FAQ: Data Collection Through SysTrack Cloud

Q: What data is collected and stored when a customer is using SysTrack Cloud?

A: SysTrack collects and stores data that describes digital end user experience and associated machine performance. This data is typically generated in the course of an end user’s employment with Lakeside’s customer and end users are generally workers within the customer’s organization. The SysTrack agent is installed by customer on the end user’s machine (e.g., laptop) to gather hardware/software information, monitor system and device performance, and collect other properties. The SysTrack agent does not natively record keystrokes or mouse movements. By way of example, the SysTrack agent might report use of a Microsoft Office 365 application, but it does not see the details of the work being performed by the end user in the application.

Q: What data is transmitted to the SysTrack Cloud tenant database (i.e., Lakeside hosted system)?

A: A subset of data collected on the local client is sent up to the master Lakeside cloud centralized store. For example, the application name and how long that application was in the foreground is sent up to the master SysTrack centralized data store whereas the local agent retains detailed information about individual application executions such as CPU, memory, and IOPS values.

Examples of data sent to the master SysTrack cloud store includes:

  • Application usage and faults

  • Boot timing data

  • Values out of tolerance

  • Hardware/System configurations

  • System health

  • Web traffic (if enabled by customer)

  • Power data

  • Storage details

  • User resource usage

Q: Can the customer determine which data collected on the SysTrack client is submitted to the SysTrack cloud?

A: Customer may request custom configure of SysTrack Cloud so that certain data is never condensed to the tenant database. However, such configuration will diminish the functionality and utility of SysTrack Cloud. Any such custom configuration can be requested through Lakeside’s Support team.

Q: Can data be pseudoanonymized in SysTrack Cloud?

A: A pseudoanonymization feature is configurable by the tenant administrator via the SysTrack Cloud Configure tool. Depending on individual customer needs, it can be set for all, or some subset of machines being monitored. There is also an additional registry setting that can be set on the machines running the SysTrack Cloud agent that will override the standard configuration changes and will force the SysTrack Cloud agent to always operate in the pseudoanonymized mode. Contact the Lakeside Support team for details on the registry setting.

Q: What is the process for having data deleted from SysTrack Cloud? And how can a customer respond to any requests from end users to be forgotten?

A: Customer’s SysTrack Cloud tenant is automatically deleted following expiration of its subscription. Customer may request earlier deletion of its tenant by submitting a request to the Lakeside Support team. Earlier requests to delete tenants can typically be completed within three (3) business days. To delete SysTrack agent data, customer can use the redact functionality (the “forget” functionality) in the SysTrack Cloud UI to delete individual end user data. Customer can also uninstall the SysTrack agent from a machine at any time for any reason and all further collection and uploads will automatically cease.

Q: How long is data retained in SysTrack Cloud?

A: Inventory data (e.g., hardware, keyboard, mouse, etc.) is retained until the applicable inventory is replaced or the data is otherwise deleted by customer. Event and activity data (e.g., browser activity, application usage, session log ons, etc.) automatically ages out unless sooner deleted by customer.

Q: How does Lakeside handle requests from data subjects (i.e., customer workers) to delete or access their data?

A: In the event that a data subject contacts Lakeside directly regarding their data, Lakeside will provide notice of such request to the applicable customer without undue delay. Lakeside will then coordinate any response to the data subject in cooperation with the customer and will follow customer’s instructions with respect to any such request. Lakeside will not respond to data subject requests without customer authorization.

Q: What kind of encryption does SysTrack Cloud utilize?

A: SysTrack Cloud service endpoints are encrypted using TLS 1.2 or greater via HTTPS/SSL protocols. SysTrack Cloud tenant databases and associated tenant storage are encrypted at rest using AES-256. All Lakeside servers, workstations and laptops used to develop and support SysTrack Cloud are also secured with AES-256 disk encryption.

Q: What security measures are utilized by Lakeside to prevent the unauthorized access of data?

A: The principle of least privilege is consistently applied to all access of systems, source code, data, infrastructure, configurations, and changes. Lakeside has implemented separate Azure cloud environments for development, QA, and production. SysTrack Cloud endpoints undergo 3rd party penetration testing annually. Vulnerability scans of the SysTrack Cloud environment are conducted at least weekly with automated alerting on Critical/High risk vulnerabilities. All Lakeside virtual machines within the SysTrack Cloud service have local firewalls configured to block all inbound connections by default with open ports only for required connections. Customer authentication to SysTrack Cloud is federated via Azure B2C OpenID-Connect. Access to SysTrack Cloud is customer controlled via role-based access assignments to different aspects of the service. Lakeside does not have access to customer passwords. Lakeside isolates SysTrack Cloud admin account authentication from its internal active directory (i.e., no federation). Cloud admin authorization requires MFA, secure passwords enforced by GPO, account lockout on repeat authentication failure, and enforced password age and history.

Q. Where are Lakeside Cloud data centers located?

A. Lakeside currently utilizes Azure hosting sites across the United States, Europe, United Kingdom, Australia, Canada, and the United Arab Emirates. Customers may select the specific site they wish to host their SysTrack Cloud tenant.

Q: Does Lakeside hold any third-party certifications?

A: Lakeside currently maintains ISO/27001:2013 certification as an organization and a SOC 2 Type 2 report for the SysTrack Cloud service (security, availability and confidentiality). We believe these certifications demonstrate our strong investment in security and our ongoing commitment to implementing industry leading operational and technical controls.

Q: Does Lakeside utilize any subprocessors to provide SysTrack Cloud?

A: Lakeside utilizes affiliates and a limited number of third party subprocessors to perform certain activities in support of the operation and delivery of Lakeside services. A current list of subprocessors and a detailed overview of their roles can be found here: https://www.lakesidesoftware.com/subcontractors/. Prior to engaging any third party subprocessor, Lakeside performs diligence to evaluate each such subprocessor.

Q: Does Lakeside process personal data outside of Europe?

A: Some transfer of data processed via SysTrack Cloud may be necessary to provide “follow the sun” support and technical operations to customer and to otherwise make the most comprehensive set of services available for use. In addition to a robust set of technical and operational safeguards, Lakeside relies upon adequacy decisions and the most recent set of Standard Contractual Clauses to conduct any such transfers in accordance with applicable law. Lakeside also carries out transfer impact assessments on all relevant data transfers.

Q: How does Lakeside handle government access requests targeting customers’ personal data?

A: Lakeside has, to date, never received a request from law enforcement or any intelligence agency to disclose customer data. Lakeside does not process personal data that is likely to be of interest to law enforcement or intelligence agencies. Regardless, Lakeside will only respond to requests for customer personal data that are lawful and where Lakeside is subject to jurisdiction. To the extent permitted, Lakeside will provide notice to the affected customer of the request and permit such customer to mount its own objections with the requesting entity. If compelled to produce customer personal data, Lakeside will produce only the limited amount of data required to satisfy the applicable order.

Q: Does Lakeside process any special categories of personal data via SysTrack Cloud?

A: No, Lakeside does not knowingly process any special categories of personal data (e.g., race, gender, religion, biometric data, etc.) and customers are specifically requested not to use special categories of personal data with SysTrack Cloud.

Q: Does Lakeside sell or otherwise commercialize customer end user personal data processed via SysTrack Cloud?

A: No. Lakeside does not sell customer end user personal data and only utilizes customer end user personal data to provide SysTrack Cloud to customer.