Another data breech.
A billion accounts this time.
If the security of your internal databases wasn't on your mind before, it should be now.
NoSQL = No Injection, Right?
We've written about the benefits of a NoSQL database. Does having a NoSQL database also include the benefit of being safe from SQL injection attacks like Little Bobby Tables?
Using NoSQL Securely
Between data injections and other security issues, NoSQL has a reputation for being less secure than a more traditional SQL database. Some of that is due to NoSQL's open-source heritage. Some of that is due to NoSQL being a younger and less mature technology.
However, we don't believe wanting to use a NoSQL database means you have to give up security. It's just a matter of choosing the right NoSQL product.
One of our requirements while searching for a NoSQL solution to offer clients was that the product have security features equalling traditional SQL options. That search led us to MarkLogic.
Let's look at the security-related features of MarkLogic:
Authentication is the starting point for all other security configurations. Authentication validates the identity of a user and consults the database to find out what privileges that user has.
In the traditional SQL server world you'd have a database schema and map user permissions to the table, column or row level.
Encryption scrambles data so that it's not readable by someone who gets access to it outside the context of your application. That threat may be from an outsider trying to grab the data while it's being transferred from the database to the application. Or the threat may be internal, with a rogue employee trying to access data sitting on a physical drive.
Audits aren't a way to prevent hacker attacks.
Rather, they help you identify suspicious activity quickly. Audits can highlight spikes of traffic from unknown IP addresses. Or they can flag you when highly secure data is accessed more often than normal.
MarkLogic has a robust auditing function designed to keep auditors, regulators, and security professionals happy.
Have you heard of Common Criteria?
Common Criteria is an internationally recognized standard (ISO/IEC 15408) used by governments and other organizations to assess the security capabilities of technology products. Under Common Criteria, products are evaluated according to strict standards for various features, such as security functionality and the handling of security vulnerabilities.MarkLogic.com
Earlier in 2016 MarkLogic earned the only Common Criteria spot for an Enterprise NoSQL Database.
Need more info to make the MarkLogic sale internally? Here's their Security Datasheet (.pdf)
A Bit Pitchy?
It's true - this has been a bit of a sales pitch. But we read the same news every day as you do. We get frustrated when companies don't take the security of our personal data seriously. As a vendor in the technology space we had to figure out - what could we do to make sure the next news story wasn't about something we built?
We made security a priority. We let that guide the choice of the tools we would use. We evaluated the NoSQL options, and chose MarkLogic. We have other ideas for how to keep your data secure. Give us a call. We'll talk about them.