ISACA Journal - 2012 Volume 3

Steve markey is the principal of nControl, a consulting firm based in Philadelphia, Pennsylvania, USA. He is also an adjunct professor and the current president of the Delaware Valley (Greater Philadelphia) chapter of the Cloud Security Alliance (CSA). Markey holds multiple certifications and degrees, and has more than 11 years of experience in the technology sector. He frequently presents on information security, information privacy, cloud computing, project management, e-discovery and information governance.

A Primer on Nonrelational, Distributed
Databases for IS Professionals

A new paradigm is among us. Along with the cloud and mobile devices, nonrelational, distributed database management systems (non-RDBMS) are now growing in popularity. Examples of these database implementations include NoSQL (not only SQL) offerings such as Cassandra, CouchDB, FlockDB, GraphDB, Hibari, MongoDB and SimpleDB. Although non-RDBMS have been around for the better part of a decade, their popularity has grown to the point at which information systems professionals should become familiar with their architecture and use, how to assess their risk posture, and how to secure them. This article provides an overview of this technology, an idea of the security vulnerabilities inherently found in these technologies and guidance on how to remediate those vulnerabilities.

Do you have something to say about this article?

Visit the Journal pages of the ISACA web site ( www.isaca. org/journal), find the article, and choose the Comments tab to share your thoughts.

Go directly to the article:

nOn-rDbmS vALue-ADD
Once thought of as a technology solely for
academia, non-RDBMS are now reaching critical
mass in industry. Leading technology service
providers (e.g., Twitter) have begun to use
them, and individuals and companies consume
those provider offerings. 1 Non-RDBMS are
becoming the preferred database architecture for
organizations using Web 2.0 technologies due
to the open-source nature of these platforms,
which leads to cost savings because organizations
do not have to invest in traditional relational
database software licensing and/or local
hardware. Concurrently, large enterprises are
using non-RDBMS to augment their existing
RDBMS investments for storing and analyzing
big data. Big data, as defined through Oracle,
includes the aggregation of an organization’s
traditional, sensory (e.g., log data, metadata)
and social (media) data. 2 Beyond cost savings,
organizations can expect to experience enhanced
scalability, elasticity (called sharding3 in the
non-RDBMS world), modularity, portability
and interoperability while using non-RDBMS
platforms with Web 2.0 technologies, such as
Ruby on Rails (a Web 2.0 programming language
focused on dynamic content) or web services/
service-oriented architecture (SOA).