Apono Streamlines Data Access with MongoDB Atlas

Steve Jurczak
October 30, 2023
#Startups

In today's world of ever-evolving cloud technology, many organizations are struggling to effectively manage data access. From companies that have no access policies in place and allow anyone to access any data, to those that have an existing solution but it's only on-premises, there's a desperate need for cloud-based access management.

Apono is an easy-to-use platform that allows centralized access management, removing the trouble of having to depend on a single person to control access to the data. Apono brings reliable access management to the cloud, providing organizations with the security they need to protect their valuable information. And, as a member of the MongoDB for Startups program, Apono is accelerating its evolution as it seeks to expand its capabilities and its offering. MongoDB for Startups offers free MongoDB Atlas credits, one-on-one technical advice, co-marketing opportunities, and access to our vast partner network.

Access that's as granular as you need it

As organizations work to find the right balance of granular data access, they've often relied on a combination of workflow builders to make it happen. The way this often plays out is that just one person becomes the de facto expert in managing this system, leaving everyone else in the dark. And when they're gone, so is the expertise for managing ongoing access.

Apono is a go-to solution for securely managing access to the most confidential and sensitive cloud resources businesses possess, from production environments to applications. It simplifies database access management across all three major cloud providers.

A lot of database access management solutions only help with cluster access management, self-hosted databases, or cloud databases — but rarely not all of them. Apono enables organizations to manage access to database solutions whether they are self-hosted or in the cloud.

Apono enables highly granular permissions, going beyond granting access to a cluster. It allows you to manage access to individual databases. In MongoDB Atlas, Apono goes as far as allowing you to manage access to individual collections. Apono is unique in its ability to offer that level of granular access management.

Simplified and streamlined user experience

From restricting read and write access to granting temporary permissions, Apono makes it easy for administrators to manage the entire process with a few clicks. According to the company's own internal data, about 80% of administrators are able to create access flows without any help in under two minutes. It's a very intuitive solution that also gives you full visibility into who is accessing or requesting access to resources and for how long.

Administrators can choose how they want to interact with the Apono UX. They can use the intuitive administrator portal, the command line interface (CLI), Terraform, or the Apono API. From an end-user standpoint, Apono supports Slack, Teams, CLI, and a web portal with time-saving administrative features like request again and favorites. Additional time-savers include the ability to automate much of the process of granting permissions. Surprisingly, many organizations still handle permissions on an ad hoc basis through informal, one-off requests over text or email. Apono enables administrators to automate access flows, which not only saves time but is also more secure because it reduces the likelihood that someone will assign the wrong permission to a person or group by mistake.

Apono also makes it easy to conduct access reviews, which are often required for regulatory purposes. These reviews can also be scheduled and automated so that reports are automatically shared with the stakeholders who need them.

The security perimeter in the age of the cloud

Back when most systems were primarily on-prem, it was critical to set up a security perimeter that limited access to anything behind the network firewall. Today, with remote work, cloud architectures, and the proliferation of edge devices, there is no longer one single firewall. Rather, identity has become the new security perimeter.

"People work from anywhere, any IP, any device, even their phones. So it's becoming increasingly important to make sure that users have just the right amount of privileges," says Sharon Kisluk, Lead Product Manager at Apono. "If I give someone standing admin access to a cluster, what happens if they destroy the entire cluster by accident?"

To prevent data loss due to human error or incorrect permissions, Apono works under the principle of least privilege, which means that any user or operation is allowed to access only the information and resources that are necessary for its legitimate purpose. That's why, out of the box, Apono gives you the ability to restrict all access to critical production environments.

Multi-cloud access control

The maturity of today's cloud computing has led to a large majority — around 87% — of companies to deploy to multiple cloud environments. Like MongoDB Atlas, Apono is available on all three major cloud platforms: AWS, Google Cloud, and Microsoft Azure. Also like MongoDB Atlas, Apono supports self-hosted Kubernetes.

"We realized that people hate working with so many different role-based access control systems," says Kisluk. "Each system has its own user management. If you create policies or permissions in AWS, you have to do the same thing in Google Cloud and Azure if you're multi-cloud, and then you have to do the same thing for the databases."

With Apono, you can create access flow bundles, which is a role abstraction that works across systems. For example, you can create a role called, "prod access" that enables you to access production databases and grant permission to only those who require access to those systems. And any system that's tagged as a production system will inherit those permissions, even if they're hosted by different cloud providers. Using MongoDB Atlas combined with Apono, administrators can establish global access policies and roll them out across the entire distributed system with just a few clicks.

Product roadmap

Apono was recently named to the Gartner Magic Quadrant for Privileged Access Management (PAM). While the recognition was unexpected at Apono, Kisluk says it just goes to show how Apono is truly the next thing in cloud PAM. Apono is expanding its cloud PAM by offering more complex access flow scenarios, or what is often referred to as, "if this, then that." These are scenarios that are triggered based on certain conditions being met. For example, if there's a production incident, you can grant access automatically for only the duration of the bug fix without submitting a special request.

