Galaxy - really concerned about platform security (data encryption at rest)

#1

We’ve been using Galaxy (and MLab) for 6 weeks as we develop our enterprise SaaS application and get it ready to launch in a few weeks. It’s been a good experience so far, since we haven’t had to spend time on devops which could be better spent on app development.

The only potential show-stopper for me is the security of the platform for the enterprise, and in particular:
i) whether data encryption can be enabled for any data stored on Galaxy, similar to AWS KWS in Amazon EBS
ii) whether two factor authentication can be enabled for Galaxy accounts

It is not good enough to rely just on a single password to protect Galaxy admininstrator accounts.

I’d like to hear whether any other Galaxy customers worry about this issue, and what MDG have to say about these points. I’m seriously considering switching away from Galaxy when we launch and just doing a self-service setup on AWS EC2, which would enable us to fix both these security requirements. We’ll have to spend time managing the EC2 environment, but at least we can offer a reasonable level of data security to our enterprise customers.

2 Likes
#2

@sives can you please send me a direct msg so we can discuss further? I can share more details about our security policies and also deployment options to harden your application including dedicated instances, etc.

#3

why not in here as well in case others have the same questions?

9 Likes
#4

I’m not sure we need to see private business discussions, but maybe if you could provide a summary of what others in this situation have for potential options.

#5

Sticker shock, probably. The MongoDB enterprise license for data encryption at rest is priced by the Mongo node, per month, at a rate that very quickly gets into annual salary ranges. Galaxy doesn’t even offer MongoDB hosting; but any discussion of an encrypted secure platform quickly gets expensive in ways that most people aren’t accustomed to.

#6

really? :wink: I was talking about the mentioned policies etc. not so much the details :slight_smile:

@awatson1978, fair enough. tnx.

2 Likes
#7

That’s a question that probably many other people are interested in hearing answer to, and really should not have anything to do with the prices.

3 Likes
#10

@awatson1978 Yes, I agree, many vendors see security as an opportunity to charge a premium price. But I think the Lets Encrypt project is beginning to change this approach, and it’s a welcome trend. Looking at my customers in the enterprise SaaS market, they expect strong security and a low price (I’m planning to price around the $30 per user per month level).

1 Like
#11

Great news - I just discovered that ObjectRocket offer a configuration option for their Mongo DB service that supports data-at-rest encryption. It’s the only service that I’ve found that does They charge a small premium for this option, but pricing is still very reasonable. Problem solved. Now we just need 2 factor authentication for Galaxy…

1 Like
#12

@sives I think MongoDB’s own Atlas service also provides data at rest encryption FYI.

#13

+1 for 2FA on Galaxy from another enterprise SaaS customer. I looked for this the other day and was surprised it was missing. Also noticed mLab requires an authenticator app to scan a QR code to get 2FA which does not really seem necessary. 2FA through SMS for Galaxy would be sufficient.

#14

We also require 2FA on Galaxy. We are building a SAAS sales productivity app built on machine learning and will be launching in next 30 days. https://clozer.ai

2 Likes
#15

@Longmate I spoke to the MongoDB folks regarding Atlas. What they state on their website is: “Data at rest can be protected using encrypted data volumes. Note that this uses the cloud provider’s native volume encryption solution, rather than the MongoDB encrypted storage engine.”

https://www.mongodb.com/blog/post/securing-mongodb-part-3-database-auditing-and-encryption

This is quite a bit different to providing a simple configuration option for data encryption-at-rest (as provided by ObjectRocket). It’s not a guaranteed end-to-end solution.

For example, mLab support encrypted storage volumes with MongoDB, but with a few caveats which make it unsuitable for our application:

“If you’re interested in Google Cloud Platform, the disks are already encrypted. However, note that at this time, even if you do host on Google, mLab’s infrastructure will not necessarily encrypt your data at rest everywhere. For example, while block snapshot backups are stored in Google, your mongodump backups will reside on unencrypted disks on AWS even if your database is running on encrypted disks. There are other scenarios where logs and other data may be landed on non-encrypted disks.”

I think that the IaaS vendors really need to raise their game on security, especially with 2FA which is relatively simple to integrate into a platform.

#16

@Longmate You might be right, it’s hard to be sure without carrying out a penetration test.

#17

Galaxy likely uses ephemeral file storage so any files/data that your app stores will not be persistent anyway. It is Mongo encryption at rest you’d want to focus on, that can be achieved with the Enterprise version using the Wiredtiger storage engine. But it sounds like you’ve found a solution already.

#19

Yes, we are talking about securing access to Galaxy admin console. Because if someone with malicious intent gets inside, it’s game over for you and your apps.

1 Like
#20

Would also want to hear from MDG on their plans on implementing the 2FA feature. Currently planning on launching our service in a month in Galaxy but without 2FA it doesn’t really feel enterprise secure solution to be used on application that handles quite private information.

For some it’s quite small feature but can easily prevent whole organization going down by having wrong people get access to your whole service.

#21

I will try to connect with the Galaxy product manager to raise the priority of this. At the moment, anyone with an enterprise application on Galaxy is going to hit this issue sooner or later. Our customers - whilst very enthusiastic about cloud platforms in general - are very aware of security risks. They even send us security questionnaires.

The net result is that as an enterprise SaaS vendor you end up having to move your application off Galaxy as soon as you get a significant number of customers. This is counter-productive for us (because we have to spend more time on devops) and it is counterproductive for MDG because Galaxy is a primary revenue generator.

1 Like
#22

It’s extremely necessary to have 2 factor/Multi factor auth for the admin console. This could literally be added in a day. Apologies for the tone, but it’s difficult to take you seriously from a devops perspective if you don’t have basic policies and tools in place for the type of platform you are offering and charging for. Twilio SMS/Authy/Duo, etc can be installed easily. If you do have these services or coming soon, please let us know. Who’s the CTO? Would like an official statement on this.

1 Like
#23

I’m the product manager for Galaxy.

I hear you - we understand that two factor authentication is an important security measure, and we are looking into adding support for it in Galaxy.

I’ll keep you all updated on this feature roll out.

9 Likes