As More companies’ debate on adopting a Big Data Solution. Some of the discussion that comes across is whether to use Hadoop or Spark, NoSQL database or continue using their current RDBMS. The ultimate question is “is this technology for us?” NoSQL database are highly scalable, provide better performance, designed to store and process a significant amount of unstructured data at a speed 10 times faster than RDBMS, high availability and strong fail over capabilities. So why hesitate to use a NoSQL database.
Security is a major concern for IT Enterprise Infrastructures. Security in NoSQL databases is very weak, Authentication and Encryption is almost nonexistence or is very weak when implemented. The following are security issues associated with NoSQL databases:
- Administrative user or authentication is not enabled by default.
- It has a very weak password storage
- Client communicates with server via plaintext(MongoDB)
- Cannot use external encryption tools like LDAP, Kerberos etc
- Lack of encryption support for the data files
- Weak authentication both between client and the servers
- Vulnerability to SQL injection
- Denial of service attacks.
- Data at rest is Unencrypted.
- The Available encryption solution isn’t production ready
- Encryption isn’t available for client communication.
With all this security problems, it best to understand that NoSQL databases are still new technologies and more security enhancements will be added to newer version. Enterprise package Cassandra tools provided by companies like Datastax does have more security enhancements and hence is more secure and provide companies with all the security needed.
Datastax enterprise provides:
- Client to node encryptions for Cassandra which includes an optional, secure form of communication from client machine to database cluster. Client to server SSL. This ensures that data is not compromised inflight.
- Administrators can create, drop and alter internal users using CQL that are authenticated to Cassandra database cluster
- Permissions can be granted to user to perform certain task after their initial authentication
- JMX authentication can be enabled and tools such as nodetool and Datastax OpsCenter can be configured to use this authentication
- Ability Configure and use external Security tools like Kerberos
- Provides a Transparent data encryption (TDE) to help protect at rest data. (At rest data is data that has been flushed from the memtable in system memory to the SSTables on disk)