Notification

Icon
Error

LsAgent Cloud relay encryption

Posted: Friday, September 14, 2018 10:29:44 AM(UTC)
mrg-admin

mrg-admin

Member Original PosterPosts: 2
2
Like
Hi

Information about LsAgent says that data transfer and storage is encrypted. But how are the encryption keys handled? And can Lansweeper or any other third party read the data.
I cannot find any unique key apart from the Cloud Relay Authentication Key and the local Lansweeper key.

Please describe how data is encrypted all the way from LsAgent > Cloud relay > Local Lansweeper server.


BR
MRG
Esben.D
#1Esben.D Member Administration Posts: 2,010  
posted: 9/17/2018 1:29:18 PM(UTC)
You can find most of the information regarding how the data is scanned and sent to Lansweeper here: https://www.lansweeper.c...gebase/lsagent/#heading4

In short, LsAgent will send the data to the cloud relay server via HTTPS. While your data is on the relay server waiting for installation to fetch it, it is encrypted using a encryption key only we have. Lansweeper will fetch your data via HTTPS again to get it into your installation.

Just to make this clear, the encryption on the cloud relay server was added to ensure that even in a worst case scenario, the data stored on it is safe. The encryption key used to encrypt the data is not accessible to any third parties and will in no case be used to decrypt customer's data.

Lastly, as soon as data has been retrieved by your local scan server, it is removed from the cloud so no data is kept longer than needed.
mrg-admin
#2mrg-admin Member Original PosterPosts: 2  
posted: 9/18/2018 10:58:49 AM(UTC)
Thank you for your reply.

Because you have access to a general encryption key and can read the data you will not comply to most enterprise company policies as well as EU-US regulations.

The cloud relay feature is great, but for us to be able to use this we will need a additional layer of encryption based on keys that only we have access to.


https://en.wikipedia.org...2%80%93US_Privacy_Shield
https://ec.europa.eu/inf...ta-protection/reform_en/
Esben.D
#3Esben.D Member Administration Posts: 2,010  
posted: 9/20/2018 10:56:27 AM(UTC)
We’ve always been committed to the protection of our customer’s data which is why we try to maximize security while minimizing the impact on performance and ease of use. While unique encryption keys is indeed an ideal situation, it brings many technical challenges with it. Finding a secure method which is controlled by the end user is certainly part of future improvements. I’ve already talked with our development team about this as data privacy is obviously very important.

If the way the LsAgent cloud relay currently works does not meet your data privacy standards, you can still use LsAgent via a direct server connection and not use the cloud relay. Additionally, similar to LsPush, you can create direct connections with remote assets via a VPN so you can still scan remote assets without using the relay. This way you can still benefit from the other improvements over LsPush like Mac and Linux scanning.

Active Discussions

Lansweeper Enterprise Options in Menu Bar/Configuration
by  mk@allan   Go to last post Go to first unread
Last post: 6/18/2021 7:38:43 PM(UTC)
Lansweeper No One getting back to me from Lansweeper
by  Kenneth Lindsay  
Go to last post Go to first unread
Last post: 6/18/2021 3:31:06 PM(UTC)
Lansweeper INFO DateTimeService time refresh
by  miharix   Go to last post Go to first unread
Last post: 6/18/2021 10:48:57 AM(UTC)
Lansweeper RPC Unavailable error
by  Greeno  
Go to last post Go to first unread
Last post: 6/17/2021 7:15:07 PM(UTC)
Lansweeper Exclude Search
by  pryan67  
Go to last post Go to first unread
Last post: 6/16/2021 4:01:43 PM(UTC)
Lansweeper Report: All Apple Mac devices with Memory RAM asset
by  gabrielo   Go to last post Go to first unread
Last post: 6/16/2021 3:17:24 PM(UTC)
Lansweeper Does technical support for LS really respond?
by  tosch  
Go to last post Go to first unread
Last post: 6/16/2021 12:48:50 PM(UTC)