ELearning security: share knowledge, not sensitive data!

• 2 min read

ELearning securityCyber security has been a major global concern in the last few years. We most certainly enjoy the benefits of the internet, social media and technology, but we would also like to avoid governments, at best, and spiteful people, at worst, having free access to our personal (and, rightfully, private) information.

When it comes to large organizations, in addition to concerns about privacy and sensitive data, it is also vital to keep trade secrets safe, as this kind of information can literally break companies.

As you know, the “e” into e-learning stands for electronic, which actually means that learning is conducted through a software (i.e. a Learning Management System), and this usually involves an internet connection. The internet works as a channel through which you can access data from all over the world, and vice versa (you don’t just receive data, you also send out data all the time); the problem is that this traffic coming to or from your computer can be modified or controlled by “modern pirates”.

The major elearning security issues are:

  • Identification and authentication: the first and most important step is to determine if the people trying to access your platform have credentials or have the right to access your content.
  • Authorization: you should be sure that the person trying to access your platform is not lying about his or her identity.
  • Confidentiality: not all of your content is for everyone; some areas might be restricted to specific users so it’s important to make sure that only the right people get access to this kind of content.
  • Integrity: only authorized people should be able to modify documents and objects in your platform so make sure that no one is tampering with your learning material.

In fact there are many ways people can try to access your data. This may seem pretty scary, but luckily there are a few IT tricks that will make your platform completely secure.

In my opinion the starting point should be LMS integrations. In fact the integration between other company softwares are the weakest points of your LMS because it involves a quick and frequent exchange of data. Luckily the industry has developed a few security standards that will help you to keep your system secure.

Two of the most common integration standards are SAML (Security Assertion Markup Language) and LDAP (Lightweight Directory Access Protocol). To make it extremely simple, when a user tries to connect to your elearning platform they usually have to insert their credentials. At this point LDAP generates a unique token locally (on your computer/browser/session); SAML gets this token and sends it to the main company LDAP server to check if your token is correct and has the right to access the platform. If the answer is yes, the user is granted access to the platform and the content they are looking for.

I hope this blog post increased your awareness on security issues related to elearning platforms and how to be more careful.

If you would like to try the Docebo Secure SaaS LMS, with its SAML and LDAP standards, you can start with a 14-day free trial of the platform!