Abstract
NoSQL solutions have recently been gaining significant attention because they address some of the inefficiencies of traditional database management systems. NoSQL databases offer features such as performant distributed architecture, flexibility and horizontal scaling. Despite these advantages, there is a vast quantity of NoSQL systems available, which differ greatly from each other. The resulting lack of standardization of security features leads to a questionable maturity in terms of security. What is therefore much needed is a systematic lab research of the availability and maturity of the implementation of the most common standard database security features in NoSQL systems, resulting in a NoSQL security map. This paper summarizes the first part of our research project trying to outline such a map. It documents the definition of the standard security features to be investigated based on a literature review in the area of standard database security. After selection of OrientDB, Redis, Cassandra and MongoDB as initial representatives of commonly used NoSQL systems, a description of systematic investigation of standard database security features for each of these four systems is given. All findings are summarized in tables for quick and easy comparison. We conclude that systems investigated need better default configurations and should enable their security features per default. Finally, we provide an outlook to the next steps of researching a security map for NoSQL systems.
Highlights
Relational database management systems represent a mature technology for data management
In the search for scientific publications on NoSQL security for the four systems we have chosen to start our research with, we found a majority of publications to cover MongoDB and Cassandra
This work shows that for the four NoSQL database systems investigated, development is at the moment not primarily focused on the implementation of security features
Summary
Relational database management systems represent a mature technology for data management. It is our belief that an extensive map of the state of out of the box security of all major NoSQL systems is needed This map must be created by practical lab research on availability and maturity of out of the box security features. We mention Ron Ben Natan who proclaims in the study [6] that database security must be implemented as part of a defense-in-depth strategy, to make sure that even if multiple layers are compromised, no significant damage will occur He does not focus on a specific database brand, but rather provides a general view on the topic. From the pool of literature on database security we extracted user administration, authorization, authentication, password security, securing communication, encryption, auditing and log management to be common out of the box security features for research on NoSQL database system security. Neo4J was selected to be covered by the set of candidates for the research step in our ongoing project
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: American Journal of Information Science and Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
