Delphix implemented logical access controls at every layer of its infrastructure to prevent Cross-Site Request Forgery (CSRF), which is a serious threat to SaaS providers. When a user authenticates to Data Control Tower (either through a browser or through APIs), a secure OAuth 2.0 based authorization flow with a session-ID tracking mechanism works transparently to ensure Data Control Tower only answers requests from authorized clients. The figure below shows how authentication and authorization work when a user initiates a session with Data Control Tower.
Data Control Tower delegates authentication and authorization decisions to its customers via SAML 2.0 or OIDC 1.0 capable Identity Providers. Therefore, Delphix Customers use their existing infrastructure and investment in Enterprise IAM to manage access to Data Control Tower, achieve compliance targets of matching authentication to the level of risks, and meet their control objectives, such as access appropriate to the role and timely revocation of access.
Data Control Tower Role-Based Access Control (RBAC) feature allows users designated as customer administrators to set per-user permissions on their data and Delphix Engine capabilities directly through the Data Control Tower console. Administrators can specify fine-grained access policies to implement segregation of duties within the organization and maintain compliance with internal and external policies and controls. Data Control Tower has two modes for RBAC:
- Declarative - Administrators make a decision and declare the required level of access at authentication time and include permissions into the SAML assertion which Data Control Tower honors
- Managed - Administrators assign and maintain a level of access directly within Data Control Tower and only pass information of the authenticated user in SAML.
Data Control Tower does not require inbound connections into the customer’s internal networks. All communications are initiated from the customer’s networks as unidirectional to the Data Control Tower API endpoint. All incoming connections to Data Control Tower are automatically screened for OFAC compliance. To comply with data exfiltration control rules, outbound communications from Engines to Data Control Tower APIs support Proxy Relay mode, allowing for inspection of all outgoing traffic, if required.
Access and Audit Trails, integration with Enterprise SIEM
Every action, request, and event within Data Control Tower is recorded and preserved in a secure, tamper-proof repository. These events are available for real-time viewing and analysis within the Data Control Tower UI going back up to 45 days. Users can download up to 7 years of their activity by using the Data Control Tower on-demand data retrieval APIs. Data Control Tower events are complementary to the events recorded within on-premise Delphix Engines. Information from both sources is aggregatable into a customer’s SIEM to meet compliance and attribution needs, as shown below.
Delphix Secure SDLC
Security is a continuous concern for both service providers and users. At Delphix, security principles drive our entire software development lifecycle from the concept to production deployment. Delphix developers and testers know what information Delphix systems are handling and understand the risks of losing that information. That is why, on top of using security best practices, Delphix continuously looks for vulnerabilities in its code, infrastructure configuration, and software dependencies, as well as try to break through Data Control Tower product and services defenses with external Pen Tests against publicly available Web and API interfaces. Delphix strides to identify and resolve any potential problems or vulnerabilities within its solution before other parties discover and exploit them.
Operation Management and Access To Customer Data
The Delphix developers do not have access to infrastructure hosting customer data. Access to production systems and administration tasks are facilitated through automated, precisely scoped, access controlled, and audited. Delphix uses Multi-factor Authentication (MFA) when administering Data Control Tower and its hosting infrastructure. Access is managed based on Roles. Roles are assigned to users based on the least privileges required to perform the required tasks. Every access request made and action taken within both Data Control Tower and its hosting infrastructure is preserved in an audit log for monitoring and forensic analysis.