After experiencing an attack last year that exposed customer accounts and database instances at cloud-based database service MongoHQ, the company on Tuesday said that it has added new security features, including the ability for customers to control and see who accesses their account, along with two-factor authentication and security auditing tools.
In October 2013, the database hosting company discovered that attackers had gained access to an internal, employee-facing support application that resulted in customer accounts and database instances being exposed. One tool accessed by the attacker(s) let MongoHQ support staff “impersonate” to access to a web interface as if they were a logged in as a customer.
“We’re excited to announce these new security features today and highlight the steps we’ve taken to help our customers manage their security,” said Kurt Mackey, co-founder of MongoHQ.
“This security package provides our customers with the tools needed to better manage and monitor access to their database configuration tools.” “These new security features give MongoHQ’s customers a heightened level of control over access to the application used to manage their database,” the company said in a statement. “Additionally, new open source features address the ongoing issue of security within the cloud and allow MongoHQ to provide enhanced security tools to startups that may not otherwise have access.”
Details of the new security features include:
• Security Auditing – A new tool that allows database owners to see any login activity and changes through the MongoHQ web user interface in real time. This provides developers with the ability to oversee who is accessing their account and monitor sensitive application features, allowing them to address suspicious activity early.
• Two-Factor Authentication – Allows users to add an extra-layer of security to their login details. In addition, account owners can require two-factor authentication for all users on their account.
• Open Source Security Features – As part of the new security package, MongoHQ is releasing their two-factor authentication service as open source to help other startups implement two-factor authentication. The tool, known as Authful, was developed in house and underwent a security audit from Matasano.
Along with the new security features, the company published The MongoHQ Security Handbook, a guide that provides best practices for internal security policy, specifically designed for startups.
MongoHQ offers fully managed end-to-end platform for developers looking to deploy, host and scale MongoDB databases and boasts over 35,000 current users with customers across the world.