Security Best Practices
D2L takes a layered approach to protecting its network infrastructure and resources.
- Network Firewall provides protection at the network-level with capabilities such as stateful inspection and intrusion prevention. Amazon Virtual Private Cloud (VPC) security group provides protection at the host-level. Web Application Firewall provides protection at the application-level.
- Amazon Virtual Private Cloud (VPC) helps keep traffic segmented and multiple VPC services including Private Subnet, Public Subnet and Network Load Balancer are configured to segregate traffic between network boundaries.
- Cloud security posture management technology is deployed throughout D2L infrastructure. This technology collects events from end points and enables monitoring, alerting, and remediation of compliance risks and misconfigurations in cloud environments.
- Threat and intrusion detection service continuously monitors cloud environments for malicious activity.
- Deep packet inspection technology is available for forensics if required.
- Connection to the Brightspace environment is via TLS cryptographic protocols with RSA® encryption, ensuring that customers have a secure connection from their browsers to our service.
- Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.
- D2L uses internal network technology such as firewalls, and WAFs to protect against denial of service (DoS) attacks.
- D2L also uses AWS Shield to protect against distributed denial of service (DDoS) attacks. This service provides detection and mitigation for volumetric, protocol and application DDoS attacks.
- System hardening
- Before a server image is certified, unnecessary services are disabled and ports closed. Templates (such as those from National Institute for Standards & Technology (NIST), Center for Internet Security (CIS) as well as Microsoft’s Baseline Security Analyzer (MBSA) are used in order to validate that the image has been hardened to industry standard best practices.
- Vulnerabilities and Patching
- D2L tests all code for security vulnerabilities before release, and regularly scans its network and systems for vulnerabilities.
- D2L experts regularly review any security patches from underlying software and operating systems in order to assess the critical nature, risk, and potential effect to D2L services.
- Annual Third Party Assessments
- D2L uses a third party to conduct penetration tests against the Brightspace platform annually.
Anti-virus software is deployed on all personnel laptops and desktops and is centrally managed to ensure all DAT files are up to date. Centralized reporting ensures malware infections are properly quarantined and escalated for further actions where needed.