cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vqT4cDoP9iXyMZw
Champion Sweeper

I noticed the emphasis on the recent 360 event for newly developed Cloud features.  However, due to security restrictions my installation is likely to stay on-premise as long as Lansweeper permits it (and we may cease being a Lansweeper customer if/when Cloud is the only option).

Will Lansweeper be developing these features for on-premise customers?

11 REPLIES 11
lkeyes
Engaged Sweeper III

Hi...would be interested in additional discussion about this. Also, has any progress been made about hosting cloud data in the U.S.?    Thanks. 

We are currently investigating the effort to host our Cloud environment in additional locations, but do not have any dates we can share at this time.

Adri
Engaged Sweeper III

I do appreciate the value of cloud services (SAAS). Not to sure that I would put keys to the kingdom like SSH, ESX login etc. in a SAAS infrastructure management or monitoring platform, I know they are encrypted, and others like PRTG are pushing it as well, but is it really safe in all scenarios ask Kaseya and SolarWinds. It is for a good reason that in Microsoft cloud there is increasing use of PIM, only elevating access for admin users to specific high level access when required for work for a short period of time often only after approval by a supervisor,

Most of the accounts/passwords in Lansweeper are "limited access" but having a list of all the assets and the confirmed vulnerabilities for each of them presented might make things a little bit easier.

Also many accounts and access methods now need MFA when coming from a non internal network that will cause issues as all. The statement "The customer who co-presented the session about "Value of Lansweeper Cloud" for example manages IT for a county government in the US and he is able to use our Cloud." is a bit to easy in my opinion and evading the discussion asking for lemming behavior, 

Just some suggestions to consider

@Adri , those are absolutely valid points.  I certainly wasn't implying that if an individual customer was able to do it, everyone else should blindly follow suit.  SaaS, like on-prem has it's advantages and disadvantages.  I do believe that we can provide strong security and protection for your data and help you improve your overall security posture.  

Just like you shouldn't blindly adopt a SaaS solution, believing that your data is secure because it is on-prem does not guarantee your data won't be compromised.

This is a business decision, weighing risks and benefits and I expect customers to review our Cloud from security perspective, so we can satisfy that we are taking appropriate steps before they adopt Lansweeper Cloud.

Daniel, how are customers able to review Lansweeper Cloud from a security perspective?  Particularly to confirm Lansweeper has an improved security posture over our on-premise installations?  

Does Lansweeper publish compliance with applicable ISO and/or other performance/quality/security standards relating to storage and transmission of data?  Internal change management, patch policies, intrusion detection and prevention, vulnerability scanning, etc.?

I would like to demonstrate moving to Cloud is an improvement to our overall security posture, but I'm not sure how we make that comparison. 

You can start by reviewing the information in Trust Center - Lansweeper IT Asset Management.  In addition to the information in those pages, you can request our SOC 2 attestation report.

Thank you sir, I've requested the SOC 2 report.

I noticed on the Security - Trust Center - Lansweeper IT Asset Management page this statement:

Security policies & processes

Security at Lansweeper is organized based on industry standards (e.g. NIST CSF, ISO 2700x) and implemented using a risk-based approach. The security framework is translated into security processes including specific technical and organizational controls. The processes are supported by a comprehensive security policy framework. Security policies are considered internal and are not shared externally.



This position isn't surprising for any business, but I hope you can see my dilemma - as a cloud provider Lansweeper is saying their security is an improvement over the customer's on-premise environment and we should freely hand over data to be used by Lansweeper or affiliates as they see fit.  However, without a basic understanding of how the security policies compare I'm not sure how that position is defendable.

If there are specific requirements/information you are looking for, you can include that request in comments on the SOC 2 request form.  Or, if you prefer, please send me a private message with your email and I can connect you with our security team.

LeoDaniel
Product Team
Product Team

@vqT4cDoP9iXyMZw , yes, you are correct - a lot of our focus is on delivering the capabilities in our Cloud interface.  There are obvious benefits to this approach - when we release new capabilities customers immediately have them available (except when a scanner update is required of course).  I am interested in getting more information about the nature of the security restrictions.  The customer who co-presented the session about "Value of Lansweeper Cloud" for example manages IT for a county government in the US and he is able to use our Cloud.

I also know from my past experience there may be many reasons why customers are unable to immediately take advantage of Cloud-based offerings, while at the same time they are using Cloud products like SalesForce, Concur, ServiceNow, etc.