NoSQL's layered approach to big data security
If you expect Big Data to become the driving force that will give impetus to the development of your business, then the issue of ensuring the security of this Big Data should become one of your main priorities - and by and large this is not a sensation. But how is this defense most effective?
The development of big data is dictated by the need for new technologies, and accordingly - for new, more reliable security tools that can meet the requirements for performance and scalability, due to the huge increase in data volumes.
It's no secret that the growth of big data is and will continue to be explosive in nature; according to IDC's forecast, by 2020 the world will generate about 44 trillion gigabytes of data annually. One of the results of these trends was the emergence of NoSQL technology - a hybrid database consisting of traditional SQL schemes and dynamic alternative structures, with the result that the database supports work with a wide variety of data types, while providing optimal flexibility.
')
All this makes the NoSQL technology very attractive for many enterprises, but at the same time the requirements for NoSQL from the point of view of data security increase.
Security in NoSQL databases must be implemented at several different levels, with the foundation of the security system must include encryption and tokenization technologies. When security is tied directly to the data, other elements of the security system in the organization may fail, but confidential data will not be compromised.
Customers working with the NoSQL database have several different ways to add encryption and tokenization. Most often, organizations prefer to use encryption either at the file system level or at the application level. Let's try to explain why this is happening.
File system-level encryption is an extremely flexible and unobtrusive way to protect sensitive data in NoSQL databases. In such solutions, it is usually necessary to specify the files, folders, or network directories to be encrypted.
This approach allows organizations to group and share their data by level of importance, ensuring that only data where it is really necessary is protected. Less important data can be stored in folders that are not protected by encryption, which saves computational resources and limits the complexity of the used infrastructure.
With such data protection, encryption solutions can add additional control mechanisms, limiting data access for specific users, groups, or other parameters. As an added advantage, when organizing protection at the folder or network directory level, you can encrypt almost any file and object — it doesn't matter whether it is an image, a database or a docker container.
Encryption at the file system level is an extremely flexible and unobtrusive way to protect files on the way to storage, while this approach allows you to protect data of various types - from images and logos to databases and mail archives. Since encryption is performed directly at the time of data creation, this allows you to protect data until other restrictions appear.
For example, encrypting data in an application can be an ideal way to protect individual database fields without changing the database architecture itself. When encrypting at this level, information is not stored or transmitted in unencrypted form under any conditions, which allows the organization to significantly reduce the surface of a potential attack.
By protecting data at this point, organizations can use tokenization instead of encryption in order to “obfuscate” the data before putting it in storage.
In some cases, regulatory compliance forces the customer to implement security solutions, although in reality he would simply like to fulfill the requirements of the PCI DSS standard for his database. In this case, tokenization technology can be an excellent alternative, which will allow you to fulfill these requirements without additional load on the infrastructure, usually inherent in encryption.
Obligations to comply with regulatory and regulatory requirements are one of the key factors that force NoSQL to encrypt databases. Often, encryption is a prerequisite for protecting important user data. However, the need for encryption is not limited to just one tick in the corresponding reporting.
As we have seen in the case of hacking by TeamGhostShell with poorly configured MongoDB databases, even with plausible intentions, users can make mistakes - and this is quite natural, because we are all human, and it is natural for us all to make mistakes. But since we are dealing with solutions for Big Data - any mistake, even made for understandable and understandable reasons, can lead to the compromise of huge amounts of important information.
As part of its expanding partner ecosystem, Gemalto is working with Couchbase to develop NoSQL database security solutions that can scale with growing customer needs when processing Big Data.
By developing, together with Couchbase, a portfolio of solutions that act at different stages of data life, from creation to storage, we hope to make security easier and more convenient by offering optimal protection methods.
Whatever the needs of customers - to provide universal comprehensive protection by encrypting at the file system level, or introduce tokenization for instant data protection at the level of individual applications, users should have a choice.
Encryption and tokenization are important elements for data protection, since they allow you to bind the protection directly to the data, so that in the event of a leak (due to a hacker attack or actions of privileged users), important information will not be compromised.
Companies that analyze their data and their locations, implement security mechanisms to protect this data, and then centrally manage encryption keys, will be able to take advantage of the Big Data revolution, and will not flicker in newspaper headlines due to unpleasant incidents.
