What is “Data-at-Rest“ ?
A Deep Dive into NoSQL Databases: The Use Cases and Applications
Neha Gupta, Rashmi Agrawal, in Advances in Computers, 2018
1.1.5 Protection of Data at Rest and in Motion
Data at rest means data that has been flushed out from the memory and written to the disk. Data in motion means data that is in communication or is being exchanged during a communication. Data in motion is categorized into two categories:
(a)
Client-node communication
(b)
Internode communication
Most of the NoSQL databases do not employ any technique to protect the data at rest. Only a few provide encryption mechanisms to protect data. To safeguard the data in storage, encryption techniques are used and are referred as de facto standards of encrypted data. Encryption makes the data unintelligible [8] and hence of no use to malicious intruder. Most of the industry solutions lack horizontal scaling while offering encryption services.
The popular NoSQL databases offer following encryption services for protection of data.
1.
Data at Rest:
(a)
Cassandra uses TDE (Transparent Data Encryption) technique to protect data at rest. This feature helps to protect data at rest. This feature helps to protect sensitive data. In Cassandra databases, encryption certificates are stored locally, so a secured file system is required to implement TDE. Also the commit log of Cassandra Database is not encrypted, which also leads to breach of security.
(b)
MongoDB does not provide any method to encrypt the data file. Data files can be encrypted at the application layer before writing the data to the database which require strong system security.
2.
Data in Motion:
(a)
Client-node communication: This is not encrypted in Cassandra. Encryption is done by generating valid server certificates at the SSL layer.
MongoDB does not support SSL client-mode communication. To encrypt the data using SSL client-node communication, MongoDB needs to recompile by configuring SSL communication.
(b)
Internode communication: Cassandra doesn’t support encrypted internode communication.
Using Cassandra.yaml file, Server encryption options can be edited to configure internode SSL communication. MongoDB doesn’t supports internode communication at all.