Iconik Shield FAQ Iconik Shield FAQ
  1. iconik
  2. Security
  3. Security

Iconik Shield FAQ

Security

What is Iconik Shield?

Iconik Shield is an advanced security add-on for the Iconik platform, designed to meet the security demands of customers with stringent IT policies and guidelines. It provides additional premium features, including IP Address Allowlisting and real-time Log Streaming, to offer more precise control and quicker incident response capabilities.

What features does iconik Shield offer?

IP Allowlist - Controls access by restricting login to specific IP addresses or networks, ensuring only trusted sources can connect.

Log Streaming - Allows near real-time monitoring and alerting of user activities, enabling rapid response to suspicious activities.

Why should organizations implement Iconik Shield? Who can benefit?

Iconik Shield is designed for organizations with stringent IT policies and security guidelines that need to meet strict compliance requirements. It enhances IT security by providing advanced features not available in standard Iconik, helping organizations meet specific infosec benchmarks.
Organizations that benefit most include those with:
  • Regulatory compliance needs - Subject to industry standards or government regulations requiring detailed audit trails
  • High-value digital assets - Managing sensitive or proprietary media content that needs enhanced protection
  • Strict IT security policies - Requiring granular access controls and comprehensive activity monitoring
  • Multi-location operations - Needing to restrict platform access by geographic location or approved networks

Can you summarize the key advantages of Iconik Shield?

Iconik Shield delivers critical security enhancements for organizations with stringent IT requirements:
  • Precise access control - Only approved IP addresses and networks can access your media assets
  • Real-time monitoring - Stream all user activity logs directly to your SIEM for immediate threat detection
  • Complete audit trail - Track every asset change and user action with detailed logging unavailable in standard Iconik
  • Faster incident response - Detect and respond to suspicious activities as they happen, not after the fact

How does IP Allowlisting work?

IP Allowlisting restricts access to the Iconik platform to specified IP addresses or CIDR prefixes. It can be configured for individual users, user groups, or the entire Iconik account globally. This feature ensures that only connections from trusted networks, such as company firewalls or gateways, are allowed, particularly protecting high-privileged accounts.

How does Log Streaming enhance security?

Log Streaming in Iconik Shield allows customers to monitor user activity and actions in near real-time to your SIEM system, including tracking the history and changes of assets within the system and job logs. This provides a detailed record of what’s been shared and who accessed what and when, enhancing security and accountability. Admins can monitor a comprehensive log of user actions, streamlining the threat detection and incident management process. This sort of reporting is not possible via the usual Iconik UI.

How does a customer enable Iconik Shield?

Shield can be activated and managed through the Admin interface. It offers options to set up IP Allowlisting and configure Log Streaming to integrate with Amazon SQS or Google Cloud Pub/Sub for real-time log management.

What is the cost of Iconik Shield?

You can find up-to-date information on Iconik pricing on the Pricing page.

Can Iconik Shield be easily turned on/off?

Domain Owners can turn the add-on service on/off as needed via the Iconik Admin page.

What is the difference between this level of security and what iconik typically offers?

Iconik already provides enterprise-grade security as a standard feature. Iconik Shield builds on this foundation by adding specialized controls that aren’t available in the core platform:
  • Standard Iconik provides robust baseline security with encryption, secure protocols, and comprehensive access controls
  • Iconik Shield adds granular IP-based access restrictions and real-time activity monitoring through your existing security infrastructure
Think of Shield as adding precision controls and immediate visibility on top of Iconik’s already-strong security foundation. For reference, here are some standard Iconik security features all users benefit from:
  • Encryption and Secure Protocols: All data is encrypted during transit and at rest, and secure protocols are used for all communications.
  • Secure Hybrid Cloud Storage: Iconik operates its network in partnership with Global Cloud leaders like Microsoft Azure, Amazon AWS, and Google Cloud, leveraging their best practices for operational and physical security, including Denial-of-Service Protection.
  • Intrusion Detection: Advanced machine intelligence is used for proactive monitoring and response to intrusion attempts.
  • Password Hashing: Secure algorithms are used for password hashing to protect user credentials.
  • Regular Backups: Data is regularly backed up to prevent loss.
  • Regular Penetration Testing: Security assessments, including penetration testing, are conducted regularly to identify and fix vulnerabilities.
  • Network Security: Additional layers of network security measures are implemented, including firewalls and intrusion detection systems.
  • Access Control: Production environments are internally restricted to a specific group of engineers and separated from testing and non-production environments.
  • Logging and Auditing: All API calls and operations are logged for auditing in a secure environment.
  • External Audits: Security experts conduct assessments based on recognized methodologies like NIST SP800-115, PTES, OWASP, and Offensive Security to evaluate the effectiveness of Iconik’s security measures.
  • Microservices Architecture: Iconik's architecture is based on microservices, allowing for scalable deployments and enhanced security. Each service can be individually secured, making it easier to identify and mitigate vulnerabilities.