Ubiq Security, Inc.

11/23/2023

Wishing all of our U.S. employees, customers, and partners a very safe and Happy Thanksgiving!

08/31/2023

🔒 Think encryption means losing searchability? Or that you need to leverage “experimental” Fully Homomorphic Encryption? Not with Ubiq’s EncryptForSerach capability!

We empower our customers to perform effective searches on encrypted data, even when encryption keys have been rotated, thereby maintaining security 🔐 without losing searchability or analytic capability.

We do this through a technical process called EncryptForSearch, which enables searching within encrypted data 📊 by generating all possible encrypted values for a given original value, considering various encryption keys 🔑.

Consider a credit card number 💳 encrypted with different keys over time. With EncryptForSearch, you can still find this number in the database, no matter the data encryption key rotations, maintaining both searchability and security.

🌐 Check out our docs to learn more about our EncryptForSearch capability.

https://bit.ly/3KVTZli

08/24/2023

🙏 Nothing humbles us more than to have our customers independently write about us.

A recent blog post by Je Sum Yip, CTO at Human Managed, describes how they implemented Ubiq to encrypt and protect sensitive data and attributes in their Policy Information Point (PIP) implementation, which is part of their Attribute-Based Access Control (ABAC) system.

📏 Structured data encryption: Maintaining the original data length and format, suitable for databases with size constraints

🛡️ Persistent data protection: With Ubiq, encryption travels with the data, ensuring security even if the data is inadvertently exposed.

“…the best thing I love about Ubiq is that the encryption travels with the data. Even if I accidentally expose my S3-bucket to the whole wide world, my data is still safe, and I can control the validity of decryption keys from the Ubiq console. Talk about god-like powers!!”

Read the full write-up below!

How we designed our PIP

08/17/2023

🔒 Beyond Tokenization: Embracing Format-Preserving Encryption (FPE) for Enhanced Data Security!

Data security is evolving, and Format-Preserving Encryption (FPE) is leading the way. 🚀 Discover why FPE is replacing traditional tokenization in our latest blog. Officially endorsed by NIST, FPE secures data without compromising its structure.

🔐 Unveil the strengths and limitations of tokenization and explore FPE's benefits:

- Format preservation for seamless integration
- Reduced data exposure at its source
- Smooth integration with minimal system changes
- Cost-effectiveness that outshines tokenization

🔍 Dive into a real-world scenario comparing tokenization and FPE's impact on a multinational retail corporation. See how FPE simplifies scalability, integration, and compliance.

🌐 Stay ahead with the future of data security. Discover why Format-Preserving Encryption is the practical choice. Join the conversation at Ubiq, where we're transforming data protection.

The landscape of data security is in the midst of a transformative shift, as Format Preserving Encryption (FPE) emerges as a viable successor to traditional tokenization. This shift is driven not only by advancements in cryptographic techniques but also by the official recognition of FPE as a NIST s...

07/04/2023

🎉 Happy Independence Day! 🇺🇸

To all our incredible U.S.A. employees, customers, and partners, we wish you a joyous and memorable Fourth of July! Stay safe, enjoy the festivities, and celebrate the spirit of freedom that unites us all!

06/19/2023

🌟 Juneteenth: Honoring Freedom, Inspiring Change 🌟

Today, we honor , commemorating the powerful moment when African Americans in Galveston, Texas, received the news of their emancipation on June 19, 1865—years after the Emancipation Proclamation.

This day signifies the resilience and indomitable spirit of the African American community throughout history. While progress has been made, we must acknowledge the challenges that persist. Our work as a society is not yet complete.

Juneteenth serves as a reminder to champion the rights of those facing discrimination and unequal treatment. By fostering diversity, equity, and inclusion, we can create a future where everyone has equal opportunities to thrive.

In the words of Martin Luther King Jr., "The time is always right to do what is right." Let us stand together, speak up against injustice, and strive for a more just and inclusive society.

05/11/2023

🚨 Is AWS S3 encryption a false sense security?

Spoiler alert: It's not nearly as secure as you might think.

In a recent blog post (https://bit.ly/3VU9xdr), AWS Security Architect Aditya Patel makes the case as to why:

🔒 It's mostly a compliance checklist item. It may satisfy some auditors, but not all. SSE-S3 fulfills PCI DSS encryption requirements but falls short in segregation of duties.

💽 It only guards against the physical loss or theft of an AWS hard drive. Given the rarity of such incidents, this protection is effectively minimal.

📦 If an S3 bucket is unintentionally made public - a surprisingly common occurrence - the contents can still be read despite encryption.

Server-side encryption with AWS Key Management Service keys (SSE-KMS) might seem like a more secure alternative, offering a better balance between security and usability. But remember, even SSE-KMS is powerless if your AWS credentials are compromised. Your data is as exposed as if there were no encryption at all!

So, what does this mean for you? Default encryption + even KMS may not provide the level of data confidentiality you'd expect and offer you little more than a false sense of security.

