Gartner Cloud DBMS Report Names MarkLogic a Visionary

MarkLogic Data Hub Service: Mastering Security in the Cloud

Almost every organization you speak to these days has a cloud-first strategy, and if they don’t today, they will soon. They all want the agility of the cloud, the automation it can bring, and they want to focus on their business – not the plumbing. However, when it comes to large enterprises and mission-critical tasks, security has been a barrier for cloud adoption.

We recognized this challenge several years ago and began a concerted effort to remove those barriers by taking our industry-leading security model to an even higher level. Customers are relying on our advanced security capabilities to give them the assurance they need to migrate some of the most complex and sensitive workloads in the world to the cloud. For example, The Centers for Medicare & Medicaid Services is now running the Affordable Care Act (ACA) program completely in the cloud. When you think about the sorts of data managed by that system, you realize just how strict the security requirements must be.

But we didn’t stop there. The newest release of our multi-model database, MarkLogic 10, adds even more security capabilities. But an ultra-secure database isn’t enough. The MarkLogic Data Hub Service, powered by MarkLogic 10, secures your entire data integration platform in unique ways:

  • Virtual Private Cloud. Unlike other services where multi-tenancy and shared infrastructure is the norm, every customer running in MarkLogic Data Hub Service is in its own virtual private cloud (VPC) in a completely different environment from any other company’s data, network, storage, and administration, rather than being part of a pool from which space is carved out for different customers. Like other security mechanisms, MarkLogic’s VPC approach is baked into the data hub. There’s no way to turn it off, there is no way to misconfigure it, and there is no way to forget to turn it on. This level of isolation is what enterprises need to rest assured that their data, their very lifeblood, is well protected.
  • Advanced encryption. The data in MarkLogic Data Hub Service is always encrypted—by default. Done at the database level, the encryption means that even AWS or Azure cannot see the company’s data. Even within a company, there are different kinds and classes of data. They, too, can be encrypted differently. This ensures that only the right people, at the right time, have access to the right data. This level of encryption constitutes another level of data segregation that enterprises require. Along with capabilities like element-level security and anonymization, data is both highly secure and highly shareable – with the right people.
  • Secure by Default. Security in MarkLogic Data Hub Service is always on—and it comes on top of the security built into the underlying MarkLogic database, which is leaps and bounds tougher than the security built into other databases. This results in granular control over all data, all the time, and enterprise-grade strict policies regarding access controls.

With these improvements, we’ll help drive enterprise workloads to the cloud faster than ever and set the standard for what enterprises demand from database and cloud services technologies. Enterprises may even have better security in the cloud than on-premise because of the extra level of cloud security that occurs because fixes are more centrally administered, often more quickly, than with on-premise solutions. As IDC states, while security is “often cited as the leading obstacle to cloud implementations, increasingly some customers see cloud as more secure, cost-effective, and customer responsive than in-house capabilities.”

Besting Certification Requirements

With our enhanced products now in the market, our next step is to achieve the highest levels of external security certifications for them. We don’t design our products simply to meet certification requirements so we can check a box somewhere. We design them to meet the requirements of enterprise customers. In our mind, that means going beyond what those certifications require and what is offered by competing services. We opted for enhanced security from the start and every choice we’ve made since then has sprung from that position.

Within the next few months, MarkLogic expects to achieve the following certifications, including:

  • NIST 800-53 Moderate Attestation. This is an umbrella framework that implements the control that enables compliance with many certifications, including:
  • SOC 2 Type 2. SOC 2 Type 2 is a requirement for many financial organizations to use cloud vendors. SOC stands for “Service Organization Controls” and SOC 2 focuses on the internal controls an organization has that are released to compliance and operations. Type 2 also evaluates the operational effectiveness of controls over a period of time, the minimum of which is six months, to determine if controls are operating as described. In contrast, a Type 1 certification looks at security controls at a specific point in time.
  • FedRamp Moderate ATO. The U.S. government increasingly requires FedRAMP certification for cloud vendors.
  • HIPAA. Health care providers are required to comply with HIPAA and so want compliant cloud vendors.
  • FDA 21 CFR Part II. This is targeted toward the pharmaceutical industry.

Security for Every Industry

We tend to think that these sorts of certifications are targeted towards regulated industries, but we believe that every industry today is in fact regulated. If the government isn’t regulating the industry directly—as is the case with health care, finance, and insurance—market forces are. And what the market requires, by way of customers and consumers, is the very best data security as companies pursue their digital transformations. This is exactly what the MarkLogic Data Hub Service delivers.


Learn more about the MarkLogic Data Hub Service.

Joe Pasqua - Executive Vice President, Products | MarkLogic

Joe Pasqua brings over three decades of experience as both an engineer and a leader. He has personally contributed to several game changing initiatives including the first personal computer at Xerox, the rise of RDBMS in the early days of Oracle, and the desktop publishing revolution at Adobe. In addition to his individual contributions, Joe has been a leader at companies ranging from small startups to the Fortune 500.

Most recently, Joe established Neustar Labs which is responsible for creating strategies, technologies, and services that enable entirely new markets. Prior to that, Joe held a number of leadership roles at Symantec and Veritas Software including VP of Strategy, VP of Global Research, and CTO of the $2B Data Center Management business.

Joe’s technical interests include system software, knowledge representation, and rights management. He has over 10 issued patents with others pending. Joe earned simultaneous Bachelor of Science Degrees in Computer Science and Mathematics from California Polytechnic State University San Luis Obispo where he is a member of the Computer Science Advisory Board.

Start a discussion

Connect with the community

STACK OVERFLOW

EVENTS

GITHUB COMMUNITY

Most Recent

View All

Digital Acceleration Series: Powering MDM with MarkLogic

Our next event series covers key aspects of MDM including data integration, third-party data, data governance, and data security -- and how MarkLogic brings all of these elements together in one future-facing, agile MDM data hub.
Read Article

Of Data Warehouses, Data Marts, Data Lakes … and Data Hubs

New technology solutions arise in response to new business needs. Learn why a data hub platform makes the most sense for complex data.
Read Article

5 Key Findings from MarkLogic-Sponsored Financial Data Leaders Study

Financial institutions differ in their levels of maturity in managing and utilizing their enterprise data. To understand trends and winning strategies in getting the greatest value from this data, we recently co-sponsored a survey with the Financial Information Management WBR Insights research division.
Read Article
This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.