| I'm a founder of Emergent One, a startup that uses similar agent-based technology to Chartio to access production databases and build out RESTful APIs. Some of our APIs are write-enabled, which makes the proposed risk even higher than that of Chartio's. We've spent a lot of time thinking about security risks and writing code to reduce them. I thought I'd share a few things we do and that we've learned from our experience: * The agent approach is the most popular because it allows for a system administrator to easily sever the connection from the database server without having to worry about writing queries to revoke user access. * We never run unindexed queries without an explicit request from a customer and a manual entry from an Emergent One employee. * We're currently looking into security consultants to continuously test our production environment. * We're building an appliance version of our software much like Github Enterprise in order to accommodate the customers that aren't comfortable with their data hitting the cloud. * We strive to have very quick and personal customer service directly from engineers. The vast majority of the responses are within the hour. and last but certainly not least... * The very best thing we can do is be honest and straightforward about the inherent risk behind our platform. Being able to build and maintain a pristine level of trust is the only thing that will keep us in business. I'm sure Chartio does things very similarly. Direct-database access technology is not for everyone, but it's also proving to be extremely valuable for both Chartio's customers and ours. The cloud advantage that makes most SaaS software great is still there. |