Thales Blog

Five Reasons to Secure Your NoSQL Deployments

June 25, 2015

Don Pinto - Couchbase Don Pinto - Couchbase | More About This Author >

5 reasons for using encryption with couchbaseRecently, NoSQL databases have become very popular across enterprises and many of them are choosing Couchbase to power their web, mobile, and IoT applications. As more and more companies adopt NoSQL, the amount of sensitive data stored in these repositories is also rising. Typically, it is a standard practice for enterprises to put the database behind a firewall, and implement extensive security controls. But these technologies alone cannot protect an organization from data breaches and data leakage.

ClickToTweet: 5 Reasons to Secure NoSQL deployments @NoSQLDon

Below are five reasons why you might consider using encryption with Couchbase:

  1. Encryption protects sensitive data. Cyber thieves today are increasingly sophisticated, and are always looking for ways to steal sensitive data. From customer profiles, to private session information, payment/booking metadata, protected healthcare information and more - is all getting stored and served out of Couchbase. This kind of data is a prized asset for any enterprise, and needs to be protected. Without proper handling, it can fall in the hands of highly skilled cyber criminals and malicious insiders who can steal the data for economic or even political gain. This is where encryption comes to the rescue and is necessary.  File and volume level encryption with access controls can easily limit access to the data store to just the Couchbase application, and exclude all other system-level users.
  2. Provides separation of concerns. With encryption done right, the encryption keys are typically isolated from the encrypted data, thus reducing the threat of insider attacks. You can  decrypt the data only if you have the key. With applications, where you might need granular control to strictly enforce need-to-know or least privilege, you can use application level encryption to encrypt different attributes with different keys, and ensure that the keys can be accessed only by the intended users who have privileges to decrypt and read the attributes.
  3. Protects data in motion, and at rest. Big data infrastructures are large and complex. When traditional infrastructure security is used to secure these deployments, they create problems, leaving security gaps throughout the data ecosystem. Today’s mega-breaches exploit those gaps. The solution: encrypt the data at rest and in motion. Data protection should travel with the data. Data sources and sinks should be encrypted along with data in-transit that flows between them.
  4. Preserve both Performance and Security. For some applications, performance is everything and in these cases security is commonly discounted. But what if you could get both - performance and security? There is no magic bullet but by selectively encrypting your data you can minimize the performance impact to your application. In addition, modern encryption solutions that use the hardware-based acceleration built into today's CPUs can also come to the rescue here - minimizing the overhead from encryption to the point where it can be hard to measure. You can also use data masking, or format-preserving tokenization to keep your data app friendly, and yet yield nothing of value to the thieves, if it gets leaked.
  5. Delivers regulatory compliance and risk reduction. Almost all regulatory compliance regulations call for using encryption as a mechanism to protect sensitive data, and usually also specify access control requirements to encrypted data. This significantly reduces the risk of data theft, along with the ongoing assurance of compliance with data privacy regulations.

Vormetric's Data Security platform for Couchbase offers all the tools you need to encrypt and control access to your sensitive data. With zero changes to your application, you can transparently encrypt your data at rest. This combined with application level encryption can minimize the attack surface of your application and improve its security. For more information, please go to