Learning Pool takes proactive measures to keep applications secure
Vertical Structure helps the e-learning provider with its cyber security needs, year after year
Learning Pool is a full-service e-learning provider, offering a range of courses, tools and content creation to more than 750 organizations and 2 million learners in 21 countries. The recent acquisition of HT2 Labs saw staff numbers rise to more than 200 employees across Learning Pool’s six offices in the UK and US. The company boasts blue-chip customers including the Royal Bank of Scotland, Juries Inn and New Look.
Because Learning Pool deals with sensitive information that is private to organisations, security is of paramount concern.
Vertical Structure has provided cybersecurity consultancy to Learning Pool since 2012. The products are all hosted in the cloud on Amazon Web Services (AWS) Infrastructure.
Infrastructure manager Michael Kelly says, “We have a long-standing relationship with Vertical Structure, who have helped us ensure operability of all of our applications, but also given us an extra measure of security and protection.”
Vertical Structure’s cybersecurity director Simon Whittaker has led the consultancy through the years. Michael says, “Simon has taken the time to really understand Learning Pool’s applications. His team understands what the user journeys are. We benefit from the personalised consultancy that they deliver, not just a standard automated penetration test. They use all the latest and greatest tools, but they’re also thinking outside the box, and from the perspective of potential hackers with nefarious intentions.”
With the largest and most flexible catalogue of content on the market, and a reliable and robust LMS, Learning Pool delivers a highly customized learning experience, combining their expertise in personalized learning, gamification, and AI-driven performance. Alongside Learning Pool’s range of available off-the-shelf content, customers also have the ability to create their own courses with the award-winning Adapt Builder product, with more than 7,500 current users.
What are Learning Pool’s specific challenges in incorporating robust cybersecurity?
“We are completely cloud-based. For just one of our products we support 500 different learning management systems (LMS). The fact that we’re doing this at scale could make it risky – but with best-practice, security baked into our processes and continuous review, we greatly reduce our vulnerability to any security risks,” says Michael.
The LMS solutions involve different levels of users and roles, including staff and customers. Some have admin privileges (such as those creating the training course) and others have user privileges (the learners taking the course). It’s important to ensure the solution is secure while also being accessible.
Michael says, “That’s why Vertical Structure has helped us with access and rights that make sense. We use a mix of two-factor authentication, oauth2 or Saml2 for single sign-on solutions, where each of those is the best fit with security and accessibility the main consideration. It makes the journey simpler for the user, when it needs to be, while also ensuring it’s completely secure.”
Speaking about Learning Pool, Simon Whittaker says, “We’ve helped them to ensure learners can get into the application securely, without it being too cumbersome. We’ve been able to deliver independent assurance that they’re taking the right steps to ensure the applications are secure.”
Vertical Structure has also run manual and automated penetration testing on Learning Pool’s applications.
“From the results of the PEN tests we’ve been able to put good practices in place – building those practices into our day-to-day work. The more often you do these things, the better you get at them,” says Michael.
Simon says, “After the testing rounds, we provide Executive Summaries, and it’s so important that these are readable by normal humans – so Learning Pool can show them to their own clients. The reports are understandable by people who aren’t cybersecurity experts.”
Some of the Learning Pool development team have attended training sessions with Vertical Structure, such as courses in penetration testing and cloud security.
“They’ve always come back from the training with lessons learned, that they can then present back to the rest of our staff,” says Michael.
Michael says that proactive management of cybersecurity gives confidence in their product.
“It gives us that bit of reassurance that we haven’t missed anything and that we’re on the right path,” he says. “It’s part of our day-to-day job to ensure we’re doing the right things to continually improve our security. Security is a top concern for Learning Pool and our customers, especially around the privacy of data and GDPR.”
He says, “It’s one of those things that’s always evolving and a bit of a moving target.”
Of the relationship with Vertical Structure, Michael concludes, “Every year we’re making a decision to bring them back.”
Or send us a quick message