For most of the clients security on cloud is always a question of debate and there are myths which keep roaming while evaluating a SaaS LMS. With this article, I am focusing on some key security features that must be evaluated while selecting a SaaS LMS.
1. User and Data Access control security policies for the end user
This is a typical user authentication policy in which each user is required to verify their login credentials like user name, password to login into the system. Anonymous login is not permitted with such security. In many cases the clients may wish to implement Singe Sign On ( SSO) and still the authentication process can be managed by API authentication.
2. Access Through Secured Connection ( TLS/SSL and HTTPS)
Access to the Learning Management System can be limited to connecting only through a secure connection, in order to ensure that all the data exchanged between the LMS servers and the User’s PCs are securely encrypted. To achieve this most of the times the LMS providers make the use of SSL/HTTPS connection via the some wildcard certificate. The LMS wildcard certificate should have the following characteristics:
- It must be issued by some third-party certification authority such as Geotrust
- Connection must be encrypted
3. Network Security
Network security is the most important aspect of Cloud security. As being on cloud the LMS is always prone to attack , network security does have a key role to prevent such attacks. There are different ways of managing network security, however the most common is the use of layered firewalls, advanced network design and network segmentation. High-availability firewalls can be used to filter traffic between the web, application and data tiers. Firewalls do support deep-packet stateful inspection, dropping of anomalous packets, denial of service protection, spoofing monitoring, and anti-virus filtering. Monitors are defined to trigger alerts when predefined thresholds are exceeded.
4. Disaster Recovery, Environmental Safeguards and Physical Access Security Policies
This is another the most important aspects in Cloud as all your data is on Cloud and there is high threat of losing the data if something goes wrong. To ensure the security on this the LMS vendor must have all the data centers well equipped with redundant and high-density power systems with automated and monitored facility controls. The data back up is taken on regular basis. Power generators at all data centers must be monitored and tested regularly and should be supported by multiple fuel suppliers to ensure continuous operations in the event of a disaster. With online security, the physical security is also very important and at the data centers must be 24×7 monitored. Physical access to data centers must be restricted to the preauthorised personnel only. There must be a biometric identification systems installed for authorisation to visit the data centers. The racks must be locked
5. Third-party Certificates
Is it always advisable that the Cloud LMS provider must have its infrastructure certified by the some independent third party assessment authorities. This helps to ensure that all the standards related to Cloud security are in place and certified by the relevant agencies. There could be multiple agencies certifying various parts of security but this builds the authenticity of the Cloud LMS vendor.
To conclude, it is important to give careful attention to the implementation of security controls in the design and operation of the Cloud LMS Infrastructure and Services. Information and security has to be the highest priority while selecting a Cloud LMS . Docebo LMS being rated as one of the top 3 cloud LMS, we follow all the guidelines for security. In case if you wish to know more about Docebo LMS Cloud security policies, please feel free to contact our local representatives.