MongoDB update plugs security hole and sets sights on the enterprise

Co-founder Eliot Horowitz chats to El Reg about a decade in the NoSQL space

Document database-flinger MongoDB has long positioned itself as the dev's best friend, but after ten years it is now fluffing itself up for the enterprise.

The firm, which went public just last month and hopes to earn up to $220m, has now launched the latest version of its database, which aims to appeal to these bigger customers.

Speaking to The Reg at MongoDB's European conference, co-founder and CTO Eliot Horowitz said the aim was to offer companies something that allows developers to be more productive.

As part of this, the latest release, MongoDB 3.6, gives a nod to increasing demand for real-time updates, improved data visualisation tools and greater automation.

For instance, MongoDB has introduced Change Streams to automate real-time updates, and brought in automatically retryable writes, moving the handling of system figures from the application to the database.

It's also taking a greater interest in the growing trend towards the democratisation of data – the increasing demand from companies that all staff have access to, and make better use of, the data they hold.

"I think we're doing more on that than anything else," Horowitz told The Reg. "Charts [MongoDB's native BI tool] is a huge step for us in that space... but more interesting in the longer-term is Stitch."

Stitch – launched back in June with general availability due around December – aims to give developers a simple way of handling routine backed tasks; cutting out the need for them to spend ages writing boilerplate code.

'It definitely didn't help our reputation'

Perhaps more crucial for making itself a viable option for enterprise customers is the move to close off a less than ideal security hole, which exposed data in MongoDB to the public internet.

That led to a spate of ransomware attacks and data breaches – not to mention negative headlines – at the start of the year.

The change means users will have to explicitly turn on remote networking, which Horowitz said might be "a little annoying to upgrade, but at least you have to think about what you're doing a little more".

At the time, the situation was seized upon by MongoDB's competitors – Microsoft put out an advert saying "first and foremost, security is our priority" – but Horowitz denies the incident did the firm major damage.

"I think most people who understand databases are of the opinion you should be running databases behind firewalls and with security on," he told The Reg. "It definitely didn't help our reputation, but I don’t think it’s been a big problem."

He also argued that is was more likely modern firms would come up against these issues than legacy vendors like Oracle.

"People don't run Oracle themselves for little applications. With Mongo, you don't need large DBA teams; it's so easy to get started, and there aren't quite as many policies and checkboxes around this stuff."

That ease is what Mongo sells itself on – and Horowitz is bullish about his firm's ability to take the fight to the traditional vendors. As evidence, he pointed to a stat in the company's S-1 filing that 30 per cent of Mongo's new business this year has been from users migrating workloads from relational databases.

'It was a completely different world'

Although he admits MongoDB isn't likely to displace relational databases any time soon, Horowitz is confident the shift has gone far enough not to see the tides turn the other way.

This point was emphasised by his comments on how much the database market has changed in the ten years since he started the firm. (Fun fact: MongoDB's IPO was exactly ten years to the date of its first GitHub submission.)

"If you think about fall 2007, there was nothing else in the database space of note happening. NoSQL didn't exist yet, everyone was using MySQL – this was before Oracle acquired Sun – it was a completely different world," Horowitz said.

"Now, the concept of document databases isn't alien – the likes of Amazon and Microsoft are doing it. But that's a good thing.

"I'd be nervous if there were no other document databases out there. People want validation that this isn't some bizarre, bespoke thing. No one's going to believe it's the future if no one else is doing it." ?


Biting the hand that feeds IT ? 1998–2017