Delphix: A Data Fortress

Written by Anuraag Girdhar (Dartmouth '15, Delphix Intern, Summer 2014)

Written by Anuraag Girdhar (Dartmouth '15, Delphix Intern, Summer 2014)

Security matters. While hackers no longer wield the cultural clout of Jesse James or Pretty Boy Floyd as vigilante bandits (and the era of cyberpunk all but faded with the new millennium), these days the targets are bigger and the methods more sophisticated. 

But more importantly, the penetration techniques are layered, in response to the increasingly layered security controls that companies are using to secure their data. Today's exploit, like the one Egor Homakov used to hack Github[1], strings together many low-severity bugs to produce something far more potent.  In the accelerating arms race between hackers and the hacked, the most layered will prevail.

Delphix galvanizes your existing data security layers and introduces additional ones. Our most basic security value proposition revolves around data masking, which is the obfuscation of sensitive data for use by clients or subcontractors. Integrated into our intelligent data delivery platform, the data can be masked at the level of production environments, within Delphix virtual environments, or on a query-by-query basis, depending on the level of masking granularity you desire. 

In addition to the security benefits, our customers use masking to remain compliant with various industry regulations, such as HIPAA-HITECH for healthcare firms and PCI for retail and financial services firms. Delphix provides other security layers such as addressing the insider threat. It's no secret that insider actions, whether malicious or careless, can have the same magnitude of impact as external breaches.  However, according to a recent survey by Raytheon[2], 88% of respondents recognize insider threat as cause for alarm but have difficulty identifying specific threatening actions by insiders.

Fortunately, Delphix provides a source of record: detailed audit trails for data provisioning and access.  In the case of a breach, you can use the audit trails to determine whether your databases were compromised due to some careless internal action, and if so, address that human element to improve your security implementation. 

The audit trails also track which of the lost data was masked. Combining these two elements, you can use the source of record to identify the pain points in your security organization and assess your security posture. Another common security layer is role-based access, and with Delphix implementation is a snap. Delphix administrators can define role-based access to different environments and groups of environments. 

Currently, there are two roles, Owner, and Auditor. Owners can create a master copy of the production database and provision new virtual databases off of it, as well as set policies on environments and groups.  Auditors can view statistics like usage, history, and space consumption. This gives you the discretion, for example, to grant your developers the ability to provision virtual databases or restrict that ability to DBAs.

You might be thinking "this is all great, but I want to be more proactive about protecting against security breaches." To address your valid point, penetration testing and vulnerability scanning is becoming an integral part of the security strategy. In its core capacity, Delphix can quickly spin up multiple environments that function as hacking sandboxes. 

Moreover, although it's often overlooked in security planning, quick and resilient recovery is equally crucial.  Indeed, NIST defines Recover as one of the basic security functions in its "Framework for Improving Critical Infrastructure Cybersecurity," and you can use Delphix virtual data environments to test your Recovery plan too. Delphix adds a final layer of protection by reducing data sprawl and thus your surface area of risk. 

If your data resides in many locations and different parts of the network, with Delphix, virtual copies of all of that data can be provisioned from a single physical location. On a larger scale, Delphix also helps consolidate your data centers, further eliminating potential attack vectors.

I only briefly touched upon some of the use cases that our technology provides, and our customers are always creating new and innovative security applications of our technology. Just remember, with Delphix, you can rest assured that you're always on top of your security matters.