We’ve joined forces with Smartlogic to reveal smarter decisions—together.

Yes, NoSQL Can Be Secure

With another database breach in the news it’s a good time to stop and think about our obligations to our users. Companies are striving to build services that adapt quickly to customer needs, market shifts, and technology innovations. That’s great for customers and they’ve come to expect it. Customers also expect their information to be kept secure and private. All too often these days, we’re seeing that this second expectation goes unmet. In a number of cases, companies have unwittingly compromised security and privacy in an attempt to increase agility.

Agility and Security: Better Together

The key is, in 2016, there is no reason to trade off one for the other. Applying proven technologies and well-known best practices can significantly raise the security bar. Unfortunately, what we’re seeing time and time again, is that the hackers don’t have to work very hard. They don’t need to create complex malware to break these systems, they look for low hanging fruit. They find the systems that have been misconfigured, use weak technologies, or violate other well-known security practices.

The notion of a “minimum viable product” is an important and powerful one. It’s a way of zeroing in on what customers do (and don’t) want with minimal time/effort. Ultimately it can lead to better results faster — even though the initial offering may be fairly bare-bones. One thing we have to remember, though, is that protecting customer security and privacy is always a requirement and this is not truer anywhere than at the database level where all of this information is stored.

When building new features or deploying new services, DevOps teams need to incorporate security best practices and proven technologies into their everyday practices – it can’t be an afterthought. When it is an afterthought bad things can happen. First of all, afterthoughts sometimes just fall off the list. It’s a shame to see another report of a major breach because of a misconfigured database. The second problem is that when security is bolted on after the fact, it is much more likely that there will be noticeable gaps.

We feel very strongly about this at MarkLogic. Trillions of dollars’ worth of financial information flows through MarkLogic, as does healthcare information, and information relating to the security of individuals and nations. Moreover, MarkLogic is the place where people integrate data from dozens of siloes across their organizations. Each of those siloes carries sensitive information and MarkLogic is entrusted to hold and protect all of it. We take that responsibility very seriously which is why we are the only Common Criteria-certified NoSQL database in the market.

Don’t give up on security and privacy in the interests of speed and agility. You can have both.

For More Information

Introduction to Security

An interactive chapter from our User Guide giving an overview of MarkLogic security.

The Security Database An 8-minute tutorial that lets you learn about the role of the Security database within a MarkLogic cluster.
Security in MarkLogic 9 Announcement on new security features in MarkLogic 9.

Joe Pasqua - Executive Vice President, Products | MarkLogic

Joe Pasqua brings over three decades of experience as both an engineer and a leader. He has personally contributed to several game changing initiatives including the first personal computer at Xerox, the rise of RDBMS in the early days of Oracle, and the desktop publishing revolution at Adobe. In addition to his individual contributions, Joe has been a leader at companies ranging from small startups to the Fortune 500.

Most recently, Joe established Neustar Labs which is responsible for creating strategies, technologies, and services that enable entirely new markets. Prior to that, Joe held a number of leadership roles at Symantec and Veritas Software including VP of Strategy, VP of Global Research, and CTO of the $2B Data Center Management business.

Joe’s technical interests include system software, knowledge representation, and rights management. He has over 10 issued patents with others pending. Joe earned simultaneous Bachelor of Science Degrees in Computer Science and Mathematics from California Polytechnic State University San Luis Obispo where he is a member of the Computer Science Advisory Board.

Start a discussion

Connect with the community




Most Recent

View All

Unifying Data, Metadata, and Meaning

We're all drowning in data. Keeping up with our data - and our understanding of it - requires using tools in new ways to unify data, metadata, and meaning.
Read Article

How to Achieve Data Agility

Successfully responding to changes in the business landscape requires data agility. Learn what visionary organizations have done, and how you can start your journey.
Read Article

Scaling Memory in MarkLogic Server

This not-too-technical article covers a number of questions about MarkLogic Server and its use of memory. Learn more about how MarkLogic uses memory, why you might need more memory, when you need more memory, and how you can add more memory.
Read Article
This website uses cookies.

By continuing to use this website you are giving consent to cookies being used in accordance with the MarkLogic Privacy Statement.