Request to ensure devices or groups being deleted are approved before deletion. This will allow LogMeIn to meet various security framework requirements regarding auditing. Currently, we couldn't provide this to an auditor.
Scenario:
Disgruntled employee deletes all computers within account.
Unauthorised access to LMI account by external threat actor can delete devices.
Risks:
Loss of access to devices.
Costly remediation/reinstall - especially depending on host device locations.
Mitigation:
When user 'X' deletes a device or group, it should go into a 'pending deletion' state or group. These should then be accepted or declined by another user with relevant permissions, let's say user 'Y'.
This will then be added to an audit report of:
- Deletion user,
- Confirmation user,
- Group name,
- Device name,
- IP of user X and Y