In today's world of ever-evolving cloud technology, many organizations are struggling to effectively manage data access. From companies that have no access policies in place and allow anyone to access any data, to those that have an existing solution but it's only on-premises, there's a desperate need for cloud-based access management.
Apono is an easy-to-use platform that allows centralized access management, removing the trouble of having to depend on a single person to control access to the data. Apono brings reliable access management to the cloud, providing organizations with the security they need to protect their valuable information. And, as a member of the MongoDB for Startups program, Apono is accelerating its evolution as it seeks to expand its capabilities and its offering. MongoDB for Startups offers free MongoDB Atlas credits, one-on-one technical advice, co-marketing opportunities, and access to our vast partner network.
Access that's as granular as you need it
As organizations work to find the right balance of granular data access, they've often relied on a combination of workflow builders to make it happen. The way this often plays out is that just one person becomes the de facto expert in managing this system, leaving everyone else in the dark. And when they're gone, so is the expertise for managing ongoing access.
Apono is a go-to solution for securely managing access to the most confidential and sensitive cloud resources businesses possess, from production environments to applications. It simplifies database access management across all three major cloud providers.
A lot of database access management solutions only help with cluster access management, self-hosted databases, or cloud databases — but rarely not all of them. Apono enables organizations to manage access to database solutions whether they are self-hosted or in the cloud.
Apono enables highly granular permissions, going beyond granting access to a cluster. It allows you to manage access to individual databases. In MongoDB Atlas, Apono goes as far as allowing you to manage access to individual collections. Apono is unique in its ability to offer that level of granular access management.
Simplified and streamlined user experience
From restricting read and write access to granting temporary permissions, Apono makes it easy for administrators to manage the entire process with a few clicks. According to the company's own internal data, about 80% of administrators are able to create access flows without any help in under two minutes. It's a very intuitive solution that also gives you full visibility into who is accessing or requesting access to resources and for how long.
Administrators can choose how they want to interact with the Apono UX. They can use the intuitive administrator portal, the command line interface (CLI), Terraform, or the Apono API. From an end-user standpoint, Apono supports Slack, Teams, CLI, and a web portal with time-saving administrative features like request again and favorites. Additional time-savers include the ability to automate much of the process of granting permissions. Surprisingly, many organizations still handle permissions on an ad hoc basis through informal, one-off requests over text or email. Apono enables administrators to automate access flows, which not only saves time but is also more secure because it reduces the likelihood that someone will assign the wrong permission to a person or group by mistake.
Apono also makes it easy to conduct access reviews, which are often required for regulatory purposes. These reviews can also be scheduled and automated so that reports are automatically shared with the stakeholders who need them.
The security perimeter in the age of the cloud
Back when most systems were primarily on-prem, it was critical to set up a security perimeter that limited access to anything behind the network firewall. Today, with remote work, cloud architectures, and the proliferation of edge devices, there is no longer one single firewall. Rather, identity has become the new security perimeter.
"People work from anywhere, any IP, any device, even their phones. So it's becoming increasingly important to make sure that users have just the right amount of privileges," says Sharon Kisluk, Lead Product Manager at Apono. "If I give someone standing admin access to a cluster, what happens if they destroy the entire cluster by accident?"
To prevent data loss due to human error or incorrect permissions, Apono works under the principle of least privilege, which means that any user or operation is allowed to access only the information and resources that are necessary for its legitimate purpose. That's why, out of the box, Apono gives you the ability to restrict all access to critical production environments.
Multi-cloud access control
The maturity of today's cloud computing has led to a large majority — around 87% — of companies to deploy to multiple cloud environments. Like MongoDB Atlas, Apono is available on all three major cloud platforms: AWS, Google Cloud, and Microsoft Azure. Also like MongoDB Atlas, Apono supports self-hosted Kubernetes.
"We realized that people hate working with so many different role-based access control systems," says Kisluk. "Each system has its own user management. If you create policies or permissions in AWS, you have to do the same thing in Google Cloud and Azure if you're multi-cloud, and then you have to do the same thing for the databases."
With Apono, you can create access flow bundles, which is a role abstraction that works across systems. For example, you can create a role called, "prod access" that enables you to access production databases and grant permission to only those who require access to those systems. And any system that's tagged as a production system will inherit those permissions, even if they're hosted by different cloud providers. Using MongoDB Atlas combined with Apono, administrators can establish global access policies and roll them out across the entire distributed system with just a few clicks.
Apono was recently named to the Gartner Magic Quadrant for Privileged Access Management (PAM). While the recognition was unexpected at Apono, Kisluk says it just goes to show how Apono is truly the next thing in cloud PAM. Apono is expanding its cloud PAM by offering more complex access flow scenarios, or what is often referred to as, "if this, then that." These are scenarios that are triggered based on certain conditions being met. For example, if there's a production incident, you can grant access automatically for only the duration of the bug fix without submitting a special request.
Get to know Apono
Apono is a self-serve solution, so anyone can sign up with their email, connect to their cloud environment and database, and start using the product. Apono will also be at AWS re:Invent to be held in Las Vegas from November 27 to December 1. Don't forget to visit them and, of course, MongoDB and find out how these two powerful solutions are simplifying and streamlining privilege access management for developers and systems administrators.
Sign up for our MongoDB for Startups program today!