Cyber attacks: they are becoming more sophisticated and more frequent. This makes proper security of online platforms increasingly important. In this diptych about information security, we look with IJsbrand van Prattenburg, Information Security Officer and Software Developer at Procademy, at the measures that are needed to make online learning secure. And what you, as an end user of SaaS tools in general and Procademy in particular, can do to keep your data safe. In the first part we explored the organizational measures at Procademy and gave you some concrete tips to apply yourself. In this second article, we zoom in on the technical measures. How does technology help keep unwanted individuals out of our Learning Management Software?
We already saw it in our first article: without a careful end user you are nowhere as far as information security is concerned. But the most careful user, in turn, is also nowhere if the software is not technically optimized to prevent security incidents.
At Procademy , therefore, building a solid security infrastructure is not a one-time task, but rather an ongoing process, explains IJsbrand: "Technology is the foundation of our security. That involves continuously updating and fine-tuning our systems to repel attacks. Reactive if we have to, but especially proactive if we can." Procademy does not act alone in this, but can also rely on the efforts of Combell, a reliable hosting partner: "They work non-stop on our protection against cyber attacks and also have the means to monitor and prevent such attacks at crucial places in the network."
Back to the measures at Procademy itself, where great importance is placed on robust security of all data in the Learning Managament Software. IJsbrand clarifies, "The basic principle is that we always encrypt special personal data. That is really a standard way of working at Procademy. We also provide an SSL certificate, to ensure that the exchange of data is done in a protected way."
This approach ensures that user data is protected even in the unlikely event that it falls into the wrong hands. "But ideally, we like to look a step earlier: because, of course, what you don't have you don't have to secure. That's why, for example, we are phasing out emails with attachments from our systems. For your earned certificate, we prefer to send a link to a page behind a login. An email can always end up in the wrong inbox, either through human action or a system error. So by minimizing this kind of data, we prevent security risks." outlines IJsbrand, adding, "While of course always keeping usability in mind!"
Also in the area of access management, Procademy makes clear choices: "We use a security system in which you can only enter a password per account a limited number of times within a certain time, to minimize the risk of a brute force attack." The consequences of unauthorized access are also further limited by the fact that Procademy works with strictly separated databases per client: "We isolate all data per client in its own database. This, by definition, reduces the impact of an incident many times over, even if it is a technical error."
We already saw it in our first article: traceability and traceability of actions is essential in information security. IJsbrand explains, "Then that's not just about seeing who and when performs actions in the learning environment, but also access to information is meticulously tracked. You already see that in healthcare, with access to files. But the ISO and NEN standards are also moving toward more and more reporting in this area. I think SaaS applications will start to have an increasingly extensive audit log.
"To ensure seamless traceability and traceability of data and access at Procademy, we have developed proprietary monitoring. This allows us not only to record and view various actions, but also to be actively informed in case of deviations, problems or conspicuousness. Insights that we also want to make more and more accessible and insightful for managers in the future."
"In a practical sense, with the advent of AI, I expect that in the future I won't have to write all the code. The role of the software developer will change to a more directing role with oversight. So a little further and further away from execution." IJsbrand outlines the future. "Indeed, today we are already using AI as a tool to monitor human errors and code quality."
IJsbrand also spots developments on the security front: "We see an increase in the use of passkeys. Access to apps or websites is controlled on the basis of a combination of a public key (on the side of the app or website) and a secret key (on the side of your device). The advantage is that if the public key is unexpectedly captured, i.e. if your app or site is hacked, access is still not possible because you still only have your secret key. This principle is not yet applicable everywhere, but is undeniably taking off."
"You have to embed security principles well into the automated processes around your code. But it also means you can better consider from a helicopter view: am I still regulating that security properly?" Developments are rapid, but Procademy is optimally set up to keep moving with them. "From our ISO standards alone, we are constantly assessing new risks and opportunities for our platform. With determining meaningful actions to mitigate those risks and exploit the opportunities. So in that respect, I look to the future with confidence." smiles IJsbrand contentedly.
Want to learn more about what secure learning management software can do for achieving learning goals in your organization? Then contact us for a no-obligation demo.
