Built With MongoDB: Satori Streamlines Secure Data Access
Handling data imposes contradictory responsibilities upon organizations. On one hand, they need to protect data from unauthorized access. On the other hand, they need to extract value from data; otherwise, why collect it in the first place? The contradiction lies in the fact that to extract value from data, you have to grant access to it, but unregulated access to data can lead to its misuse. Data access service provider Satori enables organizations to accelerate their data use by simplifying and automating access policies while helping to ensure compliance with data security and privacy requirements. In addition to being a member of the MongoDB for Startups program, Satori has just added support for MongoDB workloads, so organizations running MongoDB can now take advantage of Satori's secure data access service. Balancing act Despite the immense volume of sensitive personal, financial, or health-related data within most organizations, managing access to that data is often a manual process handled by a small team struggling with other competing interests. Satori chief scientist Ben Herzberg says this task of managing data access at companies is slowing down innovation. "The majority of organizations are still managing access to data in a manual way," Herzberg says. "Everyone is feeling the bottleneck. The data analyst who wants to do their job in a meaningful way just wants to understand what data sets they can use and get access to it fast." Getting access to data can be an uphill battle, however. "Sometimes you have to go through three or four different teams to get access to data," Herzberg says. "It can take a week or two." Meanwhile, the data engineers who are primarily responsible for managing access to data are getting pulled away from their core responsibilities. "This places the company in an uncomfortable position of having time-intensive processes implemented by teams who would prefer to be working on other tasks," Herzberg says. Simple, fast, secure As a data access service, Satori streamlines access to data, accelerates time-to-value, improves engineering productivity, and reduces complexity and operational risk, all while protecting sensitive data and maintaining compliance with relevant data privacy regulations. The first job of protecting sensitive data is identifying it, but according to Satori's research , few companies have a system in place that continuously monitors for and discovers sensitive data. Organizations that do monitor sensitive data typically do so only quarterly or annually. Herzberg says Satori continuously discovers sensitive data as it's being accessed. "As one of our customers said: I want to remain continuously compliant. I want to know where my sensitive data is at all times. We do that," Herzberg says. Data users can request access to data over Slack, the Satori data portal, and through other integrations to get immediate access to data without any engineering effort, changes to infrastructure, schemas, or tables, or creating objects on the database. "When a lot of people want access to data, you need a simple, fast, and secure way to do it without exposing yourself to risk," Herzberg says. Instead of taking days or weeks to process data access requests, with Satori, it takes just minutes. Build the next big thing with MongoDB Satori chose MongoDB early on because of the inherent flexibility of the document data model. "We chose MongoDB to move quickly and without limitations," Satori software engineering manager Oleg Toubenshlak says. "We didn't know what type of data we would be storing or how we might want to extend objects, so we chose MongoDB because of the flexibility of the data model." "MongoDB is a core component of our infrastructure where we keep customer configurations," Toubenshlak says. "We started with MongoDB deployed on-prem and moved to MongoDB Atlas." Toubenshlak cites continuous backups, easy deployment, and scalability as additional Atlas capabilities he finds valuable. "MongoDB allows us to move fast with development so we can focus on other areas. It's very simple in terms of security and network access. In terms of clients, MongoDB Atlas helps us provide extended capabilities in order to map our Java objects to BSON. It's very compatible and does this very quickly. Once we moved to Atlas, all our problems were solved," he says. Toubenshlak also appreciates the help he received as a member of the startup program. "We had startup credits, and we used professional services to make sure everything was configured properly," he says. "Satori is a small cluster for MongoDB, but I'm very surprised at the time investment we've received." The company is also excited about adding MongoDB Atlas to its list of supported platforms. "Adding MongoDB support is very exciting for us," Herzberg says. "We're already working with some design partners in different industries and helping them with their deployment. It's a meaningful step for us in NoSQL databases. We're seeing a lot of traction with existing customers that want to expand their MongoDB deployments and with new customers." If you're running MongoDB and are interested in simplifying data access, visit Satori and set up a demo or test drive. Are you part of a startup and interested in joining the MongoDB for Startups program? Apply now .
