While the goal of any training program is primarily to make sure your trainees get the vital information they need to be successful, a secondary concern is to make sure that the same vital information does not make its way to anyone else. Organizations often are training employees and partners on material that is sensitive or confidential. Moving your training online can dramatically reduce your costs and make training more convenient and enjoyable for your trainees, but it can also introduce concerns about security. At Mindflash we take security extremely seriously and have gone to great lengths to protect all our customers' content and ensure their training materials are only accessed by their trainees. We have taken a multi pronged approach to security.
Much like locking your house or car, we first have to make sure all data hosted with Mindflash is physically secured. While the engineering team at Mindflash are experts in coding, we are not experts in securing data centers. Fortunately the folks at Amazon Web Services (AWS) are. The Mindflash platform is 100% hosted with Amazon Web Services. So the same systems and standards that are securing everyone's shopping and personal credit card information are also securing your training content. AWS is the most mature and trusted cloud infrastructure provider and many of your favorite online services are hosted with Amazon. AWS has earned numerous security and compliance certifications and has recently been certified by the Federal Risk and Authorization Management Program (FedRAMP) so even federal government agencies are running their services on the Amazon Cloud. You can read more about security at AWS here.
Locking your doors doesn't do you any good if you give everyone the key. At Mindflash we require every user, trainer or trainee, to login with a password. Requiring a password helps prevent people from gaining unauthorized access to your account as long as everyone can keep their passwords secure. Protecting against un-authorized access to your user account only works if we both do our part. Our part includes:
We can only do so much to prevent un-authorized access. We also need your help and that is where we get to your part:
One of the biggest concerns people have with online training is content security. At Mindflash we understand that your training content is proprietary and we go to great lengths to keep it safe while still allowing fast streaming to your trainees wherever they are in the world. The first thing we do is we store all content on Amazon's Simple Storage Service (S3). S3 allows us to make sure your content is not only stored redundantly to protect against data loss but also secured so it cannot be accessed by anyone other than your trainees. Many web applications store and serve content directly from S3. We specifically do not because it doesn't provide the security our customers demand. When you serve content directly from S3, links to that content can be intercepted or shared and now your content can be accessed by anyone who has the link.
At Mindflash we store content on S3 but serve content from a Content Delivery Network (CDN). When a trainee requests a piece of content from Mindflash, that content is copied to a secure CDN edge location that is physically closest to the trainee. Once the content is copied, a secure link is generated specifically for that trainee and that piece of content. The link is also given an expiration time. When the trainee's browser requests the content from the edge location, the link is verified to ensure it is still active and if it all checks out, the content is delivered to the trainee's browser. Even if someone were to go to the great lengths required to sniff out the link, it would be useless to try and share because it will have expired before someone could use it.
While this might sound a bit complex, all of this is handled behind the scenes by our course player in your browser or on our iPad app. As long as your trainee is logged into Mindflash, they don't need to worry about any of this because the player handles everything automatically, including generating new content links as they expire. All you need to know, is that your content will always be served from a secure location that is as close as possible to your trainees.
We take content security so seriously we don't even allow ourselves to access your training materials. No Mindflash employee is allowed to access customer content unless specifically authorized by the customer. This is why in the unlikely event there is a problem converting your content you will see a pop-up message asking if we can be granted access to view the content so we can investigate the issue. Unless you grant us this access no one at Mindflash will view your content.
Hopefully this post answers many of the concerns you may have about online training security but, as always, if you have any questions, we are always happy to do our best to answer them. Hopefully this will allow you to focus on creating great training material, while we stay focused on delivering it smoothly and keeping it secure.