Security principles

The Delphix approach is based on:

• Embrace separation of duties: Isolate and compartmentalize capabilities and privileges and never give or concentrate access to a single role.

• Apply the principle of least privilege: Users should obtain only those privileges needed to do their jobs and only for as long as they are needed.

• Use an open, simple design: Make security mechanisms simple and easy to use, and rely on proven, peer-reviewed solutions.

• Use a layered defense: Provide no single point of failure; if one layer fails to catch an error, catch it in another layer.

• Use complete mediation and authentication: Control and check every access point every time.

• Use fail-safes: Deny access when not explicitly authorized. Prevent faults from causing an opportunity to compromise.

• Protect data at rest and data in motion: Utilize common security protocols as well as features of the source database and database software to protect data at all times.

• Minimize the attack surface: Present the minimum sockets, services, webpages, and accounts necessary to operate.

• Don’t rely on obscurity: Be secure even if everything but the key is known.

• Audit and monitor everything: Provide a tamper-proof trail of evidence.

• Leverage the environment: Design the Delphix Engine to leverage the security features offered by databases, operating systems, storage devices, and networks.

• Anticipate external attack vectors: Combat attacks sourced from connected systems.

• Enforce strong credentials: Define and enforce password policies.