We take data security very seriously. That's why we've built an enterprise-grade cloud security infrastructure that follows industry wide best practices and standards. Ubiq platform is deployed and runs on Amazon Web Services in the U.S West (Oregon) region of AWS. It employs a multi-layered architecture that uses strong encryption at each stage.
Ubiq employs a set of best-practices that guarantee the system security and data privacy:
Share-nothing/stateless approach to services
Multi-layered approach to system security and system/data access
Strong encryption of data in transit and at rest
Continuous monitoring both from inside and outside
Here's how it works
Customers connect to Ubiq over HTTPS, the protocol used for online banking.
Ubiq's Web and Backend servers (all hosted on AWS) connect to each other using encrypted connections over SSL.
Ubiq connects to customer databases from static IP addresses that customers can whitelist in their firewall settings. For databases in private networks, Ubiq can connect through using SSH tunnels.
Our architecture is designed to keep requests encrypted with SSL/TLS connections as they enter and move throughout Ubiq. They are only decrypted when reaching their destination and are re-encrypted for transport.
All traffic between your web browser and Ubiq's servers is encrypted with 256-bit AES encryption.
Database connections are over SSL
For additional layers of security, we recommend connecting through SSH tunnels and whitelisting access to our static IPs. For SSH tunneling, Ubiq supports both password-based authentication and key-based authentication
Ubiq maintains strong connections with HTTP Strict Transport Security (HSTS) protocols to protect against a multitude of security attacks.
Ubiq is based on SQL and does not perform other operations on the database than running SELECT SQL queries for running user-entered SQL queries to fetch the data that power the dashboards & reports.
Ubiq does not store the database schema for your data source. Ubiq does not store the results of the report query executions
On running a query in Ubiq, the SQL is executed against the database and the results are directly sent back to the user's browser without storing anywhere.
For saved reports on a dashboard, the report query is executed against the database each time:
The dashboard is accessed by a user
The report is manually or automatically refreshed
The dashboard parameters are changed
Automated email report is generated for your dashboard
Ubiq does not store any of your data (either the data in your data sources or data used to populate your dashboards). It does not store the database schema for your data source. Ubiq does not store the results of the report query executions
You don't have to open any ports on your network to connect Ubiq to your database. You can connect Ubiq to your database via SSH tunneling, without allowing remote access to your database or opening any port.
If you connect to data on your private network, Ubiq agent keeps the data in your database within your network and does not send it to Ubiq servers. No ports are opened in the process.
Ubiq connects to your databases with read-only access. It has built-in mechanisms to block malicious queries like insert, delete, drop, etc from coming through.
Database connection passwords or authorization strings are stored encrypted using a 256-bit key. Any data that is either related to your account or a result of one of the analytical queries is subject to strong security, both in transit and at rest. Ubiq does not store any of your data - either the data in your data sources or data used to populate your dashboards. It does not store the database schema for your data source. Ubiq does not store the results of the report query executions
In transit security refers to security of the data as it is transmitted between Ubiq and the end user's computer. All Ubiq communication is performed over HTTPS/SSL connection for both HTTP and Web sockets traffic.
Ubiq stores all account/user data in a database that is encrypted at rest, and all backups of the data are encrypted. User passwords are stored with a best practice strong one-way hashed/salted encryption and cannot be decrypted. Database connection passwords or authorization strings are stored encrypted using a 256-bit key.
Ubiq employs a wide range of monitoring services that guarantee the uptime of the Ubiq platform and allow to respond within 2-3 hours to any operational problems.
Service availability monitoring
Server log monitoring
Server components and services availability monitoring
Browser error monitoring
Ubiq never stores results of your analytical queries. Account data are stored as part of a database backup in an encrypted form. The backups are kept for limited time (only 7 days).
All data copies are handled by native Amazon AWS functions. Amazon AWS uses Guidelines for Media Sanitization (NIST 800-88 or DoD 5220.22-M) where all physical devices are destroyed in Amazon premises and no storage can leave Amazon premises. Detailed description can be found at the AWS Security Whitepaper page 8, paragraph on Storage Device Decommissioning.
Ubiq platform is deployed and runs on Amazon Web Services in the U.S West (Oregon) region of AWS. It allows for a self-healing infrastructure with redundant servers for critical services. The platform features built-in mechanisms to detect when components are not operating or operating in a degraded state. It will automatically scale to ensure that services remain available and responsive.
Ubiq BI is hosted on Amazon Web Services. Amazon AWS complies with some of the most demanding certifications, namely:
Sarbanes-Oxley (SOX) compliance
ISO 27001 Certification
PCI DSS Level I Certification
HIPAA compliant architecture
SOC1 Audit, SOC2, SOC3
Service Health Dashboard
For full up-to-date list of certifications and compliance audit reports see https://aws.amazon.com/compliance
As an account Admin, you can manage the permissions for every user with access to your account (even control who can view your dashboards).
Administrators have full access to their account including user management & billing
Creators can create charts & dashboards
Viewers can only view dashboards.
You are the administrator of your account and can assign project based roles to your team mates.
If you have any question or feedback, please feel to reach out to us at firstname.lastname@example.org