BigID secures its future with MongoDB’s AI capabilities

THEIR CHALLENGE

Making important decisions up front

A critical turning point in the way in which organizations manage and protect data was when the EU adopted the General Data Protection Regulation (GDPR) in 2016. The highly rigorous data protection and privacy law, which has since led to similar regulations across the world, highlighted the importance of data and triggered a fundamental shift in attitudes towards its security. It was also a key driver behind the foundation of BigID.

“We saw an opportunity to reimagine how organizations go about protecting sensitive things like people and identity data,” explained Dimitri Sirota, a co-founder and CEO at BigID. “Traditional approaches to data security were just not satisfactory to solve these problems, which created a space to do something novel.”

For BigID, this involved a fundamental modernization of data management and security processes, and included a combination of new cloud and SaaS platforms as well as legacy data centers and platforms. However, the growing complexity of global data environments soon became clear.

“You have to deal with hundreds of places where you keep data and applications: data repositories, the cloud, on-premises, in motion, at rest, structured and unstructured,” Sirota noted. “Also, the varieties of data are much more complex than, for example, just a 16-digit payment card number. Personal data could be any number of things: your password, name, address, signature, or other biometrics. The definition of sensitive data is much broader than it has ever been.”

BigID understood from the outset that making the correct initial decisions about its technology stack would be crucial. It needed solutions that would be scalable and adaptable, and wouldn’t cause architectural roadblocks as the business and its wider environment evolved.

“You need it to be expansive enough to accommodate changes—both those we’d already experienced and others we can anticipate over the coming years,” Sirota said. “You have to make some big decisions to support upcoming use cases. If you get that right up front, adapting isn’t a huge problem, but if you have to make changes later in your company’s journey, it’s an enormous undertaking.”

OUR SOLUTION

The future-proof choice

BigID’s choice of database was a critical part of this process. It needed to accommodate BigID’s requirements for privacy and security while also enabling data visibility and actionability, but without being limited to structured options such as PostgreSQL. It also needed to provide support for emerging technologies such as large language models (LLMs) and artificial intelligence (AI).

“There’s a whole host of considerations, such as reporting on compliance, and data management that actually requires a recollection, a memory, a stateful persistence layer,” said Sirota. “We weren’t looking for a purely transactional data repository. We knew we needed some memory of what we find, and we needed it to be flexible because what we find may not just be an attribute in a spreadsheet.”

BigID also needed a database that would allow it to build an encrypted and tokenized catalog of findings, and that could handle more than purely structured data. And more broadly, it needed an enterprise-class solution with the versatility and flexibility to accommodate both structured and unstructured data, and that would operate in the cloud if that suited the client’s environment.

“From an early stage there was a realization that MongoDB and MongoDB Atlas offered much more flexibility than a more traditional PostgreSQL kind of database,” Sirota explained. “MongoDB gave us a NoSQL-like structure to collect different things and generate additional inferences that we could store in the catalog, and it also gave us different ways of analyzing it, including a graph-based approach to traverse the findings.”

Another critical factor was the level of enterprise support that MongoDB offered. Combined with the flexibility and versatility that MongoDB offered for both on-premise and cloud applications, BigID realized that the overall solution had a long-term future with the business.

“We wanted the ability to operate both in the cloud with MongoDB Atlas, and also in a data center. We wanted multiple interfaces, and we wanted a database that saw a future for itself, especially around generative AI and vector interfaces,” said Sirota. “MongoDB was essentially the future-proof choice. It’s a complete package.”

OUTCOME

A single, flexible platform for multiple use cases

The tools offered by MongoDB not only allow BigID to deliver its initial objectives—dealing effectively with an extensive cross-section of data types and formats—but are also enabling new capabilities.

“We started with a focus on personal data, but now we’re embarking on much more. We’re adding vectorization to the catalog so companies can search data more effectively,” says Sirota. “You don’t necessarily need to know exactly what you’re looking for, but MongoDB’s vectorization functions offer the semantic capabilities to infer it. It provides real additional versatility.”

MongoDB’s Model Context Protocol (MCP) allows greater interaction with the backend databases, helping accelerate development and configuration processes through an agentic interface.

“We’re leveraging all that as part of our agentic technology strategy in pre-sales and our broader adoption of AI,” said Sirota. “The variety of tools and interfaces that MongoDB Atlas offers was something we liked from the beginning, and they’re all just growing.”

And for BigID, growth means embracing generative AI (gen AI) and retrieval augmented generation (RAG) to marry security and privacy information with unstructured sources such as financial documentation.

“These things really come together with gen AI and RAG, but you need a back-end repository to support the findings and the context,” Sirota said. “MongoDB provides the back-end infrastructure to enable that.”

The combination of BigID’s close relationship with personnel across MongoDB’s organization, and the high levels of support it receives, BigID is confident that its tech stack—with MongoDB at its heart—is ready to meet a host of future developments.

“The AI applications are going to be everywhere—things like secure data pipelines, shadow AI, governing employee access to AI, and AI security management,” Sirota concluded. “And MongoDB provides us the flexibility to accommodate this large diversity of AI use cases from a single platform.”