Description

Wolkvox implements a robust access management model in its infrastructure hosted on Google Cloud Platform (GCP), based on the principle of least privilege and aligned with ISO/IEC 27001 standards. This approach ensures that each user, service, or system has only the permissions necessary to perform their functions, thereby reducing the risk of unauthorized data exposure. Additionally, periodic reviews of access and permissions are conducted, supplemented by advanced authentication mechanisms and continuous auditing, to ensure compliance with security policies and the protection of sensitive information.

Features

Access Controls in GCP

• Principle of Least Privilege: Roles and permissions are assigned based on the specific needs of each user or service, avoiding unnecessary access to critical resources.
• Robust Authentication: Use of multi-factor authentication (MFA) and strong password policies for accessing cloud services.
• Role Segmentation: Definition of custom roles in GCP (e.g., administrator, developer, auditor) to limit the scope of actions each profile can perform.
• Data Encryption: All stored or transmitted information is encrypted, both at rest and in transit, using standards such as AES-256 and TLS.

Review and Audit

• Periodic Assessments: Permissions and access rights are reviewed quarterly, removing those that are no longer necessary or obsolete.
• Activity Logs: Detailed monitoring and logging of all actions performed in the cloud, with automatic alerts for suspicious or unusual activities.
• Shared Responsibility Matrix: Wolkvox and Google collaborate to ensure that access controls comply with best practices, following GCP’s shared responsibility model.