Built With MongoDB: Vanta Automates Security and Compliance for Fast-Growing Businesses
Built With MongoDB: Alloy Transforms Ecommerce With No-Code Integrations
Gregg Mojica and Sara Du knew there was a need for simpler integrations with ecommerce platforms because they had experienced it themselves. After becoming friends through the open source community, they started a Shopify store as a side project and became intrigued by the multitude of apps available in the Shopify ecosystem — a large selection of integrations for things like ERP, email and social media marketing, ads, marketing analytics, and more. Mojica and Du also found that stitching together these disparate tools was overly complex and that the tools were not geared toward ecommerce. Their company, Alloy Automation , is a no-code integration solution that integrates with and automates ecommerce services, such as CRM, logistics, subscriptions, and databases. For example, Alloy can automate SMS messages to go out upon reaching fulfillment milestones. It can automatically start a workflow when an event occurs in an online store or in another app, create logic to define whether a follow-up action will be taken, and use conditions like order tags or customer location to set up automated actions that will pull and push data from connected apps. If order status is updated to paid and the total value of order is greater than $100, for example, Alloy Automation can automatically send a text message with a discount for an additional purchase. Alloy is part of the MongoDB for Startups program, and this article looks at how Alloy uses MongoDB and also benefits from the partnership to overcome startup challenges. Jobs to be done Mojica, co-founder and CTO of Alloy, sympathized with merchants that were trying to connect multistage workflows using the limited tools that were available. "A lot of merchants have relatively complex flows," he said. "They're cycling through abandoned carts, checking if certain line items are present, and setting up very aggressive rules that historically you would have to program yourself. But a lot of merchants don't have the operating budget to hire expensive engineers to set up these rules." Mojica applied the knowledge he had gained as an engineer in financial services to address the integration problems he and Du were experiencing as online merchants. Although Alloy was initially focused on solving general ecommerce problems, Mojica says he realized that the tools he was building could apply to more than just ecommerce. "Not only are we solving problems for merchants but also for software and SaaS companies," Mojica said. "Now anybody can build relatively complex automations without having engineering expertise. Alloy can templatize those things and offer them as recipes on our platform – we offer a business facing product called Alloy Embedded that allows anyone to effortlessly connect to our integrations by implementing our SDK. Businesses can get started very easily with just a few lines of code." Early stages Alloy is a Y Combinator company — part of the cohort that was scheduled to demo their products in March 2020, the very moment the world “locked down” because of the COVID-19 pandemic. It still raised $5 million in a seed round , followed by $20 million in Series A funding in February 2022. In that time, the company has expanded its platform to include more than 220 integrations, including MongoDB. Alloy is a member of the MongoDB for Startups program, which provides Atlas credits among other benefits for young companies, and it uses MongoDB Atlas as the underlying database. Mojica cites several reasons for the close partnership between the two companies. "Atlas was the database we chose from the beginning. I personally have used MongoDB before, so I have a certain comfort level, and I was the first person that wrote code in Alloy," Mojica said. "But another big reason why I wanted to use MongoDB is the freeform nature of much of the data that we ingest. We connect over 220 integrations, each one has its own schema, and it's typically in JSON. So having a less structured way to store that information compared with something highly delineated like SQL has been very valuable to us." Growing pains Mojica and Du are acutely aware of the challenges startups face, especially managing technical resources. "We like the fact that MongoDB has really good support, there's built-in monitoring, and backups,” Mojica said. “These things allow you to get going quickly. There's a lot of pressure, especially in the very beginning, to get into Y Combinator. You've got to build the product, get customers, and start your fundraise. That's a lot to do in three months. What you don't want to worry about is all the DevOps stuff." As startups begin to scale, they often become subject to compliance requirements that present new technology hurdles. Alloy went through the compliance process seamlessly thanks to the security capabilities and certifications behind MongoDB Atlas. "We're servicing larger clients and seeing different use cases," Mojica said. "The compliance process involved questions about where we're storing data and if we're in different regions. Once your company is big enough, it's a major concern. Just having SOC 2 certification and making sure we're following all the various data privacy rules is really important. We're effectively an intermediary for customer data, so compliance is really important, like when we are deleting data for GDPR requests. MongoDB Atlas helps us with that. It's SOC 2 certified, and we can deploy in any region on any of the major cloud providers. For us, that meant setting up a Network Peering Connection to our AWS VPC from Atlas. So, from a security and compliance perspective, we know that's all taken care of." Making the MongoDB connection "We added a MongoDB connector to our platform because we were hearing interest from our user base,” Mojica explained. “If you want to integrate with a series of different tools and you're also sending data to MongoDB Atlas, instead of having to build those integrations every time, Alloy already has the infrastructure. You can just connect your system, stream the data, and we handle all the architecture. Something that would normally take weeks or months now takes only a few hours. That's the power of the no-code platform." The Alloy–MongoDB integration includes bidirectional sync. "Your connection with MongoDB Atlas can go both ways,” Mojica added. “You can pull data and you can push data. You can do scheduled workflows once an hour or once a day, make a query, get some data from MongoDB, check if a record was added, and then send the data to another platform or destination. The bidirectional sync is really important, because integration really is the ability to get data, but also push data." Support for startups As a member of the MongoDB for Startups program, Alloy enjoys access to a wide range of resources, including free credits to our best-in-class developer data platform, MongoDB Atlas , and personalized technical advice, among other perks. Alloy leveraged the program from an early stage, as Mojica explained, "The credits were very helpful in the beginning, especially when you're in Y Combinator and don't have a lot of money in the bank. We recently started getting in touch for support. In fact, just knowing that we have support is very valuable." To learn more about Alloy, check out runalloy.com . Are you part of a startup and interested in joining the MongoDB for Startups program? Apply now .
