Identity-Driven Data Security

1. Can I create multiple API Keys per Dataset?

Yes – you can create and associate multiple unique API keys per Dataset.

2. What encryption algorithms do you currently support?

We currently support AES-256-GCM and AES-128-GCM for unstructured data, and the NIST FF1 method for structured data, with support planned for additional algorithms in the future. Please feel free to reach out if you have specific needs.

3. What is your standard key rotation policy? Can the key rotation policy be customized?

By default and upon creation, both Primary Keys and Data Encryption Keys are scheduled to rotate annually. You have the flexibility to adjust the rotation schedule to 3, 6, 12, 18, 24, or 36 month intervals.

4. Where are my encryption keys stored?

Data Encryption Keys are stored with your encrypted data within your (customer) infrastructure. Data encryption keys are never sent to Ubiq.

Primary Encryption Keys are stored within FIPS 140-2 Level-3 compliant Hardware Security Modules (HSMs) within Ubiq’s SaaS infrastructure.

5. How do I re-key my data (change the Data Encryption Key that was last used to encrypt it)?

For unstructured data, simply decrypt the encrypted data and then re-encrypt it.

For structured data, rotate the Data Encryption Key associated with the relevant Dataset. Then, simply decrypt the encrypted data and then re-encrypt it.

In both cases, the decryption process retrieves the existing data decryption key to decrypt the data, and the subsequent encryption process retrieves the next available Data Encryption Key to encrypt the data. Please note, that the number of unique Data Encryption Keys is unlimited for unstructured data, but limited for structured data (due to field format and length limitations).

6. Do you support Multi-Factor Authentication (MFA) when logging into the Ubiq Platform?

Yes – we support MFA using TOTP (E.G. Google Authenticator) for login and sensitive operations such as key rotation or modifying encryption policies.

7. I'm trying to sign into the Dashboard, but I don't have access to my MFA device or my recovery code. What can I do?

It is very important that you store your MFA Recovery Code in a safe place in case you lose or replace your MFA Device. However, if you lost, misplaced or failed to record your MFA Recovery Code, then please contact Ubiq Support to regain access to your account.

8. Does the Ubiq platform support applications running in cloud, multi-cloud, or hybrid cloud environments?

Yes. The Ubiq Platform is fully cloud provider and deployment agnostic. Your application can run in any environment, so long as it can access our platform over the internet.

9. Can I encrypt just a single data element or file or do I need to encrypt all of it (as a group)?

It’s entirely up to you. Our APIs are extremely flexible and can be used to encrypt as much or as little data as you wish.

10. What happens if the Ubiq Platform becomes unavailable? What happens if my application loses access to the internet?

Internet access to our platform is required for access to our APIs. If they are inaccessible, you will be unable to encrypt or decrypt data. Accordingly, the Ubiq Platform is designed to be highly resilient and reliable. You can see our current and historic availability information at status.ubiqsecurity.com

11. What data does the Ubiq Platform see? Does our customer data ever leave our environment?

The Ubiq Platform sees only calls to encrypt and decrypt specific Data Encryption Keys, which are randomly generated and don’t reveal any information about your customer data.

Your customer data never leaves your environment.

12. Does encrypting data with the Ubiq Platform change its size?

Data size for Structured Datasets will match the plain/input text. Data size for Unstructured Datasets will be about 1-2kb larger than the source data.

13. What languages or platforms do you support? Are your libraries native implementations? Are they open source?

We currently support most major programming languages. You can find those details here

Each implementation is supported on most or all platforms the language itself supports and uses either native cryptographic primitives provided by the language or operating system, or well-vetted industry standard third-party libraries.

Our libraries are open source and you can find the source code for all of them in our GitLab and GitHub repositories.

14. How can we partition data access so that applications can read only a subset of our data?

Each API key can encrypt and decrypt any data for a given Dataset. To create partitioned datasets, create a new Dataset for each partition (which will create a new, unique Primary Encryption Key), then distribute the API keys for access to that partition.

15. What auditing features do you support?

Events: Within the Ubiq Dashboard, on the Events page, we log every encrypt and decrypt API call that is made for your account.

