Iconik Shield FAQ Iconik Shield FAQ
  1. Iconik
  2. Security
  3. Security

Iconik Shield FAQ

Security

What is Iconik Shield?

Iconik Shield is an advanced security feature, available exclusively to Iconik Enterprise customers, that gives administrators precise control over who can access Iconik, what activity is visible, and how content is shared externally. It is designed for organizations that need to meet strict IT policies, compliance requirements, or security benchmarks beyond what the standard Iconik platform provides.

What features does Iconik Shield offer?

IP Allowlist - Lock down access to your Iconik account by IP address or network. Only connections from trusted sources — such as your company firewall, VPN, or approved offices — are allowed.

Email Allow List - Control exactly which email addresses or domains can authenticate when accessing shared content. Grant access to approved partners and clients without opening authentication to everyone.

Log Streaming - Stream all user activity to your SIEM system in near real-time. Detect threats faster, maintain a complete audit trail, and respond to incidents as they happen rather than after the fact.

Why should organizations implement Iconik Shield? Who can benefit?

Iconik Shield is designed for organizations with stringent IT policies and security guidelines that need to meet strict compliance requirements. It enhances IT security by providing advanced features not available in standard Iconik, helping organizations meet specific infosec benchmarks.
Organizations that benefit most include those with:

  • Regulatory compliance needs - Subject to industry standards or government regulations requiring detailed audit trails
  • High-value digital assets - Managing sensitive or proprietary media content that needs enhanced protection
  • Strict IT security policies - Requiring granular access controls and comprehensive activity monitoring
  • Multi-location operations - Needing to restrict platform access by geographic location or approved networks
  • External collaboration requirements - Sharing content with partners or clients while maintaining control over who can authenticate and access shares

Can you summarize the key advantages of Iconik Shield?

Iconik Shield delivers critical security enhancements for organizations with stringent IT requirements:

  • Precise access control - Only approved IP addresses and networks can access your media assets
  • Real-time monitoring - Stream all user activity logs directly to your SIEM for immediate threat detection
  • Complete audit trail - Track every asset change and user action with detailed logging unavailable in standard Iconik
  • Faster incident response - Detect and respond to suspicious activities as they happen, not after the fact
  • Controlled external sharing - Only approved email addresses and domains can authenticate via magic links to access shared content

How does IP Allowlisting work?

IP Allowlisting restricts access to the Iconik platform to specified IP addresses or CIDR prefixes. It can be configured for individual users, user groups, or the entire Iconik account globally. This feature ensures that only connections from trusted networks, such as company firewalls or gateways, are allowed, particularly protecting high-privileged accounts.

How does Email Allowlisting work?

Email Allowlisting allows administrators to specify which email addresses or domains are permitted to authenticate via magic links when accessing shared content. When a recipient from an allowlisted address or domain requests access to a share, they receive a magic link via email and can authenticate by clicking it — no password required. Recipients from non-allowlisted addresses cannot authenticate this way. This works for both viewing and uploading to shares.

Note that Magic Links itself is available to all Iconik users. Magic Links Email Allowlisting — the ability to control which addresses and domains can use this authentication method — is an Iconik Shield feature.

How does Log Streaming enhance security?

Log Streaming in Iconik Shield allows customers to monitor user activity and actions in near real-time to your SIEM system, including tracking the history and changes of assets within the system and job logs. This provides a detailed record of what's been shared and who accessed what and when, enhancing security and accountability. Admins can monitor a comprehensive log of user actions, streamlining the threat detection and incident management process. This sort of reporting is not possible via the usual Iconik UI.

How do I enable Iconik Shield?

Shield is managed through the Admin interface. It offers options to set up IP Allowlisting, configure Log Streaming to integrate with Amazon SQS or Google Cloud Pub/Sub for real-time log management, and configure Email Allowlisting to control which email addresses and domains can authenticate on shares.

How do I purchase Iconik Shield?

Iconik Shield is available exclusively as part of Iconik Enterprise. Visit the Pricing page for more information, or contact your account representative.

Can Iconik Shield be easily turned on/off?

Domain Owners on Iconik Enterprise can enable or disable Shield features as needed via the Iconik Admin page.

What is the difference between this level of security and what iconik typically offers?

Iconik already provides enterprise-grade security as a standard feature. Iconik Shield builds on this foundation by adding specialized controls that aren't available in the core platform:

  • Standard Iconik provides robust baseline security with encryption, secure protocols, and comprehensive access controls
  • Iconik Shield adds granular IP-based access restrictions, real-time activity monitoring through your existing security infrastructure, and email domain controls for external share access

Think of Shield as adding precision controls and immediate visibility on top of Iconik's already-strong security foundation. For reference, here are some standard Iconik security features all users benefit from:

  • Encryption and Secure Protocols: All data is encrypted during transit and at rest, and secure protocols are used for all communications.
  • Secure Hybrid Cloud Storage: Iconik operates its network in partnership with Global Cloud leaders like Microsoft Azure, Amazon AWS, and Google Cloud, leveraging their best practices for operational and physical security, including Denial-of-Service Protection.
  • Intrusion Detection: Advanced machine intelligence is used for proactive monitoring and response to intrusion attempts.
  • Password Hashing: Secure algorithms are used for password hashing to protect user credentials.
  • Regular Backups: Data is regularly backed up to prevent loss.
  • Regular Penetration Testing: Security assessments, including penetration testing, are conducted regularly to identify and fix vulnerabilities.
  • Network Security: Additional layers of network security measures are implemented, including firewalls and intrusion detection systems.
  • Access Control: Production environments are internally restricted to a specific group of engineers and separated from testing and non-production environments.
  • Logging and Auditing: All API calls and operations are logged for auditing in a secure environment.
  • External Audits: Security experts conduct assessments based on recognized methodologies like NIST SP800-115, PTES, OWASP, and Offensive Security to evaluate the effectiveness of Iconik's security measures.
  • Microservices Architecture: Iconik's architecture is based on microservices, allowing for scalable deployments and enhanced security. Each service can be individually secured, making it easier to identify and mitigate vulnerabilities.