Get to know Apono

Apono is a self-serve solution, so anyone can sign up with their email, connect to their cloud environment and database, and start using the product. Apono will also be at AWS re:Invent to be held in Las Vegas from November 27 to December 1. Don't forget to visit them and, of course, MongoDB and find out how these two powerful solutions are simplifying and streamlining privilege access management for developers and systems administrators.

Sign up for our MongoDB for Startups program today!

← Previous

Retrieval Augmented Generation (RAG): The Open-Book Test for Gen AI

The release of ChatGPT in November 2022 marked a groundbreaking moment for AI, introducing the world to an entirely new realm of possibilities created by the fusion of generative AI and machine learning foundation models, or large language models (LLMs). In order to truly unlock the power of LLMs, organizations need to not only access the innovative commercial and open-source models but also feed them vast amounts of quality internal and up-to-date data. By combining a mix of proprietary and public data in the models, organizations can expect more accurate and relevant LLM responses that better mirror what's happening at the moment. The ideal way to do this today is by leveraging retrieval-augmented generation (RAG), a powerful approach in natural language processing (NLP) that combines information retrieval and text generation. Most people by now are familiar with the concept of prompt engineering, which is essentially augmenting prompts to direct the LLM to answer in a certain way. With RAG, you're augmenting prompts with proprietary data to direct the LLM to answer in a certain way based on contextual data. The retrieved information serves as a basis for generating coherent and contextually relevant text. This combination allows AI models to provide more accurate, informative, and context-aware responses to queries or prompts. Check out our AI resource page to learn more about building AI-powered apps with MongoDB. Applying retrieval-augmented generation (RAG) in the real world Let's use a stock quote as an example to illustrate the usefulness of retrieval-augmented generation in a real-world scenario. Since LLMs aren't trained on recent data like stock prices, the LLM will hallucinate and make up an answer or deflect from answering the question entirely. Using retrieval-augmented generation, you would first fetch the latest news snippets from a database (often using vector embeddings in a vector database or MongoDB Atlas Vector Search ) that contains the latest stock news. Then, you insert or "augment" these snippets into the LLM prompt. Finally, you instruct the LLM to reference the up-to-date stock news in answering the question. With RAG, because there is no retraining of the LLM required, the retrieval is very fast (sub 100 ms latency) and well-suited for real-time applications. Another common application of retrieval-augmented generation is in chatbots or question-answering systems. When a user asks a question, the system can use the retrieval mechanism to gather relevant information from a vast dataset, and then it generates a natural language response that incorporates the retrieved facts. RAG vs. fine-tuning Users will immediately bump up against the limits of GenAI anytime there's a question that requires information that sits outside the LLM's training corpus, resulting in hallucinations, inaccuracies, or deflection. RAG fills in the gaps in knowledge that the LLM wasn't trained on, essentially turning the question-answering task into an “open-book quiz,” which is easier and less complex than an open and unbounded question-answering task. Fine-tuning is another way to augment LLMs with custom data, but unlike RAG it's like giving it entirely new memories or a lobotomy. It's also time- and resource-intensive, generally not viable for grounding LLMs in a specific context, and especially unsuitable for highly volatile, time-sensitive information and personal data. Conclusion Retrieval-augmented generation can improve the quality of generated text by ensuring it's grounded in relevant, contextual, real-world knowledge. It can also help in scenarios where the AI model needs to access information that it wasn't trained on, making it particularly useful for tasks that require factual accuracy, such as research, customer support, or content generation. By leveraging RAG with your own proprietary data, you can better serve your current customers and give yourself a significant competitive edge with reliable, relevant, and accurate AI-generated output. To learn more about how Atlas helps organizations integrate and operationalize GenAI and LLM data, download our white paper, Embedding Generative AI and Advanced Search into your Apps with MongoDB . If you're interested in leveraging generative AI at your organization, reach out to us today and find out how we can help your digital transformation.

