Skip to main content

Security

Secure your integrations with Unizo by configuring advanced security features such as external log forwarding and customer-managed encryption keys. These capabilities provide organizations with greater control, compliance readiness, and operational transparency.

Bring Your Own Log (BYOL)

Bring Your Own Log (BYOL) allows you to forward Unizo activity logs to your own infrastructure. This is particularly useful for meeting compliance requirements, maintaining internal observability, or using specialized SIEM tools.

When BYOL is enabled, Unizo will stop storing sensitive logs and will instead stream them directly to your configured endpoint.

Availability: BYOL is available for customers on Business and Enterprise plans.

How It Works

  • Logs generated by your Unizo integrations are forwarded in real-time.
  • You maintain full control over log storage, retention, and access policies.
  • No logs are stored within the Unizo platform (if internal logging is disabled).

Setup Guide

  1. Navigate to Security Settings
    Go to Settings → Security → Log Protection.

  2. Disable Internal Logging (Optional)
    Toggle off “Allow Unizo to store logs” if you want complete ownership of log data.

  3. Create Log Transfer Integration
    Click Create Integration to securely connect your external log destination (e.g., AWS S3, Splunk, Datadog, etc.).

  4. Validate Integration
    Ensure that logs are being successfully delivered to and processed by your system.

Best Practices

  • Do Not Skip Log Transfer
    If internal logging is disabled but external logging is not configured, you will have no access to logs for monitoring or debugging.

  • Secure Your Infrastructure
    Ensure that your log storage destination is secure, access-controlled, and monitored.

  • Set Up Monitoring
    Implement health checks and alerts on your logging pipeline to detect failures or anomalies in log delivery.

Bring Your Own Key (BYOK)

Bring Your Own Key (BYOK) empowers you to manage encryption keys via your own external Key Management System (KMS). This enhances your control over encryption, decryption, and compliance with internal data security policies.

Unizo supports seamless integration with popular KMS providers like AWS KMS, Azure Key Vault, and Google Cloud KMS.

Availability: BYOK is available for customers on Business and Enterprise plans.

How It Works

  • Unizo retrieves your keys securely via API calls to your external KMS.
  • Your encryption keys are never stored or cached in Unizo.
  • All sensitive data is encrypted and decrypted using your keys in real time.

Setup Guide

  1. Navigate to Security Settings
    Go to Settings → Security → Key Protection.

  2. Choose a Key Management Mode

    • Unizo-managed (default): Fast and simplified internal key management.
    • Customer-managed (BYOK): Enhanced security using your external KMS.

  3. Connect Your KMS
    Follow the guided steps to connect your KMS using service credentials or access tokens.
    Provide key ARNs or IDs as required.

  4. Test Key Operations
    Run encryption and decryption tests to ensure the key is accessible and functional within the Unizo platform.

Best Practices

  • Ensure High Availability
    Your KMS should have redundancy and failover mechanisms. If your KMS is down, encryption operations may fail.

  • Coordinate Key Rotations
    Schedule and document rotations carefully to prevent outages. Always notify Unizo if key identifiers or credentials change.

  • Own the Lifecycle
    When using BYOK, your organization is responsible for key generation, storage, rotation, revocation, and auditing.

For advanced security integrations or compliance needs, contact our team at support@unizo.ai.