Data presents new opportunities and challenges, and developers are at the forefront of these changes. At 10gen, we interact with users building new applications to support the growing need to collect, mobilize and analyze data for business goals.
Gaming companies analyze user data to react to movements in real-time, keeping the users happy and winning, and increasing retention and payout. Manufacturing companies ingest data from sensors and location tracking machines to gather machine data, analyzed in real-time and batch contexts. Retail companies leverage structured and competitive data to optimize prices in real-time and to serve personalized product recommendations. Each of these represents novel ways to build a data-driven business.
We love these stories and want to hear more from the developers who build these applications and are the driving force behind innovation. Take the MongoDB community survey and tell us how you’re using data in your applications to meet new data challenges. Complete the survey and enter for a chance to win an iPad Mini. This survey is platform agnostic, and is designed to get an understanding of the developer ecosystem as a whole.
In the spirit of open source, we plan to share the results of the survey with the community in a report and on the 10gen blog. Stay tuned for the results.
Invite Your Boss to the Business Track at MongoNYC
MongoDB Days have traditionally been focused on the developer community, with lots of technical talks on application design, deployment best practices, and ops war stories. MongoNYC will carry on the tradition of including many deep technical sessions, with talks from the 10gen staff on the latest features in 2.4, as well as presentations from MongoDB community members on their experiences deploying MongoDB in real-world scenarios. But this year at MongoNYC, we’re introducing a new track aimed at IT managers, directors, and C-level executives who aren’t knee-deep in code. The business track will include case studies from 10gen customers with a focus on the business benefits of using MongoDB, such as reduced cost, new revenue streams and competitive advantaged. We’ll look at the steps enterprises take to adopt NoSQL and open-source technologies, and how you can learn from their experiences. Here are some of the talks included on the business track at MongoDB NYC: Telefonica explains how it reduced development time by over 80% from its previous Oracle implementation, building a rich, globally available user data management system. ADP describes how it built a mobile app in just a few months to let customers view payroll and benefits information on their devices of choice, differentiating ADP from stale on-premise solutions. Criteo shows how it supported 200,000% growth over five years and global expansion to 7 continents migrating away from SQL Server to MongoDB for its core business, improving online shopping by bringing the performance of search to display advertisers. And more. So if you’re a developer or DBA who loves MongoDB, but you’ve only been able to use it for small or side projects, consider inviting your boss to MongoNYC this year. Or, attend the business track and return to the office as an advocate for the business advantages of MongoDB in your enterprise. For more information on MongoDB NYC or to register, please visit http://www.10gen.com/events/mongonyc-2013. Tomorrow is your last chance to register at the early bird rate, which is only $75. Looking forward to seeing you there.
4 Ways to Create a Zero Trust Environment in Financial Services
For years, security professionals protected their IT much like medieval guards protected a walled city — they made it as difficult as possible to get inside. Once someone was past the perimeter, however, they had generous access to the riches within. In the financial sector, this would mean access to personal identifiable information (PII), including a “marketable data set” of credit card numbers, names, social security information, and more. Sadly, such breaches occurred in many cases, adversely affecting end users. A famous example is the Equifax incident, where a small breach led to years of unhappy customers. Since then, the security mindset has changed as users increasingly access networks and applications from any location, on any device, on platforms hosted in the cloud — the classic point-to-point security approach is obsolete. The perimeter has changed, so reliance on it as a protective barrier has changed as well. Given the huge amount of confidential client and customer data that the financial services industry deals with on a daily basis — and the strict regulations — security needs to be an even higher priority. The perceived value of this data also makes financial services organizations a primary target for data breaches. In this article, we’ll examine a different approach to security, called zero trust , that can better protect your assets. Paradigm shift Zero trust presents a new paradigm for cybersecurity. In a zero trust environment, the perimeter is assumed to have been breached; there are no trusted users, and no user or device gains trust simply because of its physical or network location. Every user, device, and connection must be continually verified and audited. Here are four concepts to know about creating a zero trust environment. 