The main LMS Security issues and how to solve them
Learning Management Systems, especially in the corporate training sector, usually contain sensitive information that we absolutely want to keep safe. For example we wouldn’t like to share all of our employee data or some of our production secrets with external people, especially if working for a competitor.
Imagine your system as a great public library, filled with documents and people. Despite the advent of ebooks and smartphones, public libraries are still frequented by many people every day that come, consult books, and leave. Your competitors could sneak inside or steal someone’s library ID to enter your system and steal or modify some of your books.
In order to fight these kinds of cyber threats, many companies have started working on mapping and finding solutions to stop it. The first step is to understand what kind of vulnerabilities your system has, so let’s start by highlighting the most delicate spots of your LMS.
- First contact
When someone wants to access your content, at a certain moment s/he will have to login into your portal; it’s important to make sure that it’s extremely complicated to steal an ID or hack your access point.
Getting access to your platform should be just a first step. In fact we want to make sure that the user logging in the LMS is exactly who he or she claims to be, and that s/he didn’t steal someone else’s credentials.
If you ever read Harry Potter or watched the movies, you will remember that in the Hogwarts library (as in many other libraries) there are a few sections with restricted access. Therefore it’s important that only people that have the right credentials can access this kind of data.
You most certainly don’t want people to write with a pen on your books right? To keep your system safe, you will have to make sure that only the people intended to do so can modify the content of your LMS.
LMS vendors need to take these kinds of threats seriously. Docebo Learning Management System for example, has just released two new Integration Apps with LDAP and SAML, which are two industry standards for safe integration between different software.
The LDAP (Lightweight Directory Access Protocol) Integration App allows you to import your LDAP user base into your Docebo LMS and keep them in sync. Users will be able to login into the LMS with the same username and password they have in the LDAP.
The SAML Integration App allows users to use AD FS to Single Sign On between their Active Directory and Docebo LMS. By activating this App, users can log into their computer and, within the active session, sign into their elearning platform.
For those who don’t know how these two standards work, here I will try to give you a brief explanation as to how this can make your system more secure.
Let’s use again the public library analogy. When you try to get a book from the public library you are usually asked for a library card or some kind of credentials. When you give your ID to the librarian this is the equivalent of creating a local LDAP token. The librarian can be considered your SAML standard, as s/he is the person that brings your request to the central LDAP server (the library computer with all the registered users of the library). Once the central LDAP server accepts your LDAP local token (aka your ID card), you’re granted permission to read the book.
I hope this blog post helped you to understand what kind of security issues can affect your LMS, and what to be mindful of.
If you would like to find out more about the SAML and LDAP standards and try out a Secure SaaS LMS, I suggest you start with a 14-day free trial of Docebo, a truly secure Enterprise elearning solution.