CVE vulnerability assessments only accessible in Cloud, or for local on-site installations as well?

vqT4cDoP9iXyMZw · ‎08-04-2022

I noticed the emphasis on the recent 360 event for newly developed Cloud features. However, due to security restrictions my installation is likely to stay on-premise as long as Lansweeper permits it (and we may cease being a Lansweeper customer if/when Cloud is the only option).

Will Lansweeper be developing these features for on-premise customers?

lkeyes · ‎02-06-2023

Hi...would be interested in additional discussion about this. Also, has any progress been made about hosting cloud data in the U.S.? Thanks.

LeoDaniel · ‎02-06-2023

We are currently investigating the effort to host our Cloud environment in additional locations, but do not have any dates we can share at this time.

Adri · ‎08-13-2022

I do appreciate the value of cloud services (SAAS). Not to sure that I would put keys to the kingdom like SSH, ESX login etc. in a SAAS infrastructure management or monitoring platform, I know they are encrypted, and others like PRTG are pushing it as well, but is it really safe in all scenarios ask Kaseya and SolarWinds. It is for a good reason that in Microsoft cloud there is increasing use of PIM, only elevating access for admin users to specific high level access when required for work for a short period of time often only after approval by a supervisor,

Most of the accounts/passwords in Lansweeper are "limited access" but having a list of all the assets and the confirmed vulnerabilities for each of them presented might make things a little bit easier.

Also many accounts and access methods now need MFA when coming from a non internal network that will cause issues as all. The statement "The customer who co-presented the session about "Value of Lansweeper Cloud" for example manages IT for a county government in the US and he is able to use our Cloud." is a bit to easy in my opinion and evading the discussion asking for lemming behavior,

Just some suggestions to consider

LeoDaniel · ‎08-15-2022

@Adri , those are absolutely valid points. I certainly wasn't implying that if an individual customer was able to do it, everyone else should blindly follow suit. SaaS, like on-prem has it's advantages and disadvantages. I do believe that we can provide strong security and protection for your data and help you improve your overall security posture.

Just like you shouldn't blindly adopt a SaaS solution, believing that your data is secure because it is on-prem does not guarantee your data won't be compromised.

This is a business decision, weighing risks and benefits and I expect customers to review our Cloud from security perspective, so we can satisfy that we are taking appropriate steps before they adopt Lansweeper Cloud.

vqT4cDoP9iXyMZw · ‎08-16-2022

Daniel, how are customers able to review Lansweeper Cloud from a security perspective? Particularly to confirm Lansweeper has an improved security posture over our on-premise installations?

Does Lansweeper publish compliance with applicable ISO and/or other performance/quality/security standards relating to storage and transmission of data? Internal change management, patch policies, intrusion detection and prevention, vulnerability scanning, etc.?

I would like to demonstrate moving to Cloud is an improvement to our overall security posture, but I'm not sure how we make that comparison.

LeoDaniel · ‎08-16-2022

You can start by reviewing the information in Trust Center - Lansweeper IT Asset Management. In addition to the information in those pages, you can request our SOC 2 attestation report.

vqT4cDoP9iXyMZw · ‎08-17-2022

Thank you sir, I've requested the SOC 2 report.

I noticed on the Security - Trust Center - Lansweeper IT Asset Management page this statement:

Security policies & processes
Security at Lansweeper is organized based on industry standards (e.g. NIST CSF, ISO 2700x) and implemented using a risk-based approach. The security framework is translated into security processes including specific technical and organizational controls. The processes are supported by a comprehensive security policy framework. Security policies are considered internal and are not shared externally.

This position isn't surprising for any business, but I hope you can see my dilemma - as a cloud provider Lansweeper is saying their security is an improvement over the customer's on-premise environment and we should freely hand over data to be used by Lansweeper or affiliates as they see fit. However, without a basic understanding of how the security policies compare I'm not sure how that position is defendable.

LeoDaniel · ‎08-17-2022

If there are specific requirements/information you are looking for, you can include that request in comments on the SOC 2 request form. Or, if you prefer, please send me a private message with your email and I can connect you with our security team.

LeoDaniel · ‎08-04-2022

@vqT4cDoP9iXyMZw , yes, you are correct - a lot of our focus is on delivering the capabilities in our Cloud interface. There are obvious benefits to this approach - when we release new capabilities customers immediately have them available (except when a scanner update is required of course). I am interested in getting more information about the nature of the security restrictions. The customer who co-presented the session about "Value of Lansweeper Cloud" for example manages IT for a county government in the US and he is able to use our Cloud.

I also know from my past experience there may be many reasons why customers are unable to immediately take advantage of Cloud-based offerings, while at the same time they are using Cloud products like SalesForce, Concur, ServiceNow, etc.

CVE vulnerability assessments only accessible in Cloud, or for local on-site installations as well?

New to Lansweeper?

Try Lansweeper For Free