1. Securing the data Although ensuring access to banking apps and online services is vital, the database, which is the backend of these applications, is a key part of creating a zero trust environment. The database contains much of an organization’s sensitive, and regulated, information, along with data that may not be sensitive but is critical to keeping the organization running. Thus, it is imperative that a database be ready and able to work in a zero trust environment. As more databases are becoming cloud-based services, an important aspect is ensuring that the database is secure by default—meaning it is secure out of the box. This approach takes some of the responsibility for security out of the hands of administrators, because the highest levels of security are in place from the start, without requiring attention from users or administrators. To allow access, users and administrators must proactively make changes— nothing is automatically granted. As more financial institutions embrace the cloud, securing data can get more complicated. Security responsibilities are divided between the clients’ own organization, the cloud providers, and the vendors of the cloud services being used. This approach is known as the shared responsibility model. It moves away from the classic model where IT owns hardening of the servers and security and then needs to harden the software on top—for example, the version of the database software—and then harden the actual application code. In this model, the hardware (CPU, network, storage) are solely in the realm of the cloud provider that provisions these systems. The service provider for a Data-as-a-Service model then delivers the database hardened to the client with a designated endpoint. Only then does the actual client team and their application developers and DevOps team come into play for the actual solution. Security and resilience in the cloud are only possible when everyone is clear on their roles and responsibilities. Shared responsibility recognizes that cloud vendors ensure that their products are secure by default, while still available, but also that organizations take appropriate steps to continue to protect the data they keep in the cloud. 2. Authentication for customers and users In banks and finance organizations, there is a lot of focus on customer authentication, or making sure that accessing funds is as secure as possible. It’s also important, however, to ensure secure access to the database on the other end. An IT organization can use various methods to allow users to authenticate themselves to a database. Most often, the process includes a username and password. But, given the increased need to maintain the privacy of confidential customer information by financial services organizations, this step should only be viewed as a base layer. At the database layer, it is important to have transport layer security and SCRAM authentication , which enables traffic from clients to the database to be authenticated and encrypted in transit. Passwordless authentication should also be considered—not just for customers, but for internal teams as well. This can be done in multiple ways with the database, for example, auto-generated certificates may be required to access the database. Advanced options exist for organizations already using X.509 certificates that have a certificate management infrastructure. 3. Logging and auditing In the highly regulated financial industry, it is also important to monitor your zero trust environment to ensure that it remains in force and encompasses your database. The database should be able to log all actions or have functionality to apply filters to capture only specific events, users, or roles. Role-based auditing lets you log and report activities by specific roles, such as userAdmin or dbAdmin, coupled with any roles inherited by each user, rather than having to extract activity for each individual administrator. This approach makes it easier for organizations to enforce end-to-end operational control and maintain the insight necessary for compliance and reporting. 4. Encryption With large amounts of valuable data, financial institutions also need to make sure that they are embracing encryption —in flight, at rest, and even in use. Securing data with client-side, field-level encryption allows you to move to managed services in the cloud with greater confidence. The database only works with encrypted fields and organizations control their own encryption keys, rather than having the database provider manage them. This additional layer of security enforces an even more fine-grained separation of duties between those who use the database and those who administer and manage it. Also, as more data is being transmitted and stored in the cloud—some of which are highly sensitive workloads—additional technical options to control and limit access to confidential and regulated data is needed. However, this data still needs to be used. So, ensuring that in-use data encryption is part of your zero trust solution is vital. This approach enables organizations to confidently store sensitive data, meeting compliance requirements while also enabling different parts of the business to gain access and insights from it. Conclusion In a world where security of data is only becoming more important, financial services organizations rank among those with the most to lose if data gets into the wrong hands. Ditching the perimeter mentality and moving toward zero trust—especially as more cloud and as-a-service offerings are embedded in infrastructure—is the only way to truly protect such valuable assets. Learn more about developing a strategic advantage in financial services. Read the ebook now .