Access Control & Insider Risk
How Abundera manages production access, privileged operations, and insider risk from sole-founder stage through team growth.
Current Access Model
1 Person with Production Access
Sole founder stage. All production systems are managed by the founder (Cisco Caceres), who serves as Security Officer, DPO, and incident responder. No employees, contractors, or third parties have access.
No SSH, No Shell
Serverless architecture means there are no servers, no operating systems, and no shell access to compromise. The attack surface of traditional insider access does not exist.
No Direct Database Access
Databases are accessed exclusively through runtime bindings — there is no connection string, no SQL client access, and no way to query data outside the application layer.
Serverless by Design
The platform runs entirely on edge compute. There are no persistent processes, no background daemons, and no server infrastructure to misconfigure.
Access Review Program
Quarterly Reviews with Independent Co-Sign
Formal access reviews conducted January, April, July, and October across 8 systems. The Infrastructure Advisor (Jeff Moyer, Barbarians, Inc.) co-signs quarterly access review logs for the founder's own account, providing independent accountability. Baseline review completed February 2026.
8 Systems Reviewed
Every review covers infrastructure provider, DNS, payment processor, banking integrations, email service, monitoring, source control, and domain registrar.
Token Scoping
API tokens are scoped to minimum required permissions with IP CIDR restrictions. 90-day inactivity triggers automatic review and rejection.
Audit Trail
All privileged actions are logged to dedicated audit tables with actor, action, timestamp, IP address, and outcome.
Break-Glass Procedures
Documented Protocol
Emergency access procedures are documented in the business continuity plan. Hardware security key and account recovery materials held in physical safety deposit box accessible by designated legal counsel. Break-glass actions trigger immediate alerts and require post-incident review.
Key Rotation
All 11 platform secrets stored in Cloudflare Workers Secrets (encrypted at rest and in transit), never committed to code. Documented rotation procedures for each. Rotation can be executed without service interruption via rolling deployment.
Emergency Succession
Designated emergency contacts with defined activation triggers (72h unresponsive during P1, 7 days under normal ops). GitHub organizational ownership ensures repository continuity. Infrastructure Advisor holds Cloudflare MFA backup codes for account recovery.
Scaling Plan
When the team grows beyond a sole founder, Abundera will implement: just-in-time (JIT) access provisioning, dual-approval for privileged operations, role separation between engineering and operations, mandatory security training for all personnel, and background checks for roles with data access. Account recovery includes a 48-hour cooling-off period with multi-channel notifications — users can cancel the recovery at any time if they did not initiate it.