A Data Governance and Analytics-Enhanced Approach to Mitigating Cyber Threats in NoSQL Database Systems

Authors

  • Rohit Yallavula Data Governance Analyst Kemper, Dallas, TX, USA . Author
  • Ravindra Putchakayala Sr.Software Engineer U.S. Bank, Dallas, TX. Author

DOI:

https://doi.org/10.63282/3050-9246.IJETCSIT-V3I3P110

Keywords:

NoSQL Security, NoSQL Injection, Database Hardening, Access Control, Data Encryption, Threat Modeling, Data Governance, Data Analytics, AI, Java Script and Privacy

Abstract

NoSQL databases have transformed data management for modern applications but introduce unique cybersecurity challenges. This research comprehensively analyzes security threats specific to major NoSQL categories (document, key-value, wide-column, graph) based on technical data up to 2022. We identify critical vulnerabilities including NoSQL injection (NoSQLi), insecure configurations, access control flaws, and emerging risks in serverless and containerized environments. Technical analysis reveals 68% of MongoDB breaches originate from misconfigurations (Shodan, 2021), while NoSQLi incidents increased by 121% between 2019-2022 (OWASP data). We examine exploit mechanics such as JavaScript injection via $where operators and BSON deserialization attacks. The paper proposes a defense-in-depth framework incorporating CIS benchmarks, application-level encryption, and real-time query anomaly detection. Findings indicate that 43% of NoSQL deployments lack transport encryption, and 61% use default credentials in development environments. Mitigation strategies include strict schema validation, client-side field-level encryption, and SIEM integration. The research concludes with future directions including homomorphic encryption and formal query verification

Downloads

Download data is not yet available.

References

[1] Ahmad, M., Khan, S., & Ahmad, J. (2019). Security of NoSQL database against intruders. Recent Patents on Engineering, 13(1), 5–14. https://doi.org/10.2174/1872212112666180223123608

[2] Alotaibi, A. A., & Alotaibi, M. B. (2021). A survey on security issues in NoSQL databases. International Journal of Advanced Computer Science and Applications, 12(4), 544–551. https://doi.org/10.14569/IJACSA.2021.0120470

[3] Colombo, P., & Ferrari, E. (2015). Access control in document-oriented NoSQL databases. In 2015 IEEE 31st International Conference on Data Engineering (pp. 1291–1302). IEEE. https://doi.org/10.1109/ICDE.2015.7113367

[4] Colombo, P., & Ferrari, E. (2017). Towards virtual private NoSQL datastores. In 2017 IEEE 33rd International Conference on Data Engineering (pp. 1279–1290). IEEE. https://doi.org/10.1109/ICDE.2017.7963035

[5] Colombo, P., & Ferrari, E. (2018). Towards access control enforcement in NoSQL document stores. In 2018 IEEE 34th International Conference on Data Engineering (pp. 1279–1290). IEEE. https://doi.org/10.1109/ICDE.2018.00127

[6] Colombo, P., & Ferrari, E. (2020). Evaluating the effects of access control policies within NoSQL systems. Information Systems, 95, 101656. https://doi.org/10.1016/j.is.2020.101656

[7] Ferrari, E., & Colombo, P. (2016). Fine-grained access control within NoSQL document-oriented datastores. In 2016 IEEE 32nd International Conference on Data Engineering (pp. 1279–1290). IEEE. https://doi.org/10.1109/ICDE.2016.7498315

[8] Goel, K., & ter Hofstede, A. H. M. (2021). Privacy-breaching patterns in NoSQL databases. IEEE Access, 9, 35229–35239. https://doi.org/10.1109/ACCESS.2021.3062034

[9] Gupta, N., & Garg, D. (2020). Security issues and challenges in NoSQL databases: A survey. Journal of Information Security and Applications, 55, 102634. https://doi.org/10.1016/j.jisa.2020.102634

[10] Hou, B., Qian, K., Li, L., Shi, Y., Tao, L., & Liu, J. (2016). MongoDB NoSQL injection analysis and detection. In 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 75–78). IEEE. https://doi.org/10.1109/CSCloud.2016.21

[11] Okman, L., Gal-Oz, N., Gonen, Y., Gudes, E., & Abramov, J. (2011). Security issues in NoSQL databases. In 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (pp. 541–547). IEEE. https://doi.org/10.1109/TrustCom.2011.66

[12] Sahafizadeh, E., & Dyka, I. (2020). Security issues in NoSQL databases: A systematic literature review. Procedia Computer Science, 176, 145–154. https://doi.org/10.1016/j.procs.2020.09.017

[13] Sicari, S., Rizzardi, A., Miorandi, D., Cappiello, C., & Coen-Porisini, A. (2022). Security and privacy issues and challenges in NoSQL databases. Computer Networks, 206, 108828. https://doi.org/10.1016/j.comnet.2022.108828

[14] Zahid, A., Masood, R., & Shibli, M. A. (2016). Security of NoSQL databases against malicious insiders. In 2016 19th International Multi-Topic Conference on Computer Science and Information Technology (IMCONF) (pp. 1–6). IEEE. https://doi.org/10.1109/IMCONF.2016.7840267

[15] Zugaj, W., & Beichler, A. (2020). Analysis of standard security features for selected NoSQL systems. Journal of Computer Science Research, 2(3), 1–12. https://doi.org/10.30564/jcsr.v2i3.2187

Downloads

Published

2022-09-30

Issue

Vol. 3 No. 3 (2022)

Section

Articles

How to Cite

1.
Yallavula R, Putchakayala R. A Data Governance and Analytics-Enhanced Approach to Mitigating Cyber Threats in NoSQL Database Systems. IJETCSIT [Internet]. 2022 Sep. 30 [cited 2025 Nov. 21];3(3):90-100. Available from: https://ijetcsit.org/index.php/ijetcsit/article/view/479

Similar Articles

111-120 of 361

You may also start an advanced similarity search for this article.