Data security as a top priority in the digital world: preserve data value by being proactive and thinking security first

TL;DR

This paper emphasizes the importance of proactive data security in data management systems, especially NoSQL, highlighting vulnerabilities and advocating for continuous, dynamic security assessments to protect digital environments.

Contribution

It critically examines the limitations of traditional vulnerability registries and advocates for dynamic security inspections tailored for modern data management systems.

Findings

High vulnerability levels in NoSQL databases.

Traditional registries may be insufficient for security.

Need for continuous security monitoring.

Abstract

Today, large amounts of data are being continuously produced, collected, and exchanged between systems. As the number of devices, systems and data produced grows up, the risk of security breaches increases. This is all the more relevant in times of COVID-19, which has affected not only the health and lives of human beings' but also the lifestyle of society, i.e., the digital environment has replaced the physical. This has led to an increase in cyber security threats of various nature. While security breaches and different security protection mechanisms have been widely covered in the literature, the concept of a primitive artifact such as data management system seems to have been more neglected by researchers and practitioners. But are data management systems always protected by default? Previous research and regular updates on data leakages suggest that the number and nature of these vulnerabilities are high. It also refers to little or no DBMS protection, especially in case of NoSQL, which are thus vulnerable to attacks. The aim of this paper is to examine whether traditional vulnerability registries provide a sufficiently comprehensive view of DBMS security, or they should be intensively and dynamically inspected by DBMS owners by referring to Internet of Things Search Engines moving towards a sustainable and resilient digitized environment. The paper brings attention to this problem and makes the reader think about data security before looking for and introducing more advanced security and protection mechanisms, which, in the absence of the above, may bring no value.