MongoDB update plugs security hole and sets sights on the enterprise

Co-founder Eliot Horowitz chats to El Reg about a decade in the NoSQL space


Document database-flinger MongoDB has long positioned itself as the dev's best friend, but after ten years it is now fluffing itself up for the enterprise.

The firm, which went public just last month and hopes to earn up to $220m, has now launched the latest version of its database, which aims to appeal to these bigger customers.

Speaking to The Reg at MongoDB's European conference, co-founder and CTO Eliot Horowitz said the aim was to offer companies something that allows developers to be more productive.

As part of this, the latest release, MongoDB 3.6, gives a nod to increasing demand for real-time updates, improved data visualisation tools and greater automation.

For instance, MongoDB has introduced Change Streams to automate real-time updates, and brought in automatically retryable writes, moving the handling of system figures from the application to the database.

It's also taking a greater interest in the growing trend towards the democratisation of data – the increasing demand from companies that all staff have access to, and make better use of, the data they hold.

"I think we're doing more on that than anything else," Horowitz told The Reg. "Charts [MongoDB's native BI tool] is a huge step for us in that space... but more interesting in the longer-term is Stitch."

Stitch – launched back in June with general availability due around December – aims to give developers a simple way of handling routine backed tasks; cutting out the need for them to spend ages writing boilerplate code.

'It definitely didn't help our reputation'

Perhaps more crucial for making itself a viable option for enterprise customers is the move to close off a less than ideal security hole, which exposed data in MongoDB to the public internet.

That led to a spate of ransomware attacks and data breaches – not to mention negative headlines – at the start of the year.

The change means users will have to explicitly turn on remote networking, which Horowitz said might be "a little annoying to upgrade, but at least you have to think about what you're doing a little more".

At the time, the situation was seized upon by MongoDB's competitors – Microsoft put out an advert saying "first and foremost, security is our priority" – but Horowitz denies the incident did the firm major damage.

"I think most people who understand databases are of the opinion you should be running databases behind firewalls and with security on," he told The Reg. "It definitely didn't help our reputation, but I don’t think it’s been a big problem."

He also argued that is was more likely modern firms would come up against these issues than legacy vendors like Oracle.

"People don't run Oracle themselves for little applications. With Mongo, you don't need large DBA teams; it's so easy to get started, and there aren't quite as many policies and checkboxes around this stuff."

That ease is what Mongo sells itself on – and Horowitz is bullish about his firm's ability to take the fight to the traditional vendors. As evidence, he pointed to a stat in the company's S-1 filing that 30 per cent of Mongo's new business this year has been from users migrating workloads from relational databases.

'It was a completely different world'

Although he admits MongoDB isn't likely to displace relational databases any time soon, Horowitz is confident the shift has gone far enough not to see the tides turn the other way.

This point was emphasised by his comments on how much the database market has changed in the ten years since he started the firm. (Fun fact: MongoDB's IPO was exactly ten years to the date of its first GitHub submission.)

"If you think about fall 2007, there was nothing else in the database space of note happening. NoSQL didn't exist yet, everyone was using MySQL – this was before Oracle acquired Sun – it was a completely different world," Horowitz said.

"Now, the concept of document databases isn't alien – the likes of Amazon and Microsoft are doing it. But that's a good thing.

"I'd be nervous if there were no other document databases out there. People want validation that this isn't some bizarre, bespoke thing. No one's going to believe it's the future if no one else is doing it." ®

Similar topics


Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022