Skip to main content

Leaky Databases Are a Scourge. MongoDB Is Doing Something About It

MongoDB, a database software provider whose stock has been on a tear recently, just hired its first-ever chief information security officer. The appointment, which came Friday, signals that the company plans to take security more seriously even as it faces stiffened competition from the likes of Amazon and other tech giants.

The new boss is Lena Smart, a Glaswegian cybersecurity professional. Smart formerly held the same title at IPO-bound Tradeweb, a financial services firm that supplies the technology behind certain electronic trading markets. Prior to Tradeweb, she headed security at the New York Power Authority, where she worked for more than a decade. A cellist in her spare time, Smart told me in her Scottish brogue that her priority in the new job will be “knowing what the crown jewels are--that’s our customer data--and making sure that’s always protected.”

People leaving MongoDB and other databases unsecured on the web has been a persistent source of data-leaks over the years. Just this month, a security researcher discovered one such sieve that exposed to public view a trove of sensitive information, including location data, on millions of people in China. The misconfigured repository appears to have originated from SenseNets, a Shenzhen-based company that is likely providing the Chinese government with crowd-surveilling, facial recognition technology to track the country’s muslim Uyghur population. This is just the latest leak example; there are innumerable others.

Despite the frequency of these leaks, the situation seems to be improving. Most of these inadvertent leaks have sprung, in fairness, from people using outdated instances of the company’s so-called community edition software, a free, barer-bones version of the database product. Mark Wheeler, a MongoDB spokesperson, conceded that the 12-year-old company “struggled in its early years to find the right balance with security.” But he avers that updates to the default settings of MongoDB’s software over the past few years, plus key security team hires--including guardians Davi Ottenheimer, Kenn White, and now Smart--are changing the equation.

As Smart’s scope involves securing the totality of MongoDB’s business, the data-spillage issue ultimately falls to her. She says she’ll continue educating customers in best practices when it comes to security. She says she will also aim to imbue the company’s product development process with security, quality assurance, and testing from the earliest stages. If we can get in at the very start” of the software development lifecycle, Smart says, it will “save us time and money and make our products more reliable and secure.”

The leaky database issue is one that extends well beyond MongoDB. It’s also a problem for rivals such as Amazon, particularly its S3 buckets, Elastic, and others. Like so many companies, these database-makers are looking now to shore up their software in the hopes of turning a historical weakness--cybersecurity--into a competitive strength. As Dev Ittycheria, MongoDB’s president and CEO, tells Fortune: making the company’s products as secure as possible “is critical to our business.”

Indeed, it’s critical to MongoDB and, increasingly, every business.

A version of this article first appeared in Cyber Saturday, the weekend edition of Fortune's tech newsletter Data Sheet. Sign up here.



from Fortune https://ift.tt/2FKGqUC
Labels:

Comments

Post a Comment

Popular posts from this blog

Photo finish: Crashing sales force Olympus to sell iconic camera business

Sometimes, the vicissitudes of capitalism force companies to exit the businesses for which they’re best known. Olympus, once a leading light in the photography industry, is now joining that list. On Wednesday, the company said it planned to quit its 84-year-old camera business. The imaging giant, known for its once-pervasive digital cameras, agreed to sell off the declining unit by year’s end. Japan Industrial Partners, a private equity firm best known for buying Sony’s struggling Vaio computer line in 2014, agreed to purchase the business. Terms of the deal were not disclosed. A glance at Olympus’s financial statements provides all the rationale for the divestiture; as at rival manufacturers, camera sales have plummeted over the past decade. For the fiscal year ended March 31, Olympus’s camera unit declined 10% versus the year prior to  ¥43.6 billion, or $407 million. The unit’s sales have collapsed by three-quarters from a decade ago, when the company brought in ¥175 billion, or $
Post a Comment
Read more

WHO says common steroids can slash death risk for the sickest coronavirus patients

Our mission to help you navigate the new normal is fueled by subscribers. To enjoy unlimited access to our journalism,  subscribe today . An old drug can learn new tricks during the coronavirus pandemic. That’s the main takeaway from the World Health Organization (WHO) in a new analysis of corticosteroids—a class of drugs which have existed for dozens of years and are far cheaper than new, experimental COVID treatments in development—suggesting that drugs like dexamethasone can slash the chances of COVID-19 related deaths by as much as 35% in the sickest patients. The WHO analysis of coronavirus drugs encompassed seven separate studies. And while an analysis of this sort—what’s called a “meta-analysis”—isn’t as rigorous as other types of trials like a randomized controlled study, the data are compelling. Corticosteroids have a very different action mechanism from many of the other coronavirus drugs in development. COVID-19 is a peculiar disease. Some who have been infected may be
Post a Comment
Read more