AWS and MongoDB: Partners in Reliable, Resilient Cloud Environments
Security is increasingly critical for application development. While the volume of applications developed, distributed, used, and patched over networks is rapidly expanding, so, too, are cyberattacks and data breaches, many of which happen at the web application layer. As more organizations move to the cloud, it’s imperative for customers to know who’s responsible for what when it comes to security. Understanding these roles and responsibilities is crucial for ensuring cloud workloads remain secure and available. MongoDB and AWS are working together to simplify and strengthen data security for our customers so they can focus on developing great applications and user experiences. For more information on shared responsibility, read the first blog in this series . Shared responsibility in the cloud Back when most IT environments lived on premises, the responsibility of securing the systems and networked devices fell squarely on the owner of the assets — usually the business owner or a managed service provider. Today, with the prevalence of cloud applications, hybrid environments, and pay-as-you-go services, it is often not clear who's responsible for what when it comes to securing those environments, services, and the data they contain. For this reason, the shared responsibility model of cloud security has emerged. Under the shared responsibility model, some security responsibilities fall on the business, some on public cloud providers, and some on the vendors of the cloud services being used. When you deploy a MongoDB Atlas database on AWS, the database is created on infrastructure operated, managed, and controlled by AWS, from the host operating system and virtualization layer down to the physical security of the AWS data centers. MongoDB is responsible for the security and availability of the services we offer — and for everything within the scope of our responsibilities as a SaaS vendor. Customers are responsible for the security of everything above the application layer — accounts, identities, devices, and data — plus the management of the guest operating system, including updates and security patches; associated application software; and the configuration of the AWS-provided security group firewall. (See Figure 1.) Figure 1. Shared responsibility when using MongoDB Atlas. Strategic partners in data solutions MongoDB Chief Information Security Officer Lena Smart delivered a keynote at AWS re:Inforce , an event where security experts offered tips and best practices for securing workloads in the cloud, and was also interviewed by theCUBE . Smart noted how MongoDB and AWS are working together to enable our joint customers to focus more on business objectives while having the confidence in the cloud services and infrastructure they get from us. "You want to worry less about security so that you can focus on application development, performance, availability, business continuity, data management, and access," Smart said. "As the CISO of MongoDB, these concerns are also my top concerns as we work to better serve our global customer base. And we are very appreciative of the opportunity to do this in lockstep with AWS." Jenny Brinkley, Director, AWS Security, agrees that customers stand to benefit through the shared responsibility model. "The shared responsibility model is a huge reason why more customers are deploying in the cloud," Brinkley said. "AWS, combined with marketplace services like MongoDB Atlas, help relieve the customer's operational burden so they can focus on driving their businesses forward." Smart's appearance at the event is just one example of how MongoDB and AWS are working together to deliver scalable data intelligence solutions for enterprise data in the cloud, reduce risk for cloud-native tools, and enable our joint customers to achieve compliance and protect their sensitive data. Thanks to our strategic partnership, organizations around the globe and across a wide range of industries — from banking and airlines to insurance and e-commerce — are better able to discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. MongoDB Atlas is trusted by organizations with highly sensitive workloads because it is secure by default. We're constantly innovating with new, breakthrough technologies, like our industry-first queryable encryption, which allows customers to run rich, expressive queries on fully randomized encrypted data, improving both the development process and the user experience. MongoDB Atlas is designed to be secure by default. Try it for free . MongoDB Atlas (Pay as You Go) is now available in AWS Marketplace — try it today .
How MongoDB Protects Against Supply Chain Vulnerabilities
Software supply chain vulnerabilities became national news in late 2020 with the discovery of the Solar Winds cyberattack. A year later, as if to put an exclamation point on the issue, the Log4j security flaw was discovered. Before these incidents, cybersecurity headlines typically focused on ransomware and phishing attacks, and organizations responded by increasing defensive measures, expanding network security beyond the perimeter, and mandating security awareness training. Protecting organizations from supply chain vulnerabilities, however, is a more complex undertaking. Download Supply Chain Security in MongoDB's Software Development Life Cycle Transparency and testing Few organizations have complete transparency into the software supply chain. The software supply chain includes all components — third-party dependencies, open source scripts, contractors, and other miscellaneous components and drivers — directly involved in developing an application. When dealing with a dozen or more vendors, applications, and service providers, it's hard to know all the elements that comprise your organization's software supply chain. As a backend solutions provider with open source roots, MongoDB is keenly aware of the need for security and transparency in the software supply chain. Long before supply chain vulnerabilities became national news, we implemented numerous safeguards to ensure the security of our products throughout the software development life cycle (SDLC). For example, in the planning stage, we look at our software from an attacker's perspective by trying to find ways to bypass authentication and gain unauthorized access. In the sprint stage, we conduct thousands of CPU hours of tests every week, and we run builds on thousands of compute nodes 24/7 on different combinations of every major hardware platform, operating system, and software language. And in the deployment stage, we perform hundreds of hours of automated testing to ensure correctness on every source code commit. We also invite the MongoDB Community and other third parties to submit reports of bugs found in our products, both open source and enterprise packages. Finally, we conduct periodic bug hunts with rewards for community members who contribute by improving a release. Securing third-party software The area that organizations have the least visibility into is perhaps the use of third-party libraries. Almost all applications use software that was written by someone else. According to some industry estimates, third-party libraries make up between 30% and 90% of typical applications. At MongoDB, all third-party libraries are evaluated and vetted by the security team before being incorporated into MongoDB products. We also use security tools to scan source code, identify known security vulnerabilities, and test against government benchmarks like Common Vulnerability and Exposure (CVE) and Common Weakness Enumeration (CWE), as well as private-entity frameworks like the SANS Institute’s list of software vulnerabilities. If we identify a vulnerability, we use the IETF Responsible Vulnerability Disclosure Process to evaluate and mitigate the issue, communicate with our user base, and perform a postmortem assessment. Details are also published to the MongoDB Alerts page along with release notes and a description of fixes. Using SBOMs To encourage even more transparency within the software supply chain, we've been at the forefront of the push for a software bill of materials (SBOM, pronounced “S-Bomb”). A software bill of materials is a list of ingredients used by an application, including all the libraries and components that make up an application, whether they are third-party, commercial off-the-shelf (COTS), or open source. By providing visibility into all of the individual components and dependencies, SBOMs are seen as a critical tool for improving software supply chain security. MongoDB’s CISO, Lena Smart, recently conducted a panel discussion with a handful of cybersecurity experts on the need for SBOMs in the wake of President Joe Biden’s executive order on supply chain security . Vulnerabilities in software will always exist, and the determination of malicious actors means that some of those vulnerabilities will be exploited. MongoDB believes that secure digital experiences start with secure software development. That means having the proper controls in place, continuously probing for weaknesses, and maintaining transparency in the CI/CD pipeline. For more detailed information, download our white paper Supply Chain Security in MongoDB's Software Development Life Cycle .
