Frequently Asked Questions
Yes, you can use Access Controls
Yes, you can use Roles
iconik has been assessed by external auditors that have CISSP, OSCP, CEH, PCIP, ISO, CISA, CISM, certifications and following methodologies and standards that include NIST SP800-115, PTES, OWASP and Offensive Security. It was concluded that an unauthorized person cannot penetrate the system, and iconik's security mechanisms are state-of-the-art and effective.
Ultimately it's the customer's responsibility to make sure that any file that is uploaded to iconik is free and safe from viruses and malware.
The Audit logs are for internal use, in the event of a problem please contact email@example.com otherwise for security reasons we will not release the audit or any other logs of the system.
We stored salted hashes of passwords using PBKDF2.
Access to the backend resources are limited to a small number of employees with access to the Google Cloud Platform Console Project that we are running the production system on. All support entitled personnel are required to use two factor authentication for their Google Cloud accounts.
iconik testing environments and other environments are separated from the main production environments by accounts, location, complete network isolation and access control.