Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

11/4/2010
06:27 PM
Adrian Lane
Adrian Lane
Commentary
50%
50%

NoSQL: Not Much, Anyway

I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.

I don't get the NoSQL movement. Most old-school database administrators don't. In fact, a lot of people don't understand what NoSQL is exactly because, quite frankly, there's not much there. Most of the features and functions we consider synonymous with databases are unwanted by developers of nontransactional systems and are falling by the wayside as companies push applications into the cloud.Conversely, application developers -- especially Web application developers -- don't "get" relational databases. They understand how they work, but they just don't understand why you need all that stuff. You know, like transactional consistency. Or predefined structures. Or rollbacks. Just give them some place to dump data -- any kind of data -- and a quick way to look it up again. They don't want to define data types in advance. They want all of the data manipulation and processing within their application. Further, accuracy and consistency are less important that speed and scale.

Database administrators respond by saying, "If you don't want the overhead of a database and you don't need transactional consistency, just use a file." And that's pretty much what application developers are doing and driving the NoSQL movement. The desire to store more data and inspect much larger data sets across distributed computing platforms has become a necessity for many Web-based applications. All without having to spend millions of dollars on a giant data warehouse. By reducing the complexity of the database engine, and by defining -- as they go -- how to store and reference that data, they get a lot better performance. It's a database, but it lacks most of the features and functions of relational database technology.

So what is NoSQL? That's a hard question to answer because NoSQL is more of a design concept than an actual product. Basically, NoSQL implementations are a storage engine. Most NoSQL variants strip away SQL statement parsing because NoSQL is not structured relationally. In many cases, there is no structure at all, just data with its index value. Without a relational structure, you remove the need for query execution plans, table concurrency, and locking for read consistency.

By removing all that code and complexity from the database engine, along with incredibly cheap memory from cloud service providers, most of the database code and data indices can be stored in memory. By removing tasks that require a lot of processing overhead and placing a higher percentage of code in memory, you speed operation by (nearly) an order of magnitude. Cheap and fast is a very attractive option!

I am certain there are some firms (Google, Amazon, and Facebook) and project managers out there who will be offended by my definition because BigTable, Dynamo, SimpleDB, and Cassandra are used by millions each day, whether or not they know it. But it's not off-the-shelf software. And for every relational trait a NoSQL database is supposed to forgo, you can always find one or more project or product variants that offers things like consistency, replication, or complex storage options.

Make no mistake: I am not trying to marginalize the efforts of the developers behind these projects or the need for this kind of tool. NoSQL is here and will be for a long time because it solves several fundamental problems for application developers. But don't confuse NoSQL with relational database. Think of it in terms of document storage.

Adrian Lane is an analyst/CTO with Securosis LLC, an independent security consulting practice. Special to Dark Reading. Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5604
PUBLISHED: 2020-07-09
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remoto attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
CVE-2020-5974
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
CVE-2020-15072
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
CVE-2020-15073
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
CVE-2020-2034
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...