Tools for Implementing Zero Trust Security With MongoDB
The practice of protecting IT environments from unauthorized access used to be centered on perimeter security — the strategy of securing the perimeter but allowing unrestricted access inside it. As users became increasingly mobile and IT assets became increasingly dispersed, however, the notion of a network perimeter became obsolete. That strategy has now been replaced by the concept of zero trust. In a zero trust environment, the perimeter is assumed to have been breached. There are no trusted users, and no user or device gains trust simply because of its physical or network location. Every user, device, and connection must be continually verified and audited. MongoDB offers several tools and features for integrating our products into a zero trust environment, including: Security by default Multiple forms of authentication TLS and SSL encryption X.509 security certificates Role-based access control (RBAC) Database authentication logs Encryption for data at rest, in flight, and in use For government customers, MongoDB Atlas for Government is FedRAMP-ready. Security by default MongoDB Atlas clusters do not allow for any connectivity to the internet when they’re first spun up. Each dedicated MongoDB Atlas cluster is deployed in a unique virtual private cloud (VPC) configured to prohibit inbound access. (Free and shared clusters do not support VPCs.) The only way to access these clusters is through the MongoDB Atlas interface. Users can configure IP access lists to allow certain addresses to attempt to authenticate to the database. Without being included on such a list, application servers are unable to access the database. Even the person who sets up the clusters needs to add their IP address to the access list. To find out more about the security measures that protect our cloud-based database, MongoDB Atlas, and the rules governing employee access, read our whitepaper, MongoDB: Capabilities for Use in a Zero Trust Environment . Authentication Customers have several options to allow users to authenticate themselves to a database, including a username and password, LDAP proxy authentication, and Kerberos authentication. All forms of MongoDB support transport layer security (TLS) and SCRAM authentication. They are turned on by default and cannot be disabled. Traffic from clients to MongoDB Atlas is authenticated and encrypted in transit, and traffic between a customer’s internally managed MongoDB nodes is also authenticated and encrypted in transit using TLS. For passwordless authentication, MongoDB offers two different options to support the use of X.509 certificates. The first option, called “easy,” auto-generates the certificates needed to authenticate database users. The “advanced” option is for organizations already using X.509 certificates and that already have a certificate management infrastructure. The advanced option can be combined with LDAPS for authorization. Access infrastructure can only be reached via bastion hosts and by users for whom senior management has approved backend access. These hosts require multifactor authentication and are configured to require SSH keys — not passwords. Logging and auditing MongoDB supports a wide variety of auditing strategies, making it easier to monitor your zero trust environment to ensure that it remains in force and encompasses your database. Administrators can configure MongoDB to log all actions or apply filters to capture only specific events, users, or roles. Role-based auditing lets you log and report activities by specific role, such as userAdmin or dbAdmin, coupled with any roles inherited by each user, rather than having to extract activity for each individual administrator. This approach makes it easier for organizations to enforce end-to-end operational control and maintain the insight necessary for compliance and reporting. The audit log can be written to multiple destinations in a variety of formats, such as to the console and syslog (in JSON) and to a file (JSON or BSON). It can then be loaded to MongoDB and analyzed to identify relevant events. Encryption MongoDB also lets you encrypt data in flight, at rest, or even, with field-level encryption and queryable encryption , in use. For data in motion, all versions of MongoDB support TLS and SSL encryption. For data at rest, MongoDB supports AES-256 encryption, and it can also be configured for FIPS compliance. To encrypt data when it is in use, MongoDB offers client-side field-level encryption , which can be implemented to safeguard data even from database administrators and vendors who otherwise would have access to it. Securing data with client-side field-level encryption allows you to move to managed services in the cloud with greater confidence. The database only works with encrypted fields, and organizations control their own encryption keys, rather than having the database provider manage them. This additional layer of security enforces an even more fine-grained separation of duties between those who use the database and those who administer and manage it. MongoDB Atlas exclusively offers queryable encryption, which allows customers to run rich expressive queries on fully randomized encrypted data with efficiency, improving both the development process and user experience. Organizations are able to protect their business by confidently storing sensitive data and meeting compliance requirements. Zero trust and MongoDB MongoDB is optimally suited for use within a zero trust environment. MongoDB is secure by default and has developed industry-leading capabilities in key areas such as access, authorization, and encryption. Used together, these features help protect the database from outside attackers and internal users who otherwise could gain an unauthorized level of access. For more detailed information about security features in MongoDB, read our whitepaper, MongoDB: Capabilities for Use in a Zero Trust Environment .
