Enterprise Level Deployment of Delphix Solution Design – Add Masking

Hi Again!  In today's post I will continue my discussion of my building a Solutions Designs for an enterprise level deployment of Delphix Virtual Data systems in our fictitious healthcare company. If you are new to Delphix technology, please go to https://www.delphix.com or just search for Delphix online.

To bring you up to speed from the last post - The Solution Design, we walked through the first 5 subjects of the Table of Contents. The week I will discuss integrating the Masking solution for Delphix VCDM. Please refer to my previous blogs for Enterprise Level Deployment of Delphix listed here in order...

You have Delphix Now What | Delphix Goals and Objectives | The Solution Design - Part1 | The solution Design Part 2 | The solution Design - The transition process

The Solution Design Document

We have already moved through the first 5 chapters of the solution Design. Lets look at chapter 6 - the Masking Process. I generally see the masking process a separate work stream for the Delphix implementation, especially if a customer is initiating masking for the first time.  When a customer initiates masking into the provisioning pipeline for the first time there are many additional tasks the customer will experience for the first time as well.  The customer will basically be implementing a full masking solution where the standard discovery, planning, initiation, audit and deployment must happen. For the solution design of Delphix and masking the solution will essentially be defining the current maturity level of the masking program and to call out a parallel work stream to accompany the Delphix implementation.

Solution Design Document

Table of Contents

1.0     Project Background.............................................................................................        6

2.0     Technology Descriptions.....................................................................................        8

3.0     Theory of Operations.............................................................................................       19

4.0     Next Practices (What Changes with Delphix)....................................................          25

5.0     Migration Process.................................................................................................       36

6.0     Masking Solution.................................................................................................        52

6.1    Corporate Security Policies................................................................................           52

6.2    Databases...........................................................................................................       55

6.3    File Systems........................................................................................................       61

6.3    Audit Trails...........................................................................................................       66

7.0     High Level Timeline..............................................................................................        71

7.1    Preplanning and Solutioning ..............................................................................         71

7.2    Initialization and Startup.....................................................................................         72

7.3    Development Configuration and Integration.......................................................          73

7.4    Operations and Maintenance..............................................................................         74

Masking Solution

The data masking solutions will include the de-identification of Personal Identifiable Information (PII) associated to Personal Health Information (PHI) with our HealthCare processing systems.  The data to be masked will not leave the control of the IT operations center. In other words we are building the solution to address privacy data for internal distribution only. The Security team has provided the following graphic of the current systems processing or storing PII and PHI. The inner circle are systems that contain PII/PHI member data and the outside rings presents locations within the processing systems that may contain PHI/PII member or provider data even for a short period of time. For instance audit databases contain before and after images of record updates and could therefore contain PHI/PII data that is changed during the masking process. In this case it is important to remove the before images after the masking process if audit is turned on these databases.

For my fictitious health company we have defined the PII and PHI to be masked. For your deployments you will want to works with the companies HIPAA and Security officers to determine the key elements for their de-identification requirements and publish them here in this part of the solution design. High level requirements at this point is that all databases and unencrypted files that are subject to masking will de-identify records within tables, columns and files that store data relating to the definition of sensitive data as listed here

• Person Names: patient names, family members, patient proxy, and providers

• Geographic Location:  Anything smaller than a country

• Contact information:  Email Addresses, Phone Numbers, Social Media ID Locators

• Other identifiers: SSN, Driver License, Medical Devices, Member Numbers & Provider IDs.

• Date of Birth, Date of Death: All but year is masked (Depending on the required processing logic to be tested,  an expection to this can occur)

With that said, the overall objective for de-identification is to remove true patient/personal identifiers while minimizing over-scrubbing. At this time, there is no corporate policy addressing internal de-identification operations and policies. The Security& Compliance team in collaboration with Quality, TDM, DBA, ITOps, application development and ETL teams will define and distribute the policies and guidelines to meet this objective and Delphix masking software and virtual copy data management will be the driving project to move the masking initiative forward.

The maroon bubble coloring on the Secure Server Identification image indicates the databases targeted for masking. During the Environmental impact analysis the database names and servers will be identified and enumerated for inclusion for the data masking process.  Within the Virtual Copy Data management process there will be one virtual copy of a database that will be masked on a daily basis and will then become a secure source for all downstream non-prod databases.

This swim lane diagram provides the process flow for the golden copy masking process.

Applications and Files

The blue green bubble coloring on the Secure Server Identification Image provided earlier, indicates the application servers targeted for masking. During the Environmental impact analysis, the servers will be identified and enumerated for inclusion for the data masking process review cycle.  The application's file system is not expected to contain PHI or PII since the source binaries will come from a non operational staging location, however the systems log files and processing files will be reviewed prior to the source ingestions to mitigate risk.

The turquois bubble coloring on the same Secure Server Identification Image indicates the file servers that will contain incoming files that will need to be masked prior to use in a non production development or testing needs. During the Environmental impact analysis, each file will be identified and enumerated for inclusion for the data masking process review cycle. The incoming file process will include an additional step to move the file to a masking staging server and will be the source file for all development and testing scenarios.

This swim lane diagram provides the process flow file level masking process.

Audit Trails

The Delphix Masking engine maintains auditing and reporting for all job actions conducted. These audit reports enables the security and compliance teams an option to validate current and past masking operations.

Delphix Selective Data Distribution functionality provides the assurance that a refresh process request will only be serviced if the source has been "certified" green from the masking engine. If any part of the masking job fails the refresh request job will receive a failure notification and will not provision until issue is resolved and the source receives a certified check from the masking audit processes.

Next Installment Post - Finish the Solution Design with a High Level Timeline and provide a Template Solution Design Document.

This ends the blog for today. It looks like I made it through the first 6 chapters of the Solution Design Document. I don't want to make these blogs too overwhelming; I hope to keep them to 20 minutes of reading at most. So next week I will wrap up this Solution Design Document Discussion.

Thanks for all the great feedback and suggestions I have been receiving from the followers.