Security History: Within the Ubiq Dashboard, on the Security History page, we log user security activity, such as logins, dataset creation & edit activity, team member invites, MFA activation, and several other categories of information.

16. Describe key lifetime in memory. Can you deal with multi-threaded environments?

Keys are loaded into memory only as long as required to encrypt or decrypt data and are flushed from memory afterwards. Libraries are fully capable of multi-threaded operations.

17. Does our data have to be formatted or stored in a specific way to use the Ubiq Platform?

No. Our APIs work on the level of blocks of bytes and can work with any data format or storage medium.

18. What is your onboarding process?

Our platform is designed to be entirely self-service. Please visit our docs page on how to get up and running https://dev.ubiqsecurity.com

19. Where does your platform infrastructure reside?

Our platform currently runs in the USA. Our longer-term plans include running components of our platform in other international regions.

20. How do you license your product?

We have a simple and transparent licensing model: a flat charge per encrypt or decrypt API call. See our pricing page for more information.

21. Can we supply our own HSM/KMS instead of using the Ubiq-managed ones?

Not at this time. We have long-term plans to support customer managed KMS/HSM systems. If this is a requirement, please contact us for more information.

22. How do we prevent unauthorized access via the API keys? Can we restrict API access by IP source/other?

API key access can be restricted by source IP, as well as permissions: encrypt only, decrypt only, and encrypt and decrypt.

API key/credential security is the responsibility of the customer, including account credentials, API Key usage, and access. We encourage our customers to explore the use of industry-vetted secrets management solutions, approaches, and strategies to protect any API keys, passwords, certificates, and other secret material.

23. Can we submit a purchase order? Can you invoice me?

Yes – please contact us and we will work with you on an appropriate strategy for your use case and organization, including invoicing and procurement details.

24. How long do I have in the dashboard until I get logged out?

To help prevent account compromise, you will be logged out after 15 minutes of inactivity.

25. How is the Ubiq Platform different from standard KMS solutions?

A KMS only offers a small fraction of the functionality offered by the Ubiq Platform. Our platform builds on a traditional KMS to add encryption policy support, automated key rotation and management, access controls, and an interoperable, open data storage format accessible through our suite of simple APIs.

26. How can I protect access to my API keys?

We encourage our customers to explore the use of industry-vetted secrets management solutions, approaches, and strategies to protect any API keys, passwords, certificates, and other secret material.

27. What is a Dataset?

A Dataset is the primary building block (in the Ubiq Dashboard) of data that you choose to encrypt.

Datasets can be configured as two types:

1. Structured – Example: Data stored in a database column with a fixed length and type. Like a name, address, or SSN.

2. Unstructured – Example: Files (audio, video, PDF, text, etc.) stored in an unstructured data store such as AWS S3, Google Cloud Storage, or a Data Lake.

28. What is a Dataset Group?

Dataset Groups provides you with the ability to visually group various Datasets together (in the UI), so you can efficiently manage and track Datasets that may share specific attributes. Datasets can be assigned to any number of dataset groups; however, it is not allowed to have Datasets with identical names within a given Dataset Group.

29. What is a Primary Encryption Key?

A Primary Encryption Key, also known as a Symmetric Master Key, is used to derive other symmetric keys (e.g., data encryption keys, key wrapping keys, or authentication keys) using symmetric cryptographic methods.

30. What is a Data Encryption Key?

A Data Encryption Key, also known as a Symmetric Data Encryption Key, is used with symmetric key algorithms to apply confidentiality protection to information. Data Encryption Keys are derived leveraging Primary Encryption Keys.

31. What browsers do you support?

Chrome and Safari

Data security designed for modern threats

The most effective and efficient way to protect sensitive data

How Ubiq can help you

Automate secure key management

Enable rapid compliance

Get started in minutes

Reduce the risk of data theft

Protect any data type

Integrate across your environment

How to get started

Application vulnerabilities we help you protect against

Identification and Authentication Failures

Broken Access Control

Injection

Threats we help you protect against

Insider threats

Supply chain attacks

Advanced attackers

Frequently asked questions