As we’ve mentioned in the past, server-side encryption and transparent data encryption + KMS (in any cloud service provider environment) won't protect you against modern threats like admin credential compromise, cause the encryption is designed to be transparent. If an attacker has your credentials, AWS (or any CSP) will serve them unencrypted data.

This is one of the core reasons we developed the application-layer encryption API at Ubiq Security, and a major Fortune 100 customer use case for our API – secure and safe storage of sensitive data in any cloud service provider environment – by enabling them to “bring their own encryption” (BYOE) with fully integrated key management.

AWS will now encrypt all new data in its Amazon S3 storage service by default. Huge announcement, secure default for the win, sure, but it may give a false sense of security. Here’s how.

05/04/2023

🔒 The incorrect usage of seeds in Pseudo-Random Number Generators (PRNG) can lead to the exposure of cryptographic keys and other sensitive values if the seed is guessed or reused.

Properly managing seed values is crucial for secure operation of PRNGs and can be achieved by using a strong source of randomness for seed values, a cryptographic library that offers a strong PRNG, and securely storing seed values.

In our latest blog post, our VP of Product Development Sam Craig explores Mitre’s CWE-335: Incorrect Usage of Seeds in PRNG, why it happens, a real-world case study, and recommended mitigations.

You can check it out here: https://bit.ly/3AU4HDn

And over the next several months, we’ll continue to release blog posts where we’ll dig deeper into most of the 29 related to OWASP’s A02:2021 – Failures . So, stay tuned!

The OWASP Top Ten list is a preeminent resource for application security. It describes the ten most common and impactful vulnerabilities that affect web applications today. In the latest version of the OWASP Top Ten list, Cryptographic Failures took the number two spot. This vulnerability describes....

04/27/2023

We’re SOC 2 Type II compliant!

Security and privacy are at the core of everything we do at Ubiq Security. From day one, we've worked with expert security teams and cryptographers to validate our controls and security architecture, to ensure we’re running the most secure environment possible. We view our SOC 2 Type II compliance as an important step in our continuous journey towards increased transparency and trust with our customers.

A huge thanks to our fearless Operations leader Eric Tobias for driving the entire audit process and preparing us since the early days. There’s no way it would have been possible without him. We’d also like to express our appreciation and a huge thanks to our extended team:

Drata for simplifying and streamlining an incredible amount of the compliance process

ClearVector for ensuring that our cloud infrastructure remains secure

Solcyber for providing us critical 24x7 managed security services

Right-Hand Cybersecurity for providing our teams an effective and user-friendly security awareness experience

Prescient Assurance for conducting the audit in as painless a manner as possible

And lastly, a big thanks to the entire Ubiq Security team for playing such a big part in making this happen.

Our SOC 2 Type II Compliance is an important milestone and validates some of the important security work we've been doing, but our work in security is never done. Compliance is not a one-and-done thing. And compliance isn't security – simply meeting compliance requirements isn't enough, which is why we're always working to improve our security controls.

If you’re going through the process or thinking about it, please reach out. We’re more than happy to share lessons learned. We hope that by being as transparent as possible about how we keep your information safe, you’re trust in us will continue to grow.

04/13/2023

🔒 Protecting sensitive data requires the use of strong cryptographic algorithms, and a key component of such algorithms is entropy.

Entropy is a measure of the disorder or randomness within a system, and it's crucial to the security of cryptographic algorithms. However, insufficiently random values can undermine the security of these algorithms, and there are several reasons why this can happen, including the use of hard-coded values, weak random number generators, and weak seed values.

In our latest blog post, our VP of Product Development Sam Craig explores Mitre’s CWE-331: Insufficient Entropy, why it happens, a real-world case study, and recommended mitigations.

You can check it out here: https://www.ubiqsecurity.com/exploring-cwe-331-insufficient-entropy/

And over the next several months, we’ll continue to release blog posts where we’ll dig deeper into most of the 29 related to OWASP’s A02:2021 – Failures . So, stay tuned!

Application security is critical to prevent cyber attacks. The OWASP Top Ten list is a well-known resource that identifies the most common and dangerous vulnerabilities in web applications and software.One of the vulnerabilities in the OWASP Top Ten is Cryptographic Failures, which includes the use....

02/02/2023

Data encryption is essential for any modern business, but its application isn’t always practical or straightforward. Especially when your sensitive data is stored in databases.

As incredibly useful as ciphers like AES are, they’re not practical for use cases where data needs to maintain a specific structure or has field length limitations. This is where standard format preserving encryption (FPE) can help.

Check out Schneir’s recent talk at 's PANW event where he:

🔐 Provides an in-depth look at the concepts, advantages, and disadvantages of FPE compared to and other commonly recognized encryption ciphers

💻 Discusses how FPE can solve and challenges without requiring a major overhaul of your systems

Watch the talk here: https://bit.ly/3l4v1pS