sean at basho.com
Sat Oct 1 07:50:01 EDT 2011
On Fri, Sep 30, 2011 at 4:50 PM, Kyle Quest <kcq.lists at gmail.com> wrote:
> I'm not here to define a perfect infrastructure for securing NoSQL
> databases and Riak and go into implementation details... It's not my
> intention because I simply don't have time to dedicate to this big
> project and it's impossible to come up with a perfect solution right
> away. Either way asking customers to be security experts is asking for
> trouble... And I base this statement on the actual real world
> experience in security, which I have quite a bit. I'll leave it on
> this note :-) And let's talk in 10 or 15 years :-)
If you've been in security that long, you know that every security measure
has a cost associated. In general, Riak is deployed deep in infrastructure,
and secured in ways that are almost always already in-place for other
purposes. It is almost never exposed to the outside world. The lack of
authentication/authorization/etc has more often been an annoyance
factor than a deal-breaker for our customers.
And if you think we only have startups as customers, you haven't looked
closely -- many of our customers are "big enterprises" and that segment is
the one growing fastest.
Sean Cribbs <sean at basho.com>
Basho Technologies, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the riak-users