Security

Data security is no longer vital.
It’s a basic requirement.

Your data and workflow processes are valuable IP. You should be confident they are protected. LemonEdge has comprehensive security to ensure your data is safe and can be correctly segregated between your own internal teams. Logins are salt hashed, connections are encrypted and the environment is robust against external cyber-attacks. LemonEdge has 3 walls of defence ensuring your data is protected and secure. These are our Secure Environment, Secure Practices, and our Secure Permissions.

Secure Environment

LemonEdge is built from scratch on the .Net Core benefiting from all the latest enterprise security best practices. All connections to the database, or service, are encrypted to ensure safe transportation of your data, even over your own internal network. The Web Service, or Serverless Functions (if setup in the cloud), benefit from the latest hardening against DoS attacks and other vectors. (See Open Architecture - Deployment lock for more details). LemonEdge is designed to work completely within your own isolated network, all the way through to full cloud implementations which benefit from their secure setups.

Secure Practices

LemonEdge always defers to best practices for safety. We have salted hashing on passwords and logins, etc. But for full protection we also integrate into Windows AD, so you can log in to LemonEdge using your own network login benefiting from Windows security and corporate password policies, etc. Similarly, the task service can run securely critical operations from an isolated area within your network safe from attack. Those operations don’t have to be run from user machines, or even under their permissions. Instead, they can run in a safe area under specified higher permissions, ensuring users don’t have unsafe elevated permissions everywhere just to run certain large processes.

Secure Permissions

In many legacy finance systems permissions were bolted onto their core system. Most of the permissions only allow you to apply them broadly, not to each individual record, and they don’t permit you to permission every item in the system. Worse, most of the time permissions are enforced through the UI and not the back-end architecture. This can leave your system open to a series of data breaches. LemonEdge is designed with security being front and centre as part of the overall platform. Our permissions have the following features:

Teams, Users and Roles

• Permissions are applied to Teams

• Users can belong to as many teams as required

• Roles are separate from Teams, and UI elements can be configured against roles and teams

Grading

Permissions have the following grades:

• None

• Read-Only

• Read-Write

• Create

• Delete

• Can Change Permissions

Auto-Enforced

Permissions are automatically enforced throughout the system, including but not limited to:

• Web Service Reporting

• Importing/Exporting

• Audit History

• Sandboxes

• Workflows

• Document Management

Configurable Defaults

Permissions have configurable default settings for newly created items.

Granular Control

Permissions can be assigned differently against individual records given ultimate granular control for access

Enterprise-Grade Security

LemonEdge takes enterprise-grade security very seriously, and our above approach ensures you have full transparency into every area users have access to. Importantly we also want permissions to be part of the system that enhances your team’s workflow (like our other Enterprise Data Tools) and not something that gets in the way. As such it is transparent, easy to use, and ensures different teams can have the correct access they require without having to just give everyone access to everything in order for the system to work.