Challenge: While migrating from a traditional relational database (RDB) to a Not Only Structured Query Language (NoSQL) database can do wonders for organizations struggling with high volumes of unstructured data, experts note. NoSQL databases severely lack security -- especially when it comes to transactional integrity, authentication and authorization mechanisms, susceptibility to injection attacks, consistency, and insider attacks.
Solution: To mitigate these risks, the Cloud Security Alliance suggests not only reviewing the security policies of middleware being leveraged, but also raising the security standards of the NoSQL up to those of an RDB. However, accomplishing this without compromising the performance of the NoSQL can be challenging.
Pairing data integrity -- through either the application or middleware layer -- with data encryption is one of the best ways to boost the security of the NoSQL and ensure that no direct access is possible.
Putting NoSQL within middleware or accessing NoSQL through a framework such as Hadoop will create a virtual secure layer around the perimeter of the database, effectively preventing data access. Hadoop also adds an extra layer of security with its inherent authentication features.
Alternately, organizations can deploy a middleware layer that surrounds the NoSQL database. Pairing this with encryption will provide even greater protection.