The NoSQL database is a product of the 21st century desire to deliver increasingly fast, always-on digital experiences. Where traditional, so-called ‘relational’ databases require predictable, structured data, NoSQL (Not-Only-SQL) provides an extremely dynamic and cloud-friendly way for organisations to manage real-time, unstructured data. However, unlike traditional databases, which are almost always located on premises, some of the first NoSQL databases were exposed to the internet by default. This simple setup configuration has subsequently led to users of some of the most popular NoSQL databases falling victim to catastrophic ransomware attacks and reputation-crushing database leaks.
For example, in late 2017, reports suggested that tens of thousands of publicly-facing NoSQL databases had been accessed and held to ransom, with some even wiped when users failed to pay up. More recently, cybersecurity researchers have continued to find troves of sensitive data laying unprotected in open databases. In September 2018, an unsecured database belonging to a Californian email marketing company leaked 11 million users’ personal data, including names, email addresses and physical addresses. And it hasn’t taken long for 2019 to see some potentially devastating leaks either; 202 million job-seekers in China had their CVs leaked by an unencrypted database, whilst smart doorbell company Ring was recently found to be giving access to every single customer’s camera footage to its R&D team – all because the company had not properly considered its security practices.
It’s no surprise that the volume of database leaks has garnered apprehension, but it would be wrong to write off NoSQL databases as fundamentally insecure. In truth, the issues primarily come down to user error and poor database design – two things that can be tackled. As long as vendors implement secure-by-default features and users follow security best practices, NoSQL databases are just as secure as their predecessors.
The proof is in the

View Entire Article on