October 26, 2023
Next →

Payments Modernization and the Role of the Operational Data Layer

To stay relevant and competitive, payment solution providers must enhance their payment processes to adapt to changing customer expectations, regulatory demands, and advancing technologies. The imperative for modernization is clear: payment systems must become faster, more secure, and seamlessly integrated across platforms. Driven by multiple factors—real-time payments, regulatory shifts like Payment Services Directive 2 (PSD2), heightened customer expectations, the power of open banking, and the disruptive force of fintech startups—the need for payment modernization has never been more pressing. But transformation is not without its challenges. Complex systems, industry reliance on outdated technology, high upgrade costs, and technical debt all pose formidable obstacles. This article will explore modernization approaches and how MongoDB helps smooth transformations. Approaches to modernization As businesses work to modernize their payment systems, they need to overcome the complexities inherent in updating legacy systems. Forward-thinking organizations embrace innovative strategies to streamline their operations, enhance scalability, and facilitate agile responses to evolving market demands. Two such approaches gaining prominence in the realm of payment system modernization are domain-driven design and microservices architecture : Domain-driven design: This approach focuses on a business's core operations to develop scalable and easier-to-manage systems. Domain-driven design ensures that technology serves strategic business goals by aligning system development with business needs. At its core, this approach seeks to break down complex business domains into manageable components, or "domains," each representing a distinct area of business functionality. Microservices architecture: Unlike traditional monolithic architectures, characterized by tightly coupled and interdependent components, a microservices architecture decomposes applications into a collection of loosely coupled services, each of which is responsible for a specific business function or capability. It introduces more flexibility and allows for quicker updates, facilitating agile responses to changing business requirements. Discover how Wells Fargo launched their next-generation card payments by building an operational data store with MongoDB . Modernizing with an operational data layer In the payments modernization process, the significance of an operational data layer (ODL) cannot be overstated. An ODL is an architectural pattern that centrally integrates and organizes siloed enterprise data, making it available to consuming applications. The simplest representation of this pattern looks something like the sample reference architecture below. Figure 1: Operational Data Layer structure An ODL is deployed in front of legacy systems to enable new business initiatives and to meet new requirements that the existing architecture can’t handle—without the difficulty and risk of fully replacing legacy systems. It can reduce the workload on source systems, improve availability, reduce end-user response times, combine data from multiple systems into a single repository, serve as a foundation for re-architecting a monolithic application into a suite of microservices, and more. The ODL becomes a system of innovation, allowing the business to take an iterative approach to digital transformation. Here's why an ODL is considered ideal for payment operations: Unified data management: Payment systems involve handling a vast amount of diverse data, including transaction details, customer information, and regulatory compliance data. An ODL provides a centralized repository for storing and managing this data, eliminating silos and ensuring data integrity. Real-time processing: An ODL enables real-time processing of transactions, allowing businesses to handle high numbers of transactions swiftly and efficiently. This capability is essential for meeting customer expectations for instant payments and facilitating seamless transactions across various channels. Scalability and flexibility: Payment systems must accommodate fluctuating transaction volumes and evolving business needs. An ODL offers scalability and flexibility, allowing businesses to scale their infrastructure as demand grows. Enhanced security: An ODL incorporates robust security features —such as encryption, access controls, and auditing capabilities—to safeguard data integrity and confidentiality. By centralizing security measures within the ODL, businesses can ensure compliance with regulatory requirements and mitigate security risks effectively. Support for payments data monetization: Payment systems generate a wealth of data that can provide valuable insights into customer behavior, transaction trends, and business performance. An ODL facilitates real-time analytics and reporting by providing a unified platform for collecting, storing, and analyzing this data. Transform with MongoDB MongoDB’s fundamental technology principles ensure companies can reap the advantages of microservices and domain-driven design—specifically, our flexible data model and built-in redundancy, automation, and scalability. Indeed, the document model is tailor-made for the intricacies of payment data, ensuring adaptability and scalability as market demands evolve. Here’s how MongoDB helps with domain-driven design and microservice implementation to adopt industry best practices: Ease of use: MongoDB’s document model makes it simple to model or remodel data to fit the needs of payment applications. Documents are a natural way of describing data. They present a single data structure, with related data embedded as sub-documents and arrays, making it simpler and faster for developers to model how data in the application will be mapped to data stored in the database. In addition, MongoDB guarantees the multi-record ACID transactional semantics that developers are familiar with, making it easier to reason about data. Flexibility: MongoDB’s dynamic schema is ideal for handling the requirements of microservices and a domain-driven design. Domain-driven design emphasizes modeling the domain to reflect the business requirements, which may evolve over time. MongoDB's flexible schema allows you to store domain objects as documents without rigid schema constraints, facilitating agile development and evolution of the domain model. Speed: Using MongoDB for an ODL means you can get better performance when accessing data, and write less code to do so. A document is a single place for the database to read and write data for an entity. This locality of data ensures the complete document can be accessed in a single database operation that avoids the need internally to pull data from many different tables and rows. Data access and microservice-based APIs: MongoDB integrates seamlessly with modern technologies and frameworks commonly used in microservices architectures. MongoDB's flexible data model and ability to handle various data types, including structured and unstructured data, is a great fit for orchestrating your open API ecosystem to make data flow between banks, third parties, and consumers possible. Scalability: Even if an ODL starts at a small scale, you need to be prepared for growth as new source systems are integrated, adding data volume, and new consuming systems are developed, increasing workload. MongoDB provides horizontal scale-out on low-cost, commodity hardware or cloud infrastructure using sharding to meet the needs of an ODL with large data sets and high throughput requirements. High availability: Microservices architectures require high availability to ensure that individual services remain accessible even in the event of failures. MongoDB provides built-in replication and failover capabilities, ensuring data availability and minimal downtime in case of server failures. Payment modernization is not merely a trend but a strategic imperative. By embracing modern payment solutions and leveraging the power of an ODL with MongoDB, organizations can unlock new growth opportunities, enhance operational efficiency, and deliver superior customer experiences. Learn how to build an operational data layer with MongoDB using this Payments Modernization Solution Accelerator . Learn more about how MongoDB is powering industries on our solution library .

May 15, 2024