Use Cases
Ubiq is an application-layer encryption API service with integrated key management that securely safeguards highly sensitive data. Ubiq enables applications and clients (users, machines, etc.) to encrypt, flexibly and safely apply and manage encryption keys, and more effectively protect sensitive data than traditional storage-based encryption tools.
This page outlines common use cases for Ubiq. Each use case explores how Ubiq can be leveraged to address specific data security challenges and requirements. Please note that while we strive to cover a broad spectrum of scenarios, not all potential use cases may be listed here. If you have any questions, feel free to drop us a note at [email protected].
Data Privacy and Security
Organizations handle vast amounts of sensitive data daily. This data can include retail customer information, credit card data, or confidential customer service interactions. Secure Data Operations use cases emphasize the necessity of implementing robust encryption and data masking techniques across retail operations. These ensure that sensitive data remains secure and unreadable, even in the event of a data breach. Additionally, protecting sensitive log file data is also a crucial part of this theme. The goal is to minimize the risk of data exposure and maintain the trust of customers and stakeholders.
- Safeguarding credit card data: encryption and data masking of sensitive credit card data for retail operations.
- Using encryption to protect stored credit card information reduces the risk of credit card fraud if a database is compromised.
- Protecting retail customer data: encryption of retail customer PII (social security numbers, date of birth, IMEI, SIM card, etc.) for retail applications.
- Encryption of customers' PII in systems ensures that even in the case of a data breach, the data remains unreadable without the decryption keys.
- Restricting customer service access to sensitive data: Encryption and partial data masking of sensitive data for customer service applications.
- Partial data masking can be used to verify customer identities without exposing their full sensitive data to customer service representatives.
- Protecting sensitive log file data: protecting sensitive log data from security systems (digital and physical).
- Encrypting sensitive log data from security systems protects against unauthorized access.
- Secure data archiving: encryption of data for long term storage.
- Encrypting archived data ensures that even decades-old data remains secure.
Secure Application Development and Testing
Modern development and engineering teams are expected to incorporate security measures into their workflows. Secure Development Practices use cases highlight the importance of integrating encryption into the Software Development Lifecycle (SDLC) and DevOps workflows. This includes using encryption and de-identification techniques for testing and QA purposes, and protecting and encrypting secrets. The focus is on proactively embedding security measures into the software development processes.
- Integrating encryption into application development: enabling development and engineering teams to incorporate encryption into their SDLC and DevOps workflows.
- Incorporating secure coding practices, including the use of encryption, throughout the SDLC protects sensitive data in applications.
- Enabling safe testing on sensitive data: encryption and de-identification of sensitive data for test and QA purposes for application development processes.
- Encryption and de-identification of sensitive data can be used for software testing, ensuring privacy while allowing developers to work with realistic data.
- Protecting and encrypting secrets during development: incorporating encryption into the handling and storage of secrets (tokens, access keys, certificates, API keys, application secrets, etc.) in SDLC and DevOps workflows.
- During the software development processes "secrets" are often used. This data, if exposed, can lead to significant security risks. When the use of a secrets management system is not practical, incorporating encryption into the handling and storage of these secrets ensures they remain secure.
- Data protection for legacy applications: enabling encryption for legacy systems without changes to underlying data model or structure.
- Transparent data encryption can protect data in legacy systems, without needing to modify the applications themselves.
Compliance and Regulation
As businesses operate in a global environment, they need to adhere to various data protection regulations such as GDPR, CCPA, and PCI-DSS. Data Privacy and Regulatory Compliance use cases illustrate how encryption can help organizations achieve compliance quickly and painlessly. It also presents strategies for managing unique requirements, such as GDPR's "right to be forgotten" and replacing costly tokenization deployments with format-preserving encryption. This theme emphasizes maintaining customer trust and avoiding penalties by ensuring regulatory compliance.
- Achieving compliance or reducing scope: enabling quick and painless compliance to PCI-DSS, GDPR, CCPA, PDPA, HIPAA, etc.
- Encrypting data aids in complying with various data protection regulations such as GDPR, CCPA, and PCI-DSS.
- GDPR "Right to be Forgotten" compliance: The GDPR "right to be forgotten" requires that organizations must be able to delete customer data upon request.
- By encrypting each data element with a unique key, organizations can effectively "delete" the data by destroying the unique key.
- Deprecating costly tokenization: replacing costly and complex tokenization deployments.
- Replacing existing tokenization solutions with format-preserving encryption reduces costs while still protecting sensitive payment data.
Protecting data in cloud, SaaS, and shared infrastructure
The shift towards cloud and multi-environment infrastructure brings about new security challenges. This grouping underlines the importance of ensuring data security during migration to the cloud, within hybrid or multi-cloud environments, and in serverless architectures. It also focuses on protecting data transmitted between IoT devices. The goal is to create a secure, robust, and seamless data protection strategy that spans multiple environments.
- Enabling safe cloud migration through BYOE/K: migration of sensitive data and workloads from on-premise storage to cloud service providers, while maintaining full control of encryption and key management – AWS, Azure, etc.
- Bring Your Own Encryption/Key (BYOE/K) allows maintaining full control over the encryption of sensitive data during and after migration to the cloud [supports Monetary Authority of Singapore (MAS) guidance].
- Securing data in single, hybrid or multi-cloud environments: ensuring data is consistently protected and remains secure regardless of its location.
- Encrypting data ensures consistent protection across multiple cloud environments.
