MarkLogic Adds Element-level Security to Its NoSQL Database

MarkLogic 9 is aimed at improving performance in three main focus areas: data integration from silos, data manageability and security. Sounds simple, but all of these things are hard to do well.

MarkLogic.logo

MarkLogic, the NoSQL database that helped solve the online registration snafu of Healthcare.gov, the Affordable Care Act website, back in 2013-14 (remember that mess?), launched a major update of its product May 16 at its MarkLogic World user conference in Chicago.

Not every enterprise needs a big, bulky relational database. MarkLogic develops and provides services for an alternative database to the big relational ones that Oracle, IBM, SAP, Microsoft SQL, Software AG, Teradata and others built years ago and that require a lot of supervision and maintenance. Most are decades-old databases that rely on often slow-moving, time-consuming ETL (extract, transform and load) tools to integrate data from silos.

MarkLogic navigates data lakes of unstructured data but also handles structured data. MarkLogic 9 is aimed at improving performance in three main focus areas: data integration from silos, data manageability and security. Sounds simple, but all of these things are hard to do well.

Unified, Granular View of All Data in a System

MarkLogic claims that version 9 enables enterprises to achieve a unified, actionable 360-degree view of all of their data--whether in the cloud or on-premise--for all the business uses companies require. Scalability is also an asset.

"We look at this as one of the most ambitious releases we've ever done," CEO Gary Bloom told eWEEK. "It also takes our capability beyond where we've been--which has been ahead of the NoSQL vendors--and in many areas, it's taken us beyond what people have traditionally done with relational (databases) as well."

Bloom ought to know; he was a key player and executive at the world's largest relational database company, Oracle, for 14 years.

"These new additions are predominately based on what our customers have given us as input and things that are happening on the macro level that are changing the nature of requirements for the database. I believe we're way ahead of the curve for that particular part," Bloom said.

Hundreds of Changes in New Version

There are literally hundreds of changes in MarkLogic 9, with the biggest ones impacting security, Bloom said.

"Much of the industry has been myopically focused on network security, but the world has changed pretty rapidly. Through enterprise ecosystems (including partners, contractors and customers), we're kind of inviting people into our networks, so all of a sudden, the need for much, much more advanced security is readily apparent," Bloom said.

To do this, MarkLogic 9 includes advanced encryption for data at rest at the database level, not at the system level. And when data is in transit, say to Amazon Web Services, no one in the network can ever see the data. This bolsters cybersecurity in a big way.

MarkLogic 9 also includes something called element-level security--very granular controls. "You can have two or three customers or hundreds of people using the same database, but the view or window into the data that each of those individuals sees can be completely different," Bloom said.

For example, Bloom said, in the publishing business, an author would be able to see an entire article in the content management system database, but others searching for it might only be able to see a summary of it. Or in a clinical trial for a new drug, a data scientist might be called in to look at the overall effects of the drug on a group of people, but he wouldn't necessarily need to see the HIPAA-compliant (Health Insurance Portability and Accountability Act of 1996) data, nor any of the personal data of the people being tested.

Granular Controls a Key Asset

Granular control over factors such as these is what MarkLogic 9 is bringing to the market. The database's search function also features semantic relationships in language; for example, if you're searching for "AT&T" and type in "ATandT," the database will find the correct results.

MarkLogic is used as a database for big data-type workloads that are increasing almost daily in IT production shops. It is available in either on-premises or cloud-based versions.

Other new capabilities in MarkLogic 9 are:

--Faster data integration: MarkLogic 9 introduces capabilities that it claims are unique in the database market that further facilitate and ease the integration of data from silos.

--Entity services: This allows organizations to manage messy, ever-changing data sources by allowing them to define and evolve a model and vocabulary that harmonizes real-world entities, such as customers and products, and the relationships between them.

--Optic is a revolutionary new API that lets developers view their data as documents, graphs or rows, providing unparalleled flexibility and efficiency.

--Advanced encryption protects data from hackers and insider threats using standards-based cryptography, advanced key management and granular separation of duties.

--Element-level security goes beyond the existing document-level security to allow specific elements of a document to be hidden from particular users. The increased granularity means greater data protection.

--Redaction eliminates the exposure of sensitive information, such as Social Security numbers, by removing specific information or replacing it with other values in order to prevent leakage of sensitive data. Most importantly, it gives enterprises the assurances they need to share data safely.

--Ops Director is a foundational new tool that eases management for system administrators across multiple clusters, cloud and on-premises systems, and production, test and development environments.

--Telemetry is an opt-in feature that enables better and faster support by collecting, encrypting and sending diagnostic system-level information to MarkLogic so it is there immediately when needed.

MarkLogic counts among its customers Aetna, BBC, Broadridge Financial, Centers for Medicare and Medicaid Services (CMS), Dow Jones, the Federal Aviation Administration (FAA), Hannover Re, McGraw-Hill Financial, the National Archives and Records Administration (NARA), NBC Entertainment, the U.S. Department of Agriculture (USDA) and the U.S. Navy. Also, six of the top 10 global banks rely on MarkLogic for transactional operations.

For more information about MarkLogic 9, go here.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor of Features & Analysis at eWEEK, responsible in large part for the publication's coverage areas. In his 12 years and more than 3,900 stories at eWEEK, he...