.
MongoDB’s proven capabilities across these three pillars have secured its position in the industrial sector, specifically for environments with the most demanding workflows and security constraints. Its built-in security controls and customizable guardrails reduce risk and ensure compliance while enabling rapid delivery. This reliability is why leading manufacturers trust the platform; for instance, Dongwha leverages MongoDB to centralize smart factory data, achieving real-time visibility and accelerating innovation across their global production lines.
Figure 2. Network diagram illustrating a secure MongoDB deployment as a Historian.
Secure by design: From theory to practice
In a modern manufacturing company, systems like historians, SCADA, and ERP collect and process critical operational data. This information is essential for identifying trends, optimizing production, and making strategic decisions. A cyberattack that compromises these systems could result in significant data loss, undermining years of operational work. That is why it is crucial to incorporate cybersecurity from the design stage by applying security by design principles, fine-tuning deployed technologies, and following network best practices to protect both information and industrial processes.
In the image above, we see a simplified network diagram of an industrial organization. While MongoDB is frequently deployed as the data layer for a Unified Namespace (UNS), this example focuses specifically on its role as a Historian. In this capacity, it collects high-relevance data to fine-tune industrial processes. To secure this architecture effectively, organizations must address four critical focus areas:
Asset inventory: You cannot protect what you cannot see. It’s important to maintain a relatively up-to-date list of both hardware and software assets.
Risk analysis: A detailed assessment is required to identify the "crown jewels" within an industrial process. This enables teams to prioritize recovery strategies effectively during an incident.
OT infrastructure tuning: Legacy OT networks rarely prioritized security during design. Consequently, retrofitting an undocumented network requires careful planning to segment traffic without disrupting production.
Supply chain control: Organizations must validate every actor interacting with their industrial network. Regulations such as the Cyber Resilience Act (CRA) and the NIS2 directive in Europe will act as enablers, driving companies to enforce stricter controls across their vendor ecosystem.
Key hardening practices for MongoDB
The large number of devices deployed in OT environments to support smarter processes increases complexity and risk. As the attack surface expands, hardening the data nodes becomes critical to maintaining a secure perimeter. Whether running in the cloud or on-premises, MongoDB offers robust security capabilities that can be fine-tuned according to your needs. For comprehensive details based on your deployment model you can refer to the MongoDB Atlas Security Whitepaper or the Security Checklist for Self-Managed Deployments.
The following patterns outline essential hardening practices for industrial data systems:
Access control and authentication | Enforce SCRAM-SHA-256 as the minimum standard for password-based access. For industrial assets and machine-to-machine communication, implement x.509 certificate authentication to utilize strong, cryptographic identity verification without managing shared passwords. |
|
|
Network control | Minimize the attack surface by restricting traffic to a strict allowlist of trusted clients. In Atlas, use IP Access Lists or Private Endpoints to isolate the database from the public internet. For Self-Managed deployments, disabled IP forwarding, configure net.bindIp to bind only to private interfaces and enforce strict firewall rules, including disabling direct root SSH access. |
|
|
Encryption in transit | Encrypt all communications between the database, applications, and industrial assets using TLS/SSL. In Atlas, this is enabled by default and cannot be disabled. For Self-Managed deployments, this can be configured. |
|
|
Encryption at rest | Implement AES-256 encryption for data stored on disk. In Atlas, this is enabled by default. For self-managed deployments, enable WiredTiger’s native encryption or use filesystem-level tools (e.g., dm-crypt) to secure data against physical theft. |
|
|
Encryption in use | For highly sensitive data you can use Queryable Encryption or Client-Side Field Level Encryption to encrypt fields in documents application-side prior to transmitting data over the wire to the server. |
|
|
Private encryption key | Store encryption keys in a dedicated Key Management System (KMS) external to the database environment. Keys must be rotated regularly and isolated from the data they protect. |
|
|
System auditing | Enable granular auditing to record administrative actions, authentication events, and data modifications (DDL/DML) for forensic analysis. In Atlas, configure audit filters directly via the UI. For Self-Managed, configure auditing to capture specific events and store logs. |
|
|
These patterns, combined with fine-tuning specific technology and implementing a structure in zones and conduits established by the IEC 62443 family of standards, are a good approach when incorporating the concept of security by design. If it is not possible to apply this from the design stage of an infrastructure because it is already deployed, it is recommended to review the current communications flow and the assets involved.
Strengthening industrial resilience with MongoDB
Adopting technologies with a proven track record is essential for manufacturers aiming to operate at the highest security standards. MongoDB provides this solid foundation, but technology alone is not enough. True resilience requires a commitment to security by design, ensuring that tools are not just deployed but are also fine-tuned to meet the specific demands of industrial environments.
As the industry evolves, these considerations become even more important. Recent analysis highlights how cyber risks grow as manufacturers turn to AI and cloud systems. With a secure data layer in place, organizations can confidently navigate these risks to empower industrial processes to achieve new levels of refinement and efficiency.
Next Steps
MongoDB’s built-in controls reduce risk and ensure compliance, giving you the confidence to innovate. Explore our security capabilities to see how we protect critical assets, and discover how this trusted foundation powers the AI-driven innovation and real-time analytics behind our manufacturing solutions.