Enterprise Semantics - The Cambridge Semantics Blog

« Back

NoSQL Equals NoSecurity: Sometimes

NoSQL Equals NoSecurity Over at InformationWeek, Michael Davis wrote an impassioned post lambasting the lack of proper security in the NoSQL World.

Clearly, the developers driving the NoSQL bus just don't get it. The only thing we've gotten from years of pushing to secure Hadoop and other big data technologies is integration with authentication frameworks such as Kerberos. Excuse us if we don't swoon with gratitude.

As technologies like Hadoop and NoSQL go mainstream, this situation must be addressed.

His big concern is that people use NoSQL to store and manage financial data, such as transactions, which occur in volumes too large to be effectively managed by traditional database technologies.

I've written about this kind of issue before in What Happened to NoSQL for the Enterprise. Developers are using NoSQL systems to solve specific problems, but leave lots of traditional database features on the table to make that bargain. To get to significant scale and easy cluster management, they give up on transactions or, in this case, security.

Proper security is not only tricky to implement, but typically has a performance cost.  This cost goes against the main reason to use NoSQL databases: blazing scale and performance. What Michael identifies is that as soon as you start storing sensitive information—personal data on customers, financial information, medical data—you shouldn't make this bargain. And I agree.

As I've said before, Semantic Web technologies represent a very interesting NoSQL solution for the enterprise exactly because they don't jettison database best practices in order to get NoSQL benefits. Anzo, for example, supports transactions, logging, data provenance, encryption, fact-level security (think cell-level), etc. And we're not alone in this space. Revelytix has done a great deal of work at the US DoD, for example, and the DoD certainly takes security seriously.

There are certainly lots of applications where this is not important. But we can't just ignore security requirements to play with trendy technologies. For enterprises looking for serious alternatives to SQL systems—especially where flexibility and the ability to use unstructured data are concerned—Semantic Web systems represent the most mature databases around today.

Comments
Trackback URL:

No comments yet. Be the first.

Subscribe

Semantic Technology Links