The Delphix approach is based on:
Embrace separation of duties: Isolate and compartmentalize capabilities and privileges and never give or concentrate access to a single role.
Apply the principle of least privilege: Users should obtain only those privileges needed to do their jobs and only for as long as they are needed.
Use an open, simple design: Make security mechanisms simple and easy to use, and rely on proven, peer-reviewed solutions.
Use a layered defense: Provide no single point of failure; if one layer fails to catch an error, catch it in another layer.
Use complete mediation and authentication: Control and check every access point every time.
Use fail-safes: Deny access when not explicitly authorized. Prevent faults from causing an opportunity to compromise.
Protect data at rest and data in motion: Utilize common security protocols as well as features of the source database and database software to protect data at all times.
Minimize the attack surface: Present the minimum sockets, services, webpages, and accounts necessary to operate.
Don’t rely on obscurity: Be secure even if everything but the key is known.
Audit and monitor everything: Provide a tamper-proof trail of evidence.
Leverage the environment: Design the Delphix Engine to leverage the security features offered by databases, operating systems, storage devices, and networks.
Anticipate external Attack Vectors: Combat attacks sourced from connected systems.
Enforce strong credentials: Define and enforce password policies.