Learnosity’s enterprise-grade data security protects the information of millions of learners around the world.
Your product can never be too safe, so we employ multiple layers of protection against bad actors.
Our robust security standards include TLS encryption in transit and AES 256 encryption at rest.
We enforce two-factor authentication (2FA) on login to our Author Site to ensure your proprietary content can only be accessed by the right people.
Our numerous lines of defense include VPN usage from IP-restricted locations, putting public-facing web servers behind port-restricted load balancers, and using SSH with public key encryption across all servers for maintenance communications.
We’re currently hosted on AWS in the US, EU, and Australia, so our customers can choose where they want to store their encrypted data.
Where possible, our production systems use immutable images to ensure a consistent operating state.
We’re always vigilant against possible threats. We run regular security workshops to educate staff, share knowledge on the challenges we face, and determine the safest options during development.
We run regular third-party penetration tests to assess the strength of our systems’ defenses.
We’ve developed an in-depth set of privacy and security policies covering a range of topics, which we update regularly.
Principal Engineer
Chief Technology Officer
Information Security Officer
As digital interactions increase, so does the flow of data and the risk of its misuse. But edtech can respect and protect learner privacy. John Kleeman, EVP at Learnosity & Questionmark, explains how.
How do you prepare a product to meet the demands of a rapidly growing user base? Meet someone who knows. Alan Garfield is a busy…
How can student data security be guaranteed when faced with a threat that can neither be detected nor predicted? In the not-too-distant past, banks represented…
We investigate all legitimate reports of security vulnerabilities and do our best to quickly fill the gap in our defenses, and authorize the public to conduct good-faith research with the intent of reporting such vulnerabilities to Learnosity. If you believe you have found a vulnerability in any of our sites or products, please let us know ASAP at security@learnosity.com.
Security is a big deal. If you need more details about how we protect our customers, contact our team today.
Get in touchPrincipal Engineer
Principal Engineer
1. Your number one principle for data security?
Attention to details matter. 90% of the time, a breach or an exploit happens because something really simple was missed or one simple change was made that caused the problem. This can be as simple as receiving an email and mistaking an illegitimate request as a legitimate one. Or accepting the default setting when making some change to a running system. It’s never foolproof, but paying attention to the details of things really does matter.
2. Most rewarding part of the job?
Helping the team, and growing with them. No one person can do and know everything. Everyone in history is standing on the shoulders of those before us. Recognizing that and helping to lift others up and sharing my experiences makes me happy.
3. Ever consider becoming a hacker?
I like puzzles and problems. But many puzzles don’t lead to legal issues. I’ve always preferred to share and protect, than break and exploit. Plus you can more freely talk about what you do without fear. 😀
Chief Technology Officer
Chief Technology Officer
1. Your number one principle for data security?
My number one principle is that security is our most important feature. Our customers don’t just buy our platform’s functionality; they buy the confidence and peace of mind that comes with using it safely. This focus is what enabled us to achieve FedRAMP Moderate authorization, a testament to our commitment that allows us to host U.S. government customers on our platform.
2. Most rewarding part of the job?
The most rewarding part is solving the immense technical challenge of delivering assessments at a global scale. As you read this, millions of Learners are relying on our platform for critical moments in their education, from a simple quiz to a high-stakes exam. Ensuring our infrastructure is resilient, secure, and performs perfectly under that immense pressure is a monumental task.
3. Ever consider becoming a hacker?
To be effective in security, you have to understand how attackers operate. That’s why our security team and engineers are trained to think like hackers, which is an essential part of building secure software. We put this into practice by ensuring that internal and external teams are looking for potential exploits, ensuring we find and fix them before any adversaries can.
Information Security Officer
Information Security Officer
1. Your number one principle for data security?
The effective use of defense in depth, in the context of it being a comprehensive security strategy. I think the best approach to that principle is to combine effective administrative controls, layered technical controls and ongoing security awareness education and training. The importance of security awareness by everyone in the organization cannot be overstated in today’s security climate. Information security is about a lot more than just cybersecurity.
2. Most rewarding part of the job?
Knowing that I’ve helped to improve Learnosity’s security posture and instilling confidence in our employees that our security posture is sound. While I want everyone at Learnosity to be security aware, I don’t want them to be security worried. No one works effectively or happily if they are worried.
3. Ever consider becoming a hacker?
A black hat hacker? No. A white hat? I did consider that at one point. Although I have a background in engineering, both hardware and software, I’ve always been most comfortable in broader analytical roles. Waist deep in the technical weeds rather than neck deep.