Rockets, Rock ’n’ Roll, and Relational Databases — a Look Back at the Year of RDBMS
10 Things We Learned at MongoDB World 2022
When you return to a normal routine after a long break, you find out how much you miss your old routine. After hosting MongoDB World remotely for two years, we were happy to get back to seeing people in person — almost 3,000 of them. Here’s a quick rundown of the top 10 things we learned at MongoDB World 2022. 1. Queryable Encryption was a hit How many times have you been to a concert and the opening act winds up being as good as the band you actually went to see? Queryable Encryption was like that at MongoDB World 2022. While a lot of attendees came to learn about MongoDB Atlas Search or Atlas Serverless Databases , they were equally intrigued by the ability to encrypt data in use and perform rich, expressive queries on encrypted data. This groundbreaking innovation is the result of a collaborative effort between Brown University cryptographer Seny Kamara, his longtime collaborator Tarik Moataz, and MongoDB. 2. Developers are in the driver's seat Starting with the opening keynote by MongoDB CEO Dev Ittycheria, MongoDB World reinforced the notion that developers are the key to the future success and productivity for today’s organizations. “Every product we build, every feature we develop, is all geared toward developer productivity,” Ittycheria said. In fact the entire event centered on powerful new tools that are now available in our developer data platform. In the Partner Promenade, dozens of vendors showed how they’re helping developers become faster and more productive. As Søren Bramer Schmidt, chief architect and founder of Prisma, explained, “New generations of developers are much bigger, and we can invest in better tooling for them. It’s an exciting time to be building tools for developers.” As the world increasingly goes digital, developers will be the key to companies’ success. Services, products, and advancements are inherently tied to the ability of developers to quickly build, iterate, and release. 3. Everyone's data is in motion The volume of data moving to the cloud is unprecedented. In a session titled “Connecting Distributed Data to MongoDB With Confluent,” Joseph Morais, cloud partner solutions architect for Confluent , cited a study that predicted 75% of all databases would be on a cloud platform by 2022. MongoDB senior vice president of product management, Andrew Davidson, said, “MongoDB has really broken through with the MongoDB Relational Migrator at the perfect time, since so many enterprises are accelerating their efforts to get off legacy relational databases and legacy on-premises estates to move to MongoDB Atlas.” 4. Public cloud security is not as easy as some people think While scores of businesses are increasing their cloud footprints with new cloud-native services and applications, securing them is becoming increasingly complex. Steve Walsh, senior solutions architect at MongoDB, gave a session titled “Securing Your Application's Data in the Public Cloud” and cited constantly changing cloud deployments and security policies in multi-cloud environments as reasons why security can be three times more complex in a multi-cloud environment. According to an ITRC study that Walsh cited, failure to configure cloud settings properly caused 30% of data breaches in 2021. MongoDB Atlas is designed to be secure by default , which simplifies the process of restricting access to sensitive data. 5. Ray Kurzweil might be even more prescient than he realizes On Day 3 of MongoDB World 2022, best-selling author, pioneering inventor, and futurist Ray Kurzweil delivered a wide-ranging keynote address covering everything from computational power to vaccine trials to life expectancy and literacy rates. In the address, Kurzweil said it was likely that an AI would pass a Turing test by 2029. Just days later, news reports came out about a Google engineer who’d been fired after claiming that an artificial-intelligence chatbot the company developed had become sentient , though the company dismissed the claims. 6. Attendees were eager to try MongoDB It’s easy to assume that everyone who came to MongoDB World was already using it and wanted to know about new features and capabilities. But in the Learn Booth at the event, plenty of visitors weren't using MongoDB at all — they were there to discover and evaluate. In the Ask the Experts booth, roughly one in 10 people asked about how to prepare to migrate to MongoDB. One of the most common questions we heard was, "How do I convert relational schemas to the document model?" We have tools like Relational Migrator to help with that. We also recommend training for developer and ops teams, including our MongoDB for SQL Pros university course and our Developer-Led Training programs to ramp them up on what makes MongoDB different from SQL. 7. Developer friction comes in many forms The opening keynote address and product announcements set the stage for many of the conversations we had over the next few days. We consistently heard from developers about the friction points that we could help eliminate for them, and how reducing developer friction results in real benefits — apps and services get launched that could not have existed otherwise because of the toll that complexity takes on development teams’ bandwidth. Atlas Serverless databases are going to be a big part of getting those new services off the ground because it’s one less thing developers have to worry about. And the MongoDB CLI allows developers to interact with our services using the method they’re familiar with — especially advanced developers who prefer control and speed over a more visual interface. 8. @MarkLovesTech draws the crowds MongoDB CTO Mark Porter was the center of the action at the event. Wherever he went, a crowd would gather, eager to meet, exchange thoughts, and ask questions. His talks during the Builder’s Fest were standing room only. Mark Porter delivers a short talk on scaling and managing teams at MongoDB World 2022. Photo by Eoin Brazil. 9. Every software company needs custom track jackets Our field marketing team knocked it out of the park with the custom track jacket. After MongoDB CEO Dev Ittycheria debuted the jacket during the Day 1 keynote , it immediately became the most desired piece of swag of the show. A few lucky contestants won their own track jackets during the Builder’s Fest. Developers are either highly fashion-conscious or avid joggers. 10. There's no replacement for in-person gatherings For almost three years, we’ve been getting by with remote events and Zoom calls, but we learned at least two more things from MongoDB World 2022: There’s no replacement for real-life, in-person experiences, and remote interactions actually require a different set of skills. “It is not impossible to talk with people on Zoom. But it requires so much more intentionality,” Mark Porter said. “My takeaway from MongoDB World is making sure that in this new hybrid world, we can talk with people! But even on Zoom, we must become much more focused on the intentionality of talking with them because it is so much different."
