Many organizations use open-source databases (such as MySQL and PostgreSQL) and NoSQL databases (such as MongoDB, Cassandra, and others). In recent years, organizations have used these databases for mission-critical production environments. For example, software-as-a-service providers often leverage the technology to stay on the cutting edge while more traditional enterprises in finance, healthcare, and education use it to support analytics.
But how can organizations approach security for these technologies?
A Codemotion report highlighted common open-source security issues and the importance of a “secure by design” strategy, utilizing best practices such as:
- securing passwords
- designing with least privilege
- sanitizing inputs
- avoiding misconfiguration
- adopting version control
How Data Storage Can Enhance Open-source Data Security
Security should be always-on, invisible to the user, and without performance impact or required management. Purity data services continuously protect data at rest with encryption that’s built-in, always-on, and always in-line. There’s no impact on performance, no administrative overhead, and no key management. Pure accomplishes this while providing impact-free, AES-256 data-at-rest encryption.
The Pure Storage data platform is:
- Federal Information Processing Standards (FIPS) 140-2 certified
- National Institute of Standards and Technology (NIST) compliant
- National Information Assurance Partnership (NIAP)/Common Criteria validated
- Payment Card Industry Data Security Standard (PCI-DSS) compliant
Pure also helps streamline GDPR compliance and offers (in partnership with Thales) full pathway encryption with data reduction.
Ransomware Protection for Open Source Technologies
Protecting data against a ransomware attack is one of the biggest concerns of CIOs and CISOs. Using the Pure Storage Ransomware Assessment tool, you can assess your organization’s risk and be better prepared to safeguard your backups from attack.
If you find that your systems are at risk, Pure Storage SafeMode™ snapshots can help protect your data. SafeMode snapshots create immutable, read-only snapshots of backup data and associated metadata catalogs after a full backup. SafeMode snapshots are policy-based, so no one—from ransomware attackers to rogue admins—can delete, modify, or encrypt them. These space-efficient snapshots offer scalability as well as quick database recovery, cloning, and FlashArray’s six nines of proven availability.
For example, building a MongoDB replica set in Amazon Web Services (AWS) is easy. Lock the file system on the MongoDB node, copy the Pure Cloud Block Store™ volume, and connect the new volume to the replica set node. Then, simply start MongoDB and join the node to the replica set. Recovery from a failed node is just as simple: Lock the file system on one of the secondaries, copy the Pure Cloud Block Store volume, and connect it to the recovered node. Recovery is quick and easy, with no performance impact, no database stoppage, and no lengthy data copy over the network.
Secure Storage for Open-source Databases
Cybercriminals are quick to identify opportunities—from social engineering of employees to third-party attack vectors. Open-source databases have gained wide adoption and become targets for these criminals. Pure Storage agile data services can help complement open-source security strategies so your security teams can spend less time managing storage and more time addressing threats.
White Paper, 7 pages
Perfecting Cyber Resilience: The CISO Blueprint for Success