- Securing data in a serverless architecture: encrypting data in serverless architectures, where data can be stored in various places, including function-as-a-service platforms and 3rd-party services.
- Encrypting data stored in various places, including function-as-a-service platforms and 3rd-party services, protects it from unauthorized access.
- Safe colocation and storage of data: protecting unique customer records with distinct encryption keys in a shared data warehouse or database.
- Distinct encryption keys can be used for each set of data stored in shared data storage, ensuring that each set of data is secured separately.
- Securing sensitive financial data in open banking APIs: In the open banking ecosystem, APIs play a crucial role in sharing financial data between institutions. However, this exposes sensitive financial data to potential threats.
- Encrypting this data before it is transmitted through APIs ensure that if intercepted, it remains unreadable and secure. Furthermore, the integrated key management allows each financial institution to maintain control of their encryption keys, adding an additional layer of security.
- Protecting user authentication data: Open banking often involves 3rd-party providers (TPPs) who require access to a customer's banking data. This necessitates secure user authentication processes to verify the identity of customers and prevent unauthorized access.
- Encrypting sensitive authentication data such as access tokens, ensuring that even if a breach occurs, this critical data remains secure. It also allows institutions to manage the lifecycle of these encrypted authentication tokens effectively, further enhancing the overall security of the open banking platform.
Secure, identity-based big data analytics and 3rd-party sharing
With the rise in data breaches, managing who has access to what data is more important than ever. Identity and Access Control Management use cases emphasize the importance of implementing identity-based access controls and unique encryption for each tenant in multi-tenancy environments, and securing sensitive data generated by AI and ML models. It also discusses sharing sensitive data securely between subsidiaries, wholesalers, and during mergers and acquisitions. The focus here is on ensuring only authorized individuals have access to sensitive data.
- Identity-based data access: authorization of access to sensitive data based on identity.
- Implementing identity-based access controls ensures that only authorized users and processes can access encrypted records.
- Enabling anonymous analytics on sensitive data: encryption and de-identification of data for large scale big data analytics (Snowflake, Databricks, etc.) on sensitive data.
- Encrypted and de-identified data can be used to analyze usage patterns and improve services while protecting privacy.
- Multi-tenancy environments: uniquely encryption and isolating each tenant's data from others to ensure privacy and data security.
- By using a unique encryption key for each data element, you can ensure that even if one tenant's data is somehow compromised, the other tenants' data remains secure.
- Securing AI and ML data: encryption of sensitive data generated by AI and ML models, especially in multi-tenant environments.
- Encrypting the data used to train advanced models protects sensitive information while still allowing the models to learn.
- Safe sharing of data between subsidiaries and wholesalers: granular authorization to sensitive data via API keys.
- Grant subsidiaries and business partners access to sensitive data through permissioned API keys.
- Secure data monetization and sharing: encrypting and anonymizing sensitive data that is sold to partners and 3rd parties.
- Encrypting and anonymizing sensitive data that is shared with partners and 3rd-parties to protect privacy and comply with regulations.
- Mergers and acquisitions: secure sharing of highly sensitive data.
- Grant access to sensitive data through permissioned API keys.
Breach, insider and supply chain risk mitigation
Organizations need to protect against both internal and external threats. Risk Mitigation and Secure Business Processes use cases cover strategies for encrypting data within internal networks, protecting legacy systems, mitigating supply chain risks, and insider threats. The aim is to create a comprehensive risk management strategy that safeguards all aspects of the business.
- In-network encryption of sensitive data: encrypting and protecting data within the customer internal network.
- Encrypting data as it travels within internal networks protects against potential threats inside the network.
- Preventing supply chain risk and insider threats: encrypting sensitive data at the application-layer, so that even if the storage environment is compromised by a 3rd party provider or insider, data is unreadable.
- Encrypting sensitive data at the application layer ensures that the data remains unreadable even if a 3rd-party provider or insider gains unauthorized access to storage systems.
- Mitigating damage from data breaches: re-keying data in the event of a confirmed or suspected data breach.
- In the event of a data breach where encryption keys may have been accessed or compromised, re-keying the affected data helps limit the potential harm by ensuring the compromised keys cannot be used to access more data. This strategy enhances overall data security and aids in the recovery process following a data breach.
- Thwarting double extortion ransomware attacks: encrypting data to prevent unauthorized decryption
- A rising trend in ransomware attacks involves double extortion, where attackers not only encrypt a victim's data but also threaten to release it publicly unless a ransom is paid. By encrypting sensitive data using strong encryption methods in advance, businesses can protect against such attacks. Even if attackers gain access to the data, they would not be able to decrypt it or threaten its release without the encryption keys, thus mitigating the threat of double extortion.
Advanced Encryption Applications
As technology evolves, so do threats and the tools to combat them. Advanced Encryption Applications use cases explore forward-looking encryption techniques like preparing for quantum computing. This theme also covers secure data archiving, highlighting the importance of long-term data security.
- Quantum readiness: enabling rapid and effortless encryption algorithm updates/replacements in preparation for quantum computing.
- Easily updating encryption algorithms to quantum-resistant ones prepares for the emergence of quantum computing.
- In-network encryption of sensitive data: encrypting and protecting data within the customer internal network.
- Encrypting data as it travels within internal networks protects against potential threats inside the network.
- Enabling point to point or link encryption for IoT devices: protecting sensitive data transmitted between IoT devices.
- Sensitive data transmitted between IoT devices can be protected by encrypting it, thus preventing unauthorized access during transmission.
Updated 7 months ago