Highlights From MongoDB World 2022, Day 3
As we said on Day 1 , MongoDB World is a developer-focused event. And on Day 3, we really set out to prove it. The day got going with a keynote from best-selling author, pioneering inventor, and futurist Ray Kurzweil. His encyclopedic knowledge covers a wide range of topics and subject areas, and his talk was equally broad and freewheeling, touching on everything from computational power to vaccine trials to life expectancy and literacy rates. Kurzweil’s general viewpoint was overwhelmingly positive. He cited global poverty and literacy rates, per capita income, and the spread of democracy as examples of how the world is steadily becoming a better place to live. Not shy of making predictions, Kurzweil anticipates computational power roughly doubling each year, bringing AI ever closer to emulating human intelligence. In fact, he predicts that some AI systems will be able to pass the Turing test by 2029. And he sees humans eventually connecting directly to AI systems, expanding our emotional and intellectual intelligence far beyond our current state. He refers to this eventuality as the “ singularity ” and with it, human life will be changed forever. Minds were blown, but not so much that the developers in attendance weren’t ready to get down to doing what they love to do: building apps and writing code. Immediately after the keynote, Builder’s Fest kicked into gear in the Partner Promenade. The floor of the Jacob Javits Center was transformed by dozens of pods where MongoDB experts, partners, and customers gave hands-on tutorials showing how their services and applications integrated with the MongoDB developer data platform. Booming over the main sound system was a super-sized, four-person Mario Kart battle royale, where the victors won prizes like a Nintendo Switch. Another pod hosted a Price is Right–style game show, The Database is Right, where contestants drawn from the audience answered trivia questions about MongoDB, document databases, and database functions. Adjacent to the Bob Barker cosplay, MongoDB senior product manager Rob Walters gave an eager audience a live demo of how to configure the MongoDB Connector for Apache Kafka to use MongoDB as a source or a sink. Our Kafka connector enables developers to build robust, reactive data pipelines that stream events between applications and services in real time. Over on the Google Cloud Coding Stage, four developers competed to see who could build the closest version of the Google homepage in 20 minutes — without previewing their work. The blind coding test resulted in some fairly primitive approximations of the real thing, but all four contestants were praised for their high pressure creations. The winner of each round took home a limited edition MongoDB track jacket. MongoDB CTO Mark Porter joined in a number of Builder’s Fest activities, delivered several short talks, and often drew a crowd for impromptu Q&A. At one point he gave a “Chaos Presentation” — an improvised talk guided by randomly selected imagery — about the outages that inevitably occur in the public cloud, despite the exceptionally resilient infrastructures and high service levels. “Mirror image is an illusion,” Porter said. “A laptop is not staging, staging is not production, and production is not production.” Different regions have different hardware and configuration patterns that can build up over time, he said. “Staging has had far more rollbacks than production,” he said. “Find weaknesses in your architecture by doing post-mortems after an outage. Make staging environments reproducible by blowing them away from time to time. By making staging more predictable, over the course of a few years, you can make production more predictable.” In response to an audience question about what’s more important, implementing a culture of committing to rollbacks or automating it, he said, “The culture of rollbacks is what’s important, but at scale — meaning a couple thousand engineers — culture won’t be enough. You’ll need to automate some of it. But make it so rollbacks are not a bad thing.” A few pods over, developer advocate from Prisma , Sabine Adams, gave a talk entitled, “Giving MongoDB Guardrails.” His talk included step-by-step instructions, using the brand new MongoDB Atlas CLI , on how to ensure data consistency by providing an easy-to-read schema and a type-safe database client. First, he set up a MongoDB cluster in the CLI, then he initialized a TypeScript project with Prisma to model the data, and then used the Prisma CLI to create and retrieve some data. The Prisma client provides an API for reading data in MongoDB, including filters, pagination, ordering, and relational queries for embedded documents. If you want more highlights about MongoDB World 2022, read our Day One and Day Two recaps. For all those who attended the event, we’re happy you made it. For anyone who missed it, we hope to see you at next year's event.
Highlights From MongoDB World 2022, Day 2
Day Two of MongoDB World 2022 was all about the breakout sessions — more than 80 were on tap for the day. Things kicked off shortly after 8 a.m. with a discussion on empowering women and other underrepresented groups in the workplace, held in the IDEA Lounge . The 9 a.m. slot was packed with 10 sessions that ranged from building a sustainable ecosystem to the principles of data modeling to using Rust to build applications. Steve Westgarth, senior director of engineering at GSK (formerly GlaxoSmithKline) dove into the weighty topic of morality in the digital world and what developers ought to do when the software they build leads to unintended consequences. All too often, there’s immense pressure to release MVPs early — before all potential vulnerabilities have been vetted. Westgarth’s session sprang from a rhetorical question: “Do we as engineers have an ethical and moral responsibility to anticipate unintended consequences and how much personal responsibility should an individual take to ensure ethical management of data?” His discussion answered that with a Yes — developers do have to weigh the risk of unintended consequences, such as data breaches, versus the desire to maximize market opportunity. Westgarth urged developers to ask themselves what the unintended consequences are of the software they have in production, and to raise awareness of these issues in their organizations. A 15-minute lightning talk followed, with a session name that made it a popular draw for fans of worst-case scenarios: “Strange Cases From the Field.” Adam Schwartz, MongoDB director of technical services in EMEA, walked attendees through some especially challenging real-life technical support stories. He gave a detailed account of such curious cases as The Mistaken Hypotheses and The Unsuccessful Mitigations, and shared lessons he learned during years in the trenches as a support specialist. Closing on a positive note, he assured attendees that problem cases are rare, most cases have straightforward solutions, and exceptional cases are always a learning experience. Day One saw Mark Porter announce the MongoDB Relational Migrator , including a live demo of the product. On Day Two, lead product manager Tom Hollander did a deep dive into use cases, justifications, and future capabilities for the tool. MongoDB Relational Migrator imports and analyzes relational database schemas, maps them to an appropriate MongoDB schema, and transforms and migrates the data into MongoDB. Hollander said organizations can experience a 3x to 5x increase in development velocity and up to 70% in cost reductions by migrating away from relational models in favor of a more modern deployment such as MongoDB Atlas . Hollander said he anticipates future capabilities to include continuous replication, Kafka integration, application code generation, schema recommendations, and more. One company thriving in its legacy modernization efforts is Vodafone. The global head of engineering and transformation, Felipe Canedo, described Vodafone’s transition from a traditional telecommunications company to a Telco-as-a-Service (TaaS) provider. At the core of this transition was the creation of a scalable and open platform for the company’s engineers to innovate with complete freedom and flexibility. Canedo said Vodafone chose MongoDB because of its security, cloud-native