Lansweeper manages the data of over 20,000 companies worldwide, and with this responsibility, we are committed to providing our customers with the highest standards of security.
We understand our responsibility when you, our customers, entrust us with a significant amount of data. To maintain customer confidence in our security posture and the security features we provide, we work diligently to continuously improve security processes and controls and provide our customers with the highest transparency they need.
Below this page you can request access to:
Lansweeper’s information security program is planned, built, run, and monitored by our Information Security Officer. He is supported by several representatives from the Operations, Development and IT teams.
We organize all our security processes and measures in an internal Lansweeper Security Framework, making it easy and transparent to define, implement, monitor, and improve our security processes and controls. The processes are supported by a comprehensive security policy framework. The framework is organized based on industry standards (e.g. NIST CSF, ISO 2700x) and implemented using a risk-based approach.
We introduced several organizational structures on different levels to make sure our security program is aligned with Lansweeper’s objectives:
Lansweeper constantly strives to reduce the severity and frequency of vulnerabilities in our software and infrastructure. To this end, we have a multi-faceted and continually evolving approach to vulnerability management that utilizes both automated and manual processes across both our software and infrastructure to detect vulnerabilities in production:
We centralize and track vulnerabilities we identify using our internal ticketing systems in Jira to have a ‘single pane of glass.’
We have a vulnerability response process with an internal SLA to mitigate vulnerabilities within a specific timeframe. This timeframe is based on the CVSS score.
A secure SDLC procedure is defined and implemented throughout Lansweeper to ensure that security is incorporated from the inception of a new project and continues throughout the system’s entire life. Responsible personnel review the procedure yearly and acquires appropriate management approval for revised versions created during the review process.
Our SDLC procedure contains but is not limited to security in the design phase, SAST, peer reviews, SCA, end-to-end testing, and more.
Lansweeper cloud platform uses a trustworthy identity provider (Auth0) that ensures a secure and state-of-the-art authentication of your asset data. Authentication requests are protected by strong password settings.
We have a shared responsibility with our customers regarding the security of our on-premise software. However, we support our customers as much as possible with their security responsibilities. You can find more information on properly setting up the on-premise software securely here.
Our platform is hosted in both AWS and Azure. Following the “Shared responsibility model”, they are responsible for protecting the infrastructure that runs all of the services offered in the cloud. Our infrastructure is protected using multiple security mechanisms:
All service providers supporting our cloud platform are subject to a review of available audit and certification reports to evaluate and confirm the security practices implemented.
Lansweeper encrypts all data both in transit and at rest:
Access to our cloud platform by Lansweeper personnel or contractors is based on a least-privileged and need-to-know basis. We regularly conduct user access reviews to ensure appropriate permissions are in place. Access is granted and revoked following formal access management processes.
All personnel is subject to and required to follow recurrent security awareness sessions during onboarding and employment via an automated security awareness program. Security awareness focuses on understanding the Lansweeper security framework and the current threats and risks all personnel should be aware of.
"*" indicates required fields