Frequently Asked Questions

Can I manage who is able to see an asset in iconik?

Yes, you can use Access Controls

Can I manage who can perform delete operations in iconik?

Yes, you can use Roles

Does iconik use third party services to audit it's security?

iconik has been assessed by external auditors that have CISSP, OSCP, CEH, PCIP, ISO, CISA, CISM, certifications and following methodologies and standards that include NIST SP800-115, PTES, OWASP and Offensive Security. It was concluded that an unauthorized person cannot penetrate the system, and iconik's security mechanisms are state-of-the-art and effective.

Whose responsibility is it for content that is uploaded to iconik?

Ultimately it's the customer's responsibility to make sure that any file that is uploaded to iconik is free and safe from viruses and malware.

Can I access the Audit logs?

The Audit logs are for internal use, in the event of a problem please contact security@iconik.io otherwise for security reasons we will not release the audit or any other logs of the system.

Do you store user passwords?

We stored salted hashes of passwords using PBKDF2.

Who has access to the backend of iconik?

Access to the backend resources are limited to a small number of employees with access to the Google Cloud Platform Console Project that we are running the production system on. All support entitled personnel are required to use two factor authentication for their Google Cloud accounts.

iconik testing environments and other environments are separated from the main production environments by accounts, location, complete network isolation and access control.

Learn More