high availability, support for multi-region and multi-cloud deployments, agile delivery, professional services, and ease of integration. The ultimate goal, Canedo said, was to provide Vodafone engineers with the best software experience possible. Day One also saw MongoDB CPO Sahir Azam announce the general availability of MongoDB Atlas serverless instances . On Day Two, MongoDB advisory solutions architect Carlos Castro gave a live demo of deploying a serverless database. In 15 minutes, starting from the Atlas dashboard, Castro took the audience step-by-step through the process of selecting a cloud provider, spinning up the instance, creating an app service, authentication, and users, and then setting up rules to allow users to access data on the instance. Serverless instances always run the latest version of Atlas, include always-on security, and enable customers to only pay for operations they run. Day Two also featured several discussions with leading experts and MongoDB partners. MongoDB senior vice president, product management, Andrew Davidson hosted a panel with three leaders in the effort to close the Developer Experience Gap : Peggy Rayzis, senior director of developer experience for Apollo GraphQL; Lee Robinson, director of developer relations for Vercel; and Søren Bramer Schmidt, chief architect and founder for Prisma. Rayzis cited Apollo’s supergraph as one way it's helping developers be more productive by unlocking their flow state. “When you’re in that flow state, you’re writing better code, making better decisions, and developing better value for consumers,” she said. Schmidt pointed out how the newest generation of developers stand to benefit the most from the proliferation of developer tools. “New generations of developers are much bigger and we can invest in better tooling for them,” Schmidt said. “It’s an exciting time to be building tools for developers.” Lee emphasized the important role the open source community plays in these tools. “People hear about Vercel through Next.js,” Lee said, “and we invest to give back to the open source community.” As gratifying and fun the first two days of World were, we really have something special in store for Day Three. It kicks off with a final keynote address by best-selling author, pioneering inventor, and futurist Ray Kurzweil. Day Three also features our Builder’s Fest , where even MongoDB CTO Mark Porter is expected to lend his considerable expertise to a few promising projects. With live game shows, chaos presentations, nerd battles and more, MongoDB World 2022 will finish on a high note. Check back tomorrow for more highlights from MongoDB World 2022.
Highlights from MongoDB World 2022, Day 1
MongoDB World is back in person at New York’s Jacob Javits Center after a three-year hiatus. Day One featured a jam-packed schedule of educational sessions, live tutorials, customer stories, and product announcements for a crowd of nearly 2,700 developers and IT professionals. The developer-focused conference got off to an early start with breakout sessions beginning at 8 a.m. Three sessions were on tap: an introduction to data modeling with MongoDB, a primer on MongoDB Atlas Search , and a tutorial on getting started with MongoDB Atlas . In that tutorial, MongoDB solution architect Tom Gleitsmann explained how, out of all the challenges developers face on a daily basis, the common denominator is friction. Gleitsmann gave a crisp and informative summary of MongoDB Atlas features that were engineered specifically to reduce the amount of friction developers face, including ease of deployment, security by default, data visualization, the Performance Advisor , alerts, and backup scheduling, to name a few. The early-morning sessions were followed by a keynote delivered by MongoDB CEO Dev Ittycheria and Chief Product Officer Sahir Azam celebrating the company’s rapid growth, setting out a vision for its future, and highlighting several of its customers. The executives were joined on stage by Vercel founder and CEO Guillermo Rauch, Wells Fargo head of digital enablement Catherine Li, Avalara VP of software engineering John Jemseck, and several MongoDB product experts, each providing insight into the latest enhancements to MongoDB. The biggest reveal, though, was a new vision for MongoDB Atlas and the products that work seamlessly with it, such as Atlas Search and Atlas Data Federation . “We believe that developers want to build on a modern data model that's designed to the way they think and the way they code,” Ittycheria said. “And we also believe that developers want an elegant developer experience that makes their lives so much easier. And they want all this in one unified platform. What they need is a developer data platform.” After the morning keynote, sessions ran back-to-back until lunch. They ranged from quick, 15-minute “chalk talks” to hour-plus deep dives. In one, MongoDB software engineer James Wang gave a hands-on tutorial on using our data visualization tool, MongoDB Atlas Charts , which is fully integrated with MongoDB Atlas. Wang showed how easy it is to link data sources in just a few clicks. Using a fictitious company, he demonstrated step-by-step how to embed data visualization via code snippets and an SDK, share the data with others using a public link, filter data inside the admin web page, and restrict access to authorized users. Attendees followed along on their own laptops and were quickly able to replicate the visualizations. In another talk, Keller Williams’ senior architect Jim McClarty shared some of the real-world impact of Atlas — how it has accelerated the real estate firm’s ability to innovate its applications, how essential Atlas Search is in their applications, and how Charts has become “the best hidden feature in Atlas.” Attendees shuttled from room to room like they had places to go and people to meet, which they did. MongoDB principal, industry solutions, Felix Reichenback took attendees through mobile sync and why developers often waste tons of time trying to build their own sync tool that fails to handle conflict resolution because of the intermittent nature of mobile connections. Next, Michael van der Haven, VP at consulting giant CGI and expert in cloud-native platforms, explained how he helped the energy industry’s open source architecture group, OSDU, migrate away from Elasticsearch, simplify its architecture by removing memory-intensive indexes, and reduce OPEX by six figures using MongoDB Atlas. After lunch, MongoDB CTO Mark Porter gave an energetic keynote, announcing several more new products and features, including the new MongoDB Atlas CLI , the general availability of the Data API , and, perhaps our biggest announcement of the day, Queryable Encryption , which allows users to search their databases while sensitive data stays encrypted. Available in preview, Queryable Encryption offers a big step forward in protecting sensitive data. Porter gave personal anecdotes illustrating many of the hurdles developers have to overcome that have nothing to do with building software, such as rigid and fragile relational databases, and working with SQL, a language that developers early in their careers or fresh out of school have no desire to work with. Porter’s keynote address included a live demo of the Relational Migrator, which, while risky to perform in front of an audience, went off flawlessly. Meanwhile, a series of events kept the IDEA Lounge a lively place, including a great panel discussion called Our Journey: Being Black in Tech. And a floor below the workshops, more than a dozen MongoDB partners demonstrated their platforms and related products — including many of the companies named MongoDB Partners of the Year . The schedule for Day 2 is equally packed, with more than 80 sessions that include partner showcases, strange cases from the field, book club sessions, more deep dives into product announcements and tutorials, and talks on diversity, equity, and inclusion. In the afternoon, MongoDB celebrates Pride with food, drinks, and entertainment at the historic Stonewall Inn. And MongoDB World 2022’s biggest event happens at the end of the day — “The Party,” featuring music from The Midnight and Don Diablo, as well as retro arcade games and an open bar. Check back tomorrow for more highlights from MongoDB World 2022.
