Ensuring the e-learning platform is safe as the company grows
Background: Data Lemons
“When Marriott International acquired Starwood in 2016 for $13.6 billion, neither company was aware of a cyber-attack on Starwood’s reservation system that dated back to 2014. The breach, which exposed the sensitive personal data of nearly 500 million Starwood customers, is a perfect example of what we call a “data lemon” — a concept drawn from economist George Akerlof’s work on information asymmetries and the “lemons” problem. Akerlof’s insight was that a buyer does not know the quality of a product being offered by a seller, so the buyer risks purchasing a lemon.” Harvard Business Review
Learning Pool is a full-service e-learning provider, offering a range of courses, tools and content creation.
Since 2006, Learning Pool has grown from a modest team of five to a market leader in the e-learning industry.
Today it employs over 450 people across its 9 offices around the UK and USA. It has more than 1,400 customers around the world and supports 5.1 million learners in 30 countries across 42 different languages. The company’s clients include HubSpot, Tearfund and InterContinental Hotel Group.
Why Learning Pool chose Vertical Structure
Learning Pool deals with sensitive, private information. Security is a top concern for Learning Pool and its customers, especially around information security.
It has recently made its fifth acquisition which means it has to be confident of the resilience of its newly acquired technology too.
Vertical Structure has a long standing relationship with Learning Pool and has provided cyber security consultancy to the team since 2012. From the outset, Learning Pool was impressed with how Vertical Structure took the time to understand its applications.
The Vertical Structure team consists of qualified and experienced practitioners in AWS infrastructure (AWS Consulting Partner), security & penetration testing, and delivering clear and actionable reports.
Simon Whittaker, CEO Vertical Structure
We're helping Learning Pool proactively identify cyber security challenges it may face when it integrates another platform.
Vertical Structure regularly carries out manual and automated penetration testing on Learning Pool’s applications and on the technologies it has acquired. Application testing is aligned with industry standards such as OWASP and identifies, and classifies, issues within an application. This provides a full picture of the associated risks and actionable remediation advice.
Vertical Structure delivers independent assurance that Learning Pool is
taking the right steps to ensure the applications are secure.
Andrew Freaney, Governance, Risk & Compliance Lead, Learning Pool
Proactive management of cybersecurity gives us confidence in our product. It gives us that bit of reassurance that we haven’t missed anything and that we’re on the right path. With best- practice, security baked into our processes we greatly reduce our vulnerability to any security risks.
How we can help you
Due diligence is the investigation by one party into the business and assets of another party, typically its contracts, finances, people and customers. But to avoid, or fully account for, potential post-transaction risks, fines and costly remediation, cyber and data security need to be included in the process.
Has an application been compromised? We can:
Investigate deep and dark web exposure. ALSO that of suppliers, contractors, subsidiaries, and other third parties.
Is a technology vulnerable? We can:
Examine systems for exploitable
vulnerabilities, bad or unusual
behaviours. Gauge employee
awareness with social
engineering exercises. Will
provide a measurable insight into
the real-world risks a company
What is the nature & risk profile of data? We can:
Identify information security
Or send us a quick message