3 Pain Points in NoSQL Security
When open source NoSQL databases were first being developed, there was mostly a strong desire to know if they would succeed with this model of developing and distributing software. Would open source be accepted in the enterprise, where proprietary software had reigned supreme for decades? Would database administrators, IT managers, and company executives embrace or even allow databases that were so radically different than the traditional relational databases that they have used so successfully for so long?
The answers to those questions are now clear, but that doesn’t change the fact that as these products were in development, there wasn’t much thought put into native security. Now that NoSQL is such a strong force in database development and administration, the security features are having to be tacked on as an afterthought. While NoSQL databases have a ways to go in terms of providing native security features and settings, there are some things you can do to secure your NoSQL database(s) in the meantime.
Recently, about 40,000 MongoDB databases were found to almost totally lack any security whatsoever. Clearly, if you’re using these systems as-is, with no extra consideration for securing the database, it won’t be a safe place for regulated data, consumer or healthcare related data, or any intellectual property or proprietary secrets you’ve got stashed away in there. NoSQL DBs need more. Though most of these tips are relevant to the massively popular Hadoop, HBase, and MongoDB, there are similar solutions in the other top NoSQL DB options, including CouchDB, Cassandra, MarkLogic, MapR, and the rest.
1. NoSQL DBs Need Solid Governance
Hadoop was created with no governance. Hortonworks, the parent company of Hadoop, has since formed a consortium established to develop a governance model for Hadoop and achieve widespread adoption (both of which are no menial challenges). The consortium is called the Data Governance Initiative, or DGI. Though not a particularly creative name, it is what it is.
If you’re using Hadoop or other NoSQL databases, you’ll need to find some governance elsewhere and stick it on there as best you can. With Hadoop, this is being at least partially addressed by products like Apache Ranger and Apache Falcon. There is also work underway to make Hadoop governable via other enterprise data-governance solutions, but these aren’t yet to fruition. MongoDB versions 2.6 and later do feature auditing capabilities that allow you to track changes, but that’s about it.
2. NoSQL DBs Need At-Rest Encryption
At-rest encryption is also essential for storing any regulated data or other sensitive data, but there is no native ad-risk encryption with MongoDB or most of the other NoSQL DBs. However, you can use Ruby gems to provide field encryption for MongoDB, and Hadoop versions 2.6 and later do feature at-rest encryption via encryption zones.
3. NoSQL DBs Need Authentication
When it comes to authentication, some NoSQL databases can leverage systems like Active Directory to secure access to the system from the outside. If you’re a MongoDB user, you can instead utilize LDAP. Hadoop users typically configure the system to use Kerberos server and then establish a one-way trust relationship between the Kerberos server and the AD repository.
Always remember when working in Hadoop, this system comes with almost all security settings turned off. You have to go in and change the settings one by one to enable the security features that are available, and realize that even with the maximum Hadoop security in place, it still will not be the same as most proprietary systems.
For these reasons (as well as performance), businesses can turn to the trusted cloud service providers at Bigstep to help them secure and safeguard their NoSQL databases. Learn more about us today.