An insightful view on security and performance of NoSQL databases

Abstract

The recent advancement in cloud computing and distributed web applications has created the need to store large amount of data in distributed databases that provide high availability and scalability. Due to this problem, in recent years, a non-relational database is needed to scale the growing need of industry and at the same time, must be highly efficient. This gave rise to NoSQL databases which are highly scalable and can store large amount of data. NoSQL databases are- ‘Not Only SQL’ databases and supports almost all the SQL features in addition to several other features. NoSQL is completely schema less and can store any kind of data. A large amount of data is stored in these databases every day, including sensitive data. Security of this sensitive data is an area of concern. Research looked into the security aspect of the top three open source NoSQL databases which are Mongo DB, Cassandra, and Redis. In this research, surprisingly, it has been found that data file encryption is missing in all three databases. Cassandra and Mongo DB are safe from Injection attacks, but there are many other ways to get into these databases and access the data at backend. Researchers provided useful methods to enhance the security for these databases and also evaluated the performance, after improvement in security.