Yes, NoSQL Can Be Secure

Yes, NoSQL Can Be Secure

Posted on October 28, 2016 0 Comments

With another database breach in the news it’s a good time to stop and think about our obligations to our users. Companies are striving to build services that adapt quickly to customer needs, market shifts, and technology innovations. That’s great for customers and they’ve come to expect it. Customers also expect their information to be kept secure and private. All too often these days, we’re seeing that this second expectation goes unmet. In a number of cases, companies have unwittingly compromised security and privacy in an attempt to increase agility.

Agility and Security: Better Together

The key is, in 2016, there is no reason to trade off one for the other. Applying proven technologies and well-known best practices can significantly raise the security bar. Unfortunately, what we’re seeing time and time again, is that the hackers don’t have to work very hard. They don’t need to create complex malware to break these systems, they look for low hanging fruit. They find the systems that have been misconfigured, use weak technologies, or violate other well-known security practices.

The notion of a “minimum viable product” is an important and powerful one. It’s a way of zeroing in on what customers do (and don’t) want with minimal time/effort. Ultimately it can lead to better results faster — even though the initial offering may be fairly bare-bones. One thing we have to remember, though, is that protecting customer security and privacy is always a requirement and this is not truer anywhere than at the database level where all of this information is stored.

When building new features or deploying new services, DevOps teams need to incorporate security best practices and proven technologies into their everyday practices – it can’t be an afterthought. When it is an afterthought bad things can happen. First of all, afterthoughts sometimes just fall off the list. It’s a shame to see another report of a major breach because of a misconfigured database. The second problem is that when security is bolted on after the fact, it is much more likely that there will be noticeable gaps.

We feel very strongly about this at MarkLogic. Trillions of dollars’ worth of financial information flows through MarkLogic, as does healthcare information, and information relating to the security of individuals and nations. Moreover, MarkLogic is the place where people integrate data from dozens of siloes across their organizations. Each of those siloes carries sensitive information and MarkLogic is entrusted to hold and protect all of it. We take that responsibility very seriously which is why we are the only Common Criteria-certified NoSQL database in the market.

Don’t give up on security and privacy in the interests of speed and agility. You can have both.

For More Information

Introduction to Security

An interactive chapter from our User Guide giving an overview of MarkLogic security.

The Security DatabaseAn 8-minute tutorial that lets you learn about the role of the Security database within a MarkLogic cluster.Security in MarkLogic 9Announcement on new security features in MarkLogic 9.

Joe Pasqua

Joe Pasqua brings over three decades of experience as both an engineer and a leader. He has personally contributed to several game changing initiatives including the first personal computer at Xerox, the rise of RDBMS in the early days of Oracle, and the desktop publishing revolution at Adobe. In addition to his individual contributions, Joe has been a leader at companies ranging from small startups to the Fortune 500.

Most recently, Joe established Neustar Labs which is responsible for creating strategies, technologies, and services that enable entirely new markets. Prior to that, Joe held a number of leadership roles at Symantec and Veritas Software including VP of Strategy, VP of Global Research, and CTO of the $2B Data Center Management business.

Joe’s technical interests include system software, knowledge representation, and rights management. He has over 10 issued patents with others pending. Joe earned simultaneous Bachelor of Science Degrees in Computer Science and Mathematics from California Polytechnic State University San Luis Obispo where he is a member of the Computer Science Advisory Board.

Comments

Comments are disabled in preview mode.
Topics

Sitefinity Training and Certification Now Available.

Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.

Learn More
Latest Stories
in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

Loading animation