Security
Data security is no longer vital. It’s a basic requirement.
Your data and workflow processes are valuable IP. You should be confident they are protected. LemonEdge has comprehensive security to ensure your data is safe and can be correctly segregated between your own internal teams. Logins are salt hashed, connections are encrypted and the environment is robust against external cyber-attacks. LemonEdge has 3 walls of defence ensuring your data is protected and secure. These are our Secure Environment, Secure Practices, and our Secure Permissions. Together your environment is safe, your data is safe, and your own teams only have access to what they are permitted to see.
LemonEdge is built from scratch on the .Net Core benefiting from all the latest enterprise security best practices. All connections to the database, or service, are encrypted to ensure safe transportation of your data, even over your own internal network.
The Web Service, or Serverless Functions (if setup in the cloud), benefit from the latest hardening against DoS attacks and other vectors. (See Open Architecture - Deployment lock for more details).
LemonEdge is designed to work completely within your own isolated network, all the way through to full cloud implementations which benefit from their secure setups.
LemonEdge always defers to best practices for safety. We have salted hashing on passwords and logins, etc. But for full protection we also integrate into Windows AD, so you can log in to LemonEdge using your own network login benefiting from Windows security and corporate password policies, etc.
Similarly, the task service can run securely critical operations from an isolated area within your network safe from attack. Those operations don’t have to be run from user machines, or even under their permissions. Instead, they can run in a safe area under specified higher permissions, ensuring users don’t have unsafe elevated permissions everywhere just to run certain large processes.
In many legacy finance systems permissions were bolted onto their core system. Most of the permissions only allow you to apply them broadly, not to each individual record, and they don’t permit you to permission every item in the system. Worse, most of the time permissions are enforced through the UI and not the back-end architecture. This can leave your system open to a series of data breaches.
LemonEdge is designed with security being front and centre as part of the overall platform. Our permissions have the following features:
Teams, Users and Roles
- Permissions are applied to Teams
- Users can belong to as many teams as required
- Roles are separate from Teams, and UI elements can be configured against roles and teams
Grading
Permissions have the following grades:
- None
- Read-Only
- Read-Write
- Create
- Delete
- Can Change Permissions
Auto-Enforced
Permissions are automatically enforced throughout the system, including but not limited to:
- Web Service Reporting
- Importing/Exporting
- Audit History
- Sandboxes
- Workflows
- Document Management
Configurable Defaults
Permissions have configurable default settings for newly created items.
Granular Control
Permissions can be assigned differently against individual records given ultimate granular control for access
LemonEdge takes enterprise-grade security very seriously, and our above approach ensures you have full transparency into every area users have access to. Importantly we also want permissions to be part of the system that enhances your team’s workflow (like our other Enterprise Data Tools) and not something that gets in the way. As such it is transparent, easy to use, and ensures different teams can have the correct access they require without having to just give everyone access to everything in order for the system to work.