Security
Your Content + Our Platform = Protection
Course Container is a trusted partner with a track record of success in protecting our customer’s data. From physical security in our data centers, to independent security scans of our network, to compliance with industry standards – We are constantly working to ensure the ongoing security of our customer’s data.
Your Data is Secure
Unlike open-source systems with a variety of “plugins” written by unknown developers, Course Container is backed by the reputation of an organization with a long track record of success implementing complex web-based solutions for large corporations. Our proprietary system has been developed from the ground up to be secure. Our systems are regularly scanned by independent third parties and our platform has undergone rigorous penetration testing. Our servers are located in a physically secure, video-monitored data center that is staffed 24/7. Our hosting environment is compliant with a number of international standards including SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, and ISO 27018.We regularly run application and penetration tests using automated tools as well as have 3rd party companies perform them yearly.
Data Center Security
Course Container’s infrastructure is powered by a private virtual cloud that resides within Amazon Web Services (AWS). By partnering with AWS, we have access to industry leading infrastructure and security. Each data center location is staffed and monitored 24/7. Physical access is highly restricted and monitored via CCTV. Intrusion detection systems are present on both points of entry, individual rooms, as well as specific devices (such as server cabinets). For a more complete overview of data center security please visit the AWS Data Center Controls page. AWS operates a series of data centers internationally that have been strategically distributed to minimize the risk of natural disasters and pandemics. Course Container conducts full environment backups nightly of all of our production systems and these backups can be deployed to any AWS data center in the event of a catastrophic failure.
Each AWS data center actively ensures compliance with important standards including:
- Soc 1, Audit Controls
- Soc 2, Security, Availability & Confidentiality
- Soc 3, General Controls
- IS0 27001, Security Management Controls
- ISO 27017, Cloud Specific Controls
- ISO 27018, Personal Data Protection
- HIPAA, Protected Health Information
- FIPS, US Government Security Standards
- G-Cloud, UK Government Standards
Application Security
Course Container was built in-house by US based, senior level developers with extensive experience in application security. Its architecture is designed to protect against common attack vectors such as SQL injection and Cross Site Scripting (XSS). Behind the scenes our networks are strictly segmented between our corporate, development and production environments. To protect from outside threats our systems operate behind a hardened firewall and utilize intrusion detection systems to proactively identify suspicious network traffic and behavior. Access to production environments is restricted via two-factor authentication to only those whose job roles require access.
Delivery Network Security
Course Container uses Amazon Web Services’ CloudFront for content distribution. This speeds up the distribution of content by routing each user request through the AWS backbone network to the edge location that can best serve the content. Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer. Using this network dramatically reduces the number of networks that users' requests must pass through, which improves performance. Users get lower latency—the time it takes to load the first byte of the file—and higher data transfer rates. Our CloudFront distributions require that viewers use HTTPS to request the content, so that connections are encrypted when CloudFront communicates with end users requesting content. We also require that CloudFront use HTTPS to get objects from the origin, so that connections are encrypted from the second a user requests the content through a training platform. Users cannot access and take content directly from the CDN without a valid secure request.
Information Security Program
Our Written Information Security Program (WISP) provides a framework to help ensure the systems, network, and IT infrastructure of Course Container are implemented and maintained in a consistent way to help ensure the security and integrity of the data and systems we maintain.
GDPR and Data Privacy
Along with system security, data privacy is extremely important to us. Course Container is designed to be GDPR-compliant and provides all the necessary tools our customers need to operate in a GDPR-compliant manner. If your organization has additional concerns about data sovereignty, we also have the ability to locally deploy Course Container to data centers around the globe. From network security to application monitoring, to backup storage, to hiring practices, to internal systems access, to code integrity management – no part of our organization is not affected by our focus on security.
Organizational Security
A system’s security is only as good as the organization behind it. At Course Container we are committed to ensuring our company operates in a way that optimally ensures the security of our customer’s data. Each one of our employees undergoes an extensive background check and is bound by an NDA. All of our employees are educated regarding Phishing, Spear Phishing, Social Engineering attacks, as well as how to securely and responsibly use technology. Because of our network segmentation we are able to restrict access to our corporate network and production networks separately based on job role.