Analysis of Standard Security Features for Selected NoSQL Systems

Abstract

NoSQL solutions have recently been gaining significant attention because they address some of the inefficiencies of traditional database management systems. NoSQL databases offer features such as performant distributed architecture, flexibility and horizontal scaling. Despite these advantages, there is a vast quantity of NoSQL systems available, which differ greatly from each other. The resulting lack of standardization of security features leads to a questionable maturity in terms of security. What is therefore much needed is a systematic lab research of the availability and maturity of the implementation of the most common standard database security features in NoSQL systems, resulting in a NoSQL security map. This paper summarizes the first part of our research project trying to outline such a map. It documents the definition of the standard security features to be investigated based on a literature review in the area of standard database security. After selection of OrientDB, Redis, Cassandra and MongoDB as initial representatives of commonly used NoSQL systems, a description of systematic investigation of standard database security features for each of these four systems is given. All findings are summarized in tables for quick and easy comparison. We conclude that systems investigated need better default configurations and should enable their security features per default. Finally, we provide an outlook to the next steps of researching a security map for NoSQL systems.