We take data security very seriously. That's why we've built an enterprise-grade cloud security infrastructure that follows industry wide best practices and standards. Ubiq platform is deployed and runs on Amazon Web Services in the U.S West (Oregon) region of AWS. It employs a multi-layered architecture that uses strong encryption at each stage.



Ubiq Data Security Architecture


Ubiq employs a set of best-practices that guarantee the system security and data privacy:

  • Share-nothing/stateless approach to services

  • Multi-layered approach to system security and system/data access

  • Strong encryption of data in transit and at rest

  • Continuous monitoring both from inside and outside

Here's how it works

  1. Customers connect to Ubiq over HTTPS, the protocol used for online banking.

  2. Ubiq's Web and Backend servers (all hosted on AWS) connect to each other using encrypted connections over SSL.

  3. Ubiq connects to customer databases from static IP addresses that customers can whitelist in their firewall settings. For databases in private networks, Ubiq can connect through using SSH tunnels.



Database Connection Security


Our architecture is designed to keep requests encrypted with SSL/TLS connections as they enter and move throughout Ubiq. They are only decrypted when reaching their destination and are re-encrypted for transport.

  • All traffic between your web browser and Ubiq's servers is encrypted with 256-bit AES encryption.

  • Database connections are over SSL

  • For additional layers of security, we recommend connecting through SSH tunnels and whitelisting access to our static IPs. For SSH tunneling, Ubiq supports both password-based authentication and key-based authentication

  • Ubiq maintains strong connections with HTTP Strict Transport Security (HSTS) protocols to protect against a multitude of security attacks.



How Ubiq uses data in your database


Ubiq is based on SQL and does not perform other operations on the database than running SELECT SQL queries for running user-entered SQL queries to fetch the data that power the dashboards & reports.

Ubiq does not store the database schema for your data source. Ubiq does not store the results of the report query executions

On running a query in Ubiq, the SQL is executed against the database and the results are directly sent back to the user's browser without storing anywhere.

For saved reports on a dashboard, the report query is executed against the database each time:

  • The dashboard is accessed by a user

  • The report is manually or automatically refreshed

  • The dashboard parameters are changed

  • Automated email report is generated for your dashboard



No data storage


Ubiq does not store any of your data (either the data in your data sources or data used to populate your dashboards). It does not store the database schema for your data source. Ubiq does not store the results of the report query executions



No ports are opened


You don't have to open any ports on your network to connect Ubiq to your database. You can connect Ubiq to your database via SSH tunneling, without allowing remote access to your database or opening any port.


If you connect to data on your private network, Ubiq agent keeps the data in your database within your network and does not send it to Ubiq servers. No ports are opened in the process.



Read Only Access


Ubiq connects to your databases with read-only access. It has built-in mechanisms to block malicious queries like insert, delete, drop, etc from coming through.



Data security and encryption


Database connection passwords or authorization strings are stored encrypted using a 256-bit key. Any data that is either related to your account or a result of one of the analytical queries is subject to strong security, both in transit and at rest. Ubiq does not store any of your data - either the data in your data sources or data used to populate your dashboards. It does not store the database schema for your data source. Ubiq does not store the results of the report query executions

In transit

In transit security refers to security of the data as it is transmitted between Ubiq and the end user's computer. All Ubiq communication is performed over HTTPS/SSL connection for both HTTP and Web sockets traffic.

Encryption at rest

Ubiq stores all account/user data in a database that is encrypted at rest, and all backups of the data are encrypted. User passwords are stored with a best practice strong one-way hashed/salted encryption and cannot be decrypted. Database connection passwords or authorization strings are stored encrypted using a 256-bit key.



Uptime & Monitoring


Ubiq employs a wide range of monitoring services that guarantee the uptime of the Ubiq platform and allow to respond within 2-3 hours to any operational problems.

This includes:

  • Service availability monitoring

  • Server log monitoring

  • Server components and services availability monitoring

  • Browser error monitoring



Data backup & archiving


Data Backup

Ubiq never stores results of your analytical queries. Account data are stored as part of a database backup in an encrypted form. The backups are kept for limited time (only 7 days).

Physical media management

All data copies are handled by native Amazon AWS functions. Amazon AWS uses Guidelines for Media Sanitization (NIST 800-88 or DoD 5220.22-M) where all physical devices are destroyed in Amazon premises and no storage can leave Amazon premises. Detailed description can be found at the AWS Security Whitepaper page 8, paragraph on Storage Device Decommissioning.



Hosted on AWS


Ubiq platform is deployed and runs on Amazon Web Services in the U.S West (Oregon) region of AWS. It allows for a self-healing infrastructure with redundant servers for critical services. The platform features built-in mechanisms to detect when components are not operating or operating in a degraded state. It will automatically scale to ensure that services remain available and responsive.

Certifications & Compliance


Ubiq BI is hosted on Amazon Web Services. Amazon AWS complies with some of the most demanding certifications, namely:

  • Sarbanes-Oxley (SOX) compliance

  • ISO 27001 Certification

  • PCI DSS Level I Certification

  • HIPAA compliant architecture

  • SOC1 Audit, SOC2, SOC3

  • FISMA MediumATO

  • Service Health Dashboard

For full up-to-date list of certifications and compliance audit reports see https://aws.amazon.com/compliance



Powerful user management


As an account Admin, you can manage the permissions for every user with access to your account (even control who can view your dashboards).

  • Administrators have full access to their account including user management & billing

  • Creators can create charts & dashboards

  • Viewers can only view dashboards.

You are the administrator of your account and can assign project based roles to your team mates.



If you have any question or feedback, please feel to reach out to us at contact@ubiq.co