Closing the Developer Experience Gap: MongoDB World Announcements
Now is a great time to be a software developer or architect. Never have there been so many solutions, vendors, and architectural patterns to choose from as you build new applications and features. But the sheer number of choices creates another puzzle for developers to solve before they can begin to build. Many of MongoDB’s efforts over the past year have been to help address the needs of the developer communities we serve, and one of the greatest needs we’ve seen in developer communities is improving the experience of being a developer. At MongoDB World 2022, we announced several tools to help improve that experience and to boost developer velocity: Atlas Data API — A serverless API that lets you easily access your Atlas data from any environment that supports HTTPS requests, including services like AWS Lambda and Google App Services. The Atlas Data API is fully functional upon generation, language-agnostic, and secure from the start. Serverless instances — With MongoDB serverless instances, developers don’t have to worry about scaling up to meet increasing workloads or paying for resources they’re not using if their workload is idle. The serverless model dynamically uses only what it needs — and only charges for what it uses. Atlas CLI — The MongoDB Atlas CLI is a completely new way to access Atlas in a non-GUI-centered environment. CLIs are often the interaction method of choice by developers, especially advanced developers who prefer control and speed over a more visual interface. Our new CLI gives these developers an easier registration experience with nearly instant free tier deployments in Atlas. Time series — We have expanded our data platform so developers can work more easily with time series data in support of IoT use cases, financial analytics, logistics, and more. MongoDB time series makes it faster and lower cost to build and run time series applications by natively supporting the entire time series data lifecycle. Facets in Atlas Search — Categorize data with facets for fast, filtered search results. With facets in Atlas Search, you can index your data to map fields to categories, then quickly update query results based on the ones relevant to your users. Verified Solutions — The MongoDB Verified Solutions program gives developers the confidence to use third-party tools, such as Mongoose, by guaranteeing comprehensive testing of the tools as well as a base level of support from MongoDB Technical Services. Change streams — Change streams enable developers to build real-time, event-driven applications that react to data changes as they happen. This allows them to build more complex features and better end-user experiences. The paradox of choice for developers Developers today have no shortage of tools to work with, but the abundance of options is itself a problem. And when there’s little or no central decision-making, developers are forced to figure out how to stitch together a patchwork of technology solutions to create the seamless user experiences that consumers have come to expect. Developers had fewer choices when applications were built on a three-tier framework composed of a relational database, a J2EE stack, and an app or web server. Since then, however, application development has fragmented into different architectures, SDKs, and cloud services, leaving developers many more patterns to figure out. On top of that, the rise of DevOps has increased the pressure on developers to build and maintain the tools they’re working with, and serious development shops often take pride in building their own toolchains, backends, and databases. Put it all together — the abundance of choices, the patchwork nature of solutions, the pressure to build and maintain toolchains, and the glue code keeping it all together — and it adds up to more cognitive load, elevated stress levels, and a lengthening of time to value. As Stephen O’Grady from analyst firm RedMonk explains , “Developers are forced to borrow time from writing code and redirect it toward managing the issues associated with highly complex, multifactor developer toolchains held together in places by duct tape and baling wire. This, then, is the developer experience gap.” Having a lot of options is a good thing — until it’s not. One way we’re working to unwind the paradox of choice is by providing tools that exist in the same form whether in the cloud or on the client — that is, solutions that integrate with the way developers already work. This could mean plugging into a CLI first, abstracting provisioning, simplifying and securing the data layer so developers don’t have to worry about it, and unlocking the creativity of developers with a data model that maps to how data is actually going to be used. We’re also enabling developers to access the tools they need from within MongoDB without having to integrate myriad bolt-on tools (i.e., the paradox of choice). Building at velocity The key to unlocking developer productivity, as we see it, is giving developers the building blocks they need to create a whole workload from scratch, or to bring a new workload into their ecosystem — be it time-series, search, or analytics — and have them run on a single platform instead of having to stitch together disparate systems. Our goal is to bring a modern data layer to modern applications. We want to bring that experience to more and more of what you work on. We know that modern applications have complicated data requirements, but that shouldn’t mean complicated data infrastructure. We want to serve most of your workloads with a single unified platform. Learn more about MongoDB World 2022 announcements at mongodb.com/new and in these stories: 5 New Analytics Features to Accelerate Insights and Automate Decision-Making 4 New MongoDB Features to Improve Security and Operations Streamline, Simplify, Accelerate: New MongoDB Features Reduce Complexity