Chapter 11. Security: protecting data in your NoSQL systems
This chapter covers
- NoSQL database security model
- Security architecture
- Dimensions of security
- Application versus database-layer security trade-off analysis
Security is always excessive until it’s not enough.
Robbie Sinclair
If you’re using a NoSQL database to power a single application, strong security at the database level probably isn’t necessary. But as the NoSQL database becomes popular and is used by multiple projects, you’ll cross departmental trust boundaries and should consider adding database-level security.
Organizations must comply with governmental regulations that dictate systems, and applications need detailed audit records anytime someone reads or changes data. For example, US health care records, governed by the Health Information Privacy Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH Act) regulations, require audits of anyone who has accessed personally identifiable patient data.