How secure is your LMS?

LearnBee
LearnBee
Sep 9, 2017 · 5 min read

Nowadays, you have dozens of mainstream Learning Management Systems to pick from, such as LearnBee, Entrhalltech, Vowel, Litmos, Docebo, Mindflash, each with tens — if not hundreds — of thousands of users and more than enough features to fulfill all of your training needs.

But have you ever wondered if all of these tools are equally reliable in ensuring the privacy and security of your data? — a task that is becoming increasingly difficult to execute with the rapid increase in the frequency of cyber-crimes.

If you are using your LMS to store all kinds of sensitive information, such as performance reports, proprietary content, product changes, company policies, compliance changes etc. then you need to make sure that the same vital information does not make its way to anyone else.

At LearnBee we take security and privacy very seriously. We go to great lengths to secure our clients’ content and ensure that their training modules are accessible only to the target audience.

Here are four ways in which we ensure the security of your data:

Authorized Access

We use cryptographic hashing to store your passwords instead of storing them as plain text. Whenever a learner logs into the tool, we prepend a salt to the password and hash it. We then compare it to the hash we have stored in our database. This makes it impossible for the password to be retrieved by a third party in the unlikely event that they gain access to our database. It is worth noting that no LearnBee representative can retrieve your login credentials as they are hashed.

Cloud Storage

While the members of the Tech Team at LearnBee are experts in coding, they are not experts in securing data. Luckily, the folks at Amazon Web Services (AWS) are. Our platform is 100% hosted with AWS. So, the same systems that are housing everybody’s shopping and credit card information are also protecting all your data. Having received certifications from Federal Risk and Authorization Management Program (FedRAMP), AWS is being used by even federal government agencies. You can read more about AWS here.

Safe Offline Access

LearnBee’s mobile app allows you to download content such as videos, PPTs, PDFs etc so that training modules can be completed later offline. Considering that your content may be downloaded and removed from the workplace, we have built in a number of extra safety features to ensure its security. Content downloaded from LearnBee is encrypted before being stored on any device. This prevents access to the content from outside the app. A user can access downloaded content only through the app.

Regular Updates

Our software infrastructure is updated regularly with the latest security patches. Knowing that perfect security is a moving target, we work with our clients to keep tabs on any loopholes or vulnerabilities in terms of data security.

Content Security

One of the biggest concerns users have with online training is content security. At LearnBee we go to great lengths to keep your proprietary content secure while allowing fast streaming to your learners.

We store content on Amazon’s Simple Storage Service(S3). Most internet applications store and deliver content directly from S3. We don’t do so as it fails to provide the level of security that we wish to give our customers. If the content is being directly accessed from S3, corresponding links to the content can be sniffed and shared. This makes the content accessible to anyone who has the link.

At LearnBee, we store content on S3 but serve it through CloudFront, a Content Delivery Network (CDN). Whenever a user requests a piece of training from LearnBee, that content gets copied to a secure CDN edge location physically closest to him/her. A unique, secure link with an expiration time is generated for each unique request. When the user’s tool requests the content from the edge location, the unique link is verified to check if it’s still active. The content is delivered to the user’s browser only if the link is still active.

This might sound complicated, but all of this is handled by our course player in the backend scheme of things. As long as your users are logged into LearnBee, they need not worry about any of this.

Moreover, sites which can intercept and download videos streaming on YouTube, Vimeo, or Metacafe can not access videos streaming on LearnBee. This is because videos on the aforementioned platforms are public whereas they are private on LearnBee. A user has to be logged in to have access to them.

It’s worth noting that no LearnBee employee can access a client’s content unless specifically authorized to do so.

Hopefully, this article answers any concerns that you may have about LearnBee’s security. Also, bear in mind that a chain is only as strong as its weakest link. Even a secure LMS like ours will be of no use in an insecure environment. There is only so much that we can do to prevent unauthorized access.

Here are a few steps that you should take to prevent unauthorized access within your organization.

Pick long and complicated passwords and avoid writing them down.

Delete users who no longer need access to the tool.

Ensure that every user has their own account on LearnBee. Avoid sharing of accounts.

Nectar

Official blog of LearnBee.co.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store