This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LsAgent Cloud relay encryption

mrg-admin
Engaged Sweeper

‎09-14-2018 11:29 AM

Hi

Information about LsAgent says that data transfer and storage is encrypted. But how are the encryption keys handled? And can Lansweeper or any other third party read the data.
I cannot find any unique key apart from the Cloud Relay Authentication Key and the local Lansweeper key.

Please describe how data is encrypted all the way from LsAgent > Cloud relay > Local Lansweeper server.


BR
MRG
Labels:
3 REPLIES 3
Esben_D
Lansweeper Employee
Lansweeper Employee

‎09-20-2018 11:56 AM

We’ve always been committed to the protection of our customer’s data which is why we try to maximize security while minimizing the impact on performance and ease of use. While unique encryption keys is indeed an ideal situation, it brings many technical challenges with it. Finding a secure method which is controlled by the end user is certainly part of future improvements. I’ve already talked with our development team about this as data privacy is obviously very important.

If the way the LsAgent cloud relay currently works does not meet your data privacy standards, you can still use LsAgent via a direct server connection and not use the cloud relay. Additionally, similar to LsPush, you can create direct connections with remote assets via a VPN so you can still scan remote assets without using the relay. This way you can still benefit from the other improvements over LsPush like Mac and Linux scanning.
mrg-admin
Engaged Sweeper

‎09-18-2018 11:58 AM

Thank you for your reply.

Because you have access to a general encryption key and can read the data you will not comply to most enterprise company policies as well as EU-US regulations.

The cloud relay feature is great, but for us to be able to use this we will need a additional layer of encryption based on keys that only we have access to.


https://en.wikipedia.org/wiki/EU%E2%80%93US_Privacy_Shield
https://ec.europa.eu/info/law/law-topic/data-protection/reform_en/
Esben_D
Lansweeper Employee
Lansweeper Employee

‎09-17-2018 02:29 PM

You can find most of the information regarding how the data is scanned and sent to Lansweeper here: https://www.lansweeper.com/knowledgebase/lsagent/#heading4

In short, LsAgent will send the data to the cloud relay server via HTTPS. While your data is on the relay server waiting for installation to fetch it, it is encrypted using a encryption key only we have. Lansweeper will fetch your data via HTTPS again to get it into your installation.

Just to make this clear, the encryption on the cloud relay server was added to ensure that even in a worst case scenario, the data stored on it is safe. The encryption key used to encrypt the data is not accessible to any third parties and will in no case be used to decrypt customer's data.

Lastly, as soon as data has been retrieved by your local scan server, it is removed from the cloud so no data is kept longer than needed.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now