The development of big data is dictated by the need for new technologies, and accordingly - for new, more reliable security tools that can meet the requirements for performance and scalability, due to the huge increase in data volumes.
It's no secret that the growth of big data is and will continue to be explosive in nature; according to IDC's forecast, by 2020 the world will generate about 44 trillion gigabytes of data annually. One of the results of these trends was the emergence of NoSQL technology - a hybrid database consisting of traditional SQL schemes and dynamic alternative structures, with the result that the database supports work with a wide variety of data types, while providing optimal flexibility.
')
All this makes the NoSQL technology very attractive for many enterprises, but at the same time the requirements for NoSQL from the point of view of data security increase.
Security in NoSQL databases must be implemented at several different levels, with the foundation of the security system must include encryption and tokenization technologies. When security is tied directly to the data, other elements of the security system in the organization may fail, but confidential data will not be compromised.
Customers working with the NoSQL database have several different ways to add encryption and tokenization. Most often, organizations prefer to use encryption either at the file system level or at the application level. Let's try to explain why this is happening.
Securing NoSQL at the file system level
File system-level encryption is an extremely flexible and unobtrusive way to protect sensitive data in NoSQL databases. In such solutions, it is usually necessary to specify the files, folders, or network directories to be encrypted.
This approach allows organizations to group and share their data by level of importance, ensuring that only data where it is really necessary is protected. Less important data can be stored in folders that are not protected by encryption, which saves computational resources and limits the complexity of the used infrastructure.
With such data protection, encryption solutions can add additional control mechanisms, limiting data access for specific users, groups, or other parameters. As an added advantage, when organizing protection at the folder or network directory level, you can encrypt almost any file and object — it doesn't matter whether it is an image, a database or a docker container.
Securing NoSQL Application Level Security
Encryption at the file system level is an extremely flexible and unobtrusive way to protect files on the way to storage, while this approach allows you to protect data of various types - from images and logos to databases and mail archives. Since encryption is performed directly at the time of data creation, this allows you to protect data until other restrictions appear.
For example, encrypting data in an application can be an ideal way to protect individual database fields without changing the database architecture itself. When encrypting at this level, information is not stored or transmitted in unencrypted form under any conditions, which allows the organization to significantly reduce the surface of a potential attack.
By protecting data at this point, organizations can use tokenization instead of encryption in order to “obfuscate” the data before putting it in storage.
In some cases, regulatory compliance forces the customer to implement security solutions, although in reality he would simply like to fulfill the requirements of the PCI DSS standard for his database. In this case, tokenization technology can be an excellent alternative, which will allow you to fulfill these requirements without additional load on the infrastructure, usually inherent in encryption.
Obligations to comply with regulatory and regulatory requirements are one of the key factors that force NoSQL to encrypt databases. Often, encryption is a prerequisite for protecting important user data. However, the need for encryption is not limited to just one tick in the corresponding reporting.
As we have seen in the case of hacking by TeamGhostShell with poorly configured MongoDB databases, even with plausible intentions, users can make mistakes - and this is quite natural, because we are all human, and it is natural for us all to make mistakes. But since we are dealing with solutions for Big Data - any mistake, even made for understandable and understandable reasons, can lead to the compromise of huge amounts of important information.
As part of its expanding partner ecosystem, Gemalto is working with Couchbase to develop NoSQL database security solutions that can scale with growing customer needs when processing Big Data.
By developing, together with Couchbase, a portfolio of solutions that act at different stages of data life, from creation to storage, we hope to make security easier and more convenient by offering optimal protection methods.
Whatever the needs of customers - to provide universal comprehensive protection by encrypting at the file system level, or introduce tokenization for instant data protection at the level of individual applications, users should have a choice.
Encryption and tokenization are important elements for data protection, since they allow you to bind the protection directly to the data, so that in the event of a leak (due to a hacker attack or actions of privileged users), important information will not be compromised.
Companies that analyze their data and their locations, implement security mechanisms to protect this data, and then centrally manage encryption keys, will be able to take advantage of the Big Data revolution, and will not flicker in newspaper headlines due to unpleasant incidents.
Source: https://habr.com/ru/post/311666/
All Articles