MongoHQ, a platform for developers to host MongoDB databases, announced on Tuesday two new features to improve security of its users, as well as a couple of initiatives it hopes will benefit the larger security community.
The new features include two-factor authentication and security auditing tools, as well as plans to release an open source security handbook.
“The first new feature is security auditing,” MongoHQ co-founder Jason McCay says. “What we have provided to the users is that when they login to their MongoHQ account they can actually see all of their login activity and see all the various events that have happened on their account. They are able to see if there are any potential incorrect or invalid login, they can see when databases are created or removed, different types of user activity, so it allows the user to keep tabs on what is going on in their account.”
MongoHQ’s focus on security comes a few months after it experienced a data breach, which gave attackers access to customer account information.
According to McCay, the new security features came out of the investigation into the November breach.
“After the [security breach] had happened, our team at MongoHQ worked around the clock to take care of our customers and also to immediately correct the issue that caused the breach. After that, we kicked off a deep security investigation with security experts and also with law enforcement to really ensure that everything was back to normal,” McCay says. “I think we as a team knew that we needed to provide tangible steps to our customers. We also wanted an opportunity to give back to the tech community after this event to be able to give them all the things that we learned through this event.”
The MongoHQ Security Handbook, which hasn’t been released yet, is a best practices internal security policy designed for startups. MongoHQ worked with external security firm Matasano to develop the guidelines and will release it as open source.
As well as offering a two-factor authentication service to customers (which includes team-based two-factor authentication), it is releasing the service as an open source tool, called Authful, to help startups implement two-factor authentication. The tool was developed in-house, and underwent a security audit from Matasano.
“The interesting thing about the [security] community is that the community as a whole doesn’t want to see security breaches and when it does happen there is an outreach from a number of companies and they offer their support,” McCay says. “I think in that same spirit we knew pretty early on that we wanted to take this entire experience and find a way to improve the tech community as a whole.”
“I think our primary goal is to make sure that it never happens to us again but also to do whatever we can to ensure that it doesn’t happen to other companies as well,” he says.
McCay says MongoHQ sees these open source tools and its new security features as the first steps in improving security for its users, but also for startups.
“This is something that is going to continue to evolve,” he says. “We’re going to add additional features and I think we see this as something that is a really good strong step into giving back.”