NoSQL (Not Only SQL) – a technology for storing and accessing data, which has become very fashionable in start-ups involved in the development of interactive web applications, and enterprises have to deal with vast amounts of information. The primary reason for its popularity is that it allows higher levels of scalability and availability, as well as more rapid access to data as compared with standard relational database management systems (RDBMS), e.g., such as Oracle MySQL and Microsoft SQL Server.
Data stored in the RDBMS, should be predictable and have a certain structure so that they can be stored in tabular form, wherein data from different tables are interrelated in a certain way. NoSQL does not have to follow a certain logical structure. If the performance of, or access to real-time are more important than the sequence, for example, in the case of indexing and access to a large number of records, NoSQL system is more suitable than relational databases. The data will also be easier to store on multiple dedicated servers, providing an increased level of fault tolerance and scalability. Companies such as Google and Amazon use their own NoSQL database allowing the use of cloud technology.
Despite all the benefits of storing data in a database NoSQL, NoSQL on security negatively affects the need for quick and easy access to data. In order to store data that is considered safe, the database must ensure the confidentiality, integrity and availability (CIA). Corporate DB RDBMS provide these functions (CIA) with integrated security features such as access control, role-based data encryption, support for access control to the line and the field, as well as access control through access rights to stored procedures at the user level. RDBMS database also have a set of properties ACID (atomicity, consistency, isolation, durability), which guarantee reliable processing of database transactions, replication and recording transactions in the journal ensure the reliability and integrity. These features increase the time required to access large amounts of data, so they do not occur in databases such as NoSQL.
In order to provide faster access to NoSQL database, it is created with a small number of security features. They have the so-called set of properties BASE (basically available, soft state, eventually consistent); instead of supporting the requirement of the sequence after each transaction, the database just need to eventually achieve consistent state. For example, when users view data, such as the number of elements, they can see the last image data, rather than the current state. Because the transactions are written to the database immediately, there is the possibility of mutual intersection of concurrent transactions. This characteristic match, where users may not necessarily visible to the same data at the same time implies that NoSQL database could never be used for a processing of financial transactions.
In NoSQL, privacy and data integrity is lacking in databases. Since NoSQL databases is no logical structure to access the table, the column or row cannot be separated. It can also give rise to multiple copies of the same data. This can make it difficult to maintain consistency of data, in particular because the changes in the set of tables cannot be combined in a single transaction where the logic of insert, update, or delete is performed in general.
Since there are more than 20 different implementations of NoSQL, the lack of standards also increases the difficulty of maintaining data security. Confidentiality and integrity of data must rely entirely on the application that accesses data in NoSQL. It’s bad when the last line of defense of any valuable data is at the application level. Application developers do not care to implement different security features and new code usually means new bugs. Any requests made to the NoSQL database, to be forwarded, filtered and validated, while the database itself must constantly live in a protected environment.
It is interesting that now in some NoSQL projects begin to return the security features inherent in computer RDBMS. For example, Oracle has included operational control over the data being written to a single node.
If the key requirements of the organization to the database are scalability and availability, the NoSQL system may be the right choice for certain data-sets. However, systems architects should carefully consider their requirements for security, confidentiality and integrity of the database before choosing NoSQL. The absence of a NoSQL security features, namely, support for authentication and authorization, means that sensitive data is best stored in a standard RDBMS.