Maintaining A Secure LMS: The Case Of TalentLMS
As many a network security expert has said, security is a process, not a product. That doesn’t mean that there are not more or less secure products. There absolutely are, even within the same software family. Windows XP, for example, was wide open to all kinds of attacks and viruses. Windows 10, not so much. What the saying tries to express, though, is that you can’t just buy a secure product (or subscribe to a secure web service) and expect a secure computing experience. You also need to be vigilant with passwords, settings, updates, security policies, and all that jazz -- both at the administrator and at the user level. After all, even the most secure system won’t do much to protect you if your password is 12345. So, you may ask, what do we do to provide a secure LMS, and what can you do, as well.
In this article, we will have a look at what TalentLMS brings to the table, security-wise, and give you some tips for a secure eLearning experience.
1. SSL
SSL, short for Secure Sockets Layer, is the standard security technology for protecting web traffic from malicious attacks and eavesdropping. You might not recognize its name, but it’s the same technology that’s also used for web commerce, and modern browsers tell you when it’s enabled through a small padlock icon (and/or by making the address bar green).
TalentLMS supports SSL for all accounts with a .talentlms.com address, and for Premium accounts with a custom domain. Note that, in order to enable SSL in your premium account, you will need to obtain a CSR (Certificate Signing Request) text from Epignosis, and then use it to issue the certificate for your custom domain.
2. Single Sign On
From LDAP and Active Directory to SAML2 and Facebook Login, whatever your preferred Single Sign On (SSO) solution might be, chances are that TalentLMS natively supports it. After all, just the above SSO technologies already cover 95% of the enterprise market -- and TalentLMS also supports several additional ones.
In case you’re wondering how is Single Sign On related to increased security (as opposed to just giving users increased convenience), it’s simple, really.
With SSO, enterprises gain central control of their user accounts, allowing them to centrally store them (as opposed to having them in disparate systems), set password acceptance rules (e.g. specific sizes and upwards) and expiration policies, mass update all their accounts in case of breach, and several other capabilities, that all help increase the security of the corporate datacenter.
3. Hassle-Free Updates
As we have already pointed out, security is a process. But whereas with SSL and SSO you needed to actively participate in that process (e.g. to create and configure your own SSL certificate for your domain), update and backup -- two of most important pillars for a secure LMS -- are entirely automatic in TalentLMS.
In other words, TalentLMS’ expert dev-ops team handles the update process, and you just get to sit back and enjoy the regular stream of new releases with all the latest goodies, enhancements and security updates.
What’s more, your data are also automatically backed up in the TalentLMS Cloud (on multiple devices that span multiple facilities), so that you don’t even have to worry about drive failures or other kinds of data loss, either.
4. A Quality Cloud
A Cloud is only as good and as secure as its infrastructure and the team behind it, especially nowadays when it’s trivial to put a two-bit application in some crappy network and call it a Cloud app.
TalentLMS chose Rackspace for its Cloud provider, which is the leading name in Cloud and hosting services -- powering some of the biggest enterprises and IT services.
On top of Rackspace’s excellent backend and expert networking and support facilities, the TalentLMS dev-ops team makes sure TalentLMS software stack is regularly updated with all the latest security patches, and follows all the IT security best practices.
The end result is a robust Cloud service that powers not only your web-based eLearning portal, but also TalentLMS mobile apps for iOS and Android, as well as your WordPress / Shopify or other integration, through its REST API. The end result, a stable, reliable and fast eLearning service, on which thousands of learners rely everyday, speaks for itself.
5. Best Practices
At the end of the day, you need to ensure your users help keep your portal secure. After all, it’s of no use to spend money and time to secure your house and then forget to lock (or worse, close) your front door when you leave.
As a start, you can use the messaging system, or the webpage builder in TalentLMS, to inform your users of best practices with regards to security (and remember, these should also be applied by your administrators and instructors).
You should at the minimum advise your learners to use strong passwords that are adequately long (10 characters or more), are not based on dictionary words, and are not shared with other websites (especially untrustworthy ones). Even better, try to enforce a specific password policy (either through your SSO system or with TalentLMS’ built-in options).
TalentLMS Features And Tips For A Secure LMS
While security is a process not a product, starting with a secure LMS always helps. TalentLMS has been designed, and is run, to be just that.
With a little effort on your part and a small campaign to inform your learners, you can do your end of the job and increase the security of your eLearning portal and other web assets, many times over.
