Ellipse

Optimal security, even in the public cloud

Image

Experts in the test domain speaking: Drik van Herk

I am Drik van Herk, 48 years old and active in developing online testing platforms for formative and summative testing for over 22 years. Within this domain, I started at Optimum Assessment as a developer and now work as a software architect of our Optimum Assessment Platform.

The transition to public cloud

Private hosting and cloud solutions have been the norm for a long time. Currently, we are seeing a transition from online testing platforms to the public cloud. With this type of solution, you use a shared, online infrastructure from a cloud provider. Reasons for this transition include availability, easy scaling of required capacity and a high degree of flexibility.

In addition to the transition to a public cloud, we also see that many customers are looking for integrations with our platform, for example, with APIs for exchanging data. Think about registrations for tests or the results obtained. But getting easy access to the platform is also an important part. For this purpose, Single Sign-On (SSO) is a frequently requested feature.

Security in the cloud

There is much uncertainty about the security of an online platform, especially the data it processes and stores. How are my test questions protected? Are personal data safe? Who can all be in the application?

To dispel these doubts, the first thing to emphasize is that the public cloud need not be more insecure than private hosting. On the contrary, the public cloud is actually more secure in a number of ways. Large cloud providers, which Optimum Assessment uses, are generally ISO 27001 certified. Because of this high standard of information security, there is a greater chance of fending off outside attacks such as DDOS. In addition, at Optimum Assessment, we develop our software based on the principles of privacy and security by design and of OWASP (Open Web Application Security Project). All these measures contribute to optimal safety.

Additional security measures

Very deliberately we apply these (technical) measures, from design to implementation. In addition, we provide security layers in our platform. Should one fail, we can always fall back on the underlying layer with protective measures. In addition, we have all our measures audited annually by a specialized external party, so we have a four-eye principle here.

Only required information available

In addition to these technical measures, we also provide security in the application itself. For example, test content and personal data are available only where needed and to those who have authorization to do so. In doing so, we try to make it impossible to steal this information from our application. One way we do this is by using physical supervisors during test-taking or applying online proctoring. We also provide opportunities to give good and clear feedback on the test result, while completely shielding non-necessary content when viewed. Thus, we make available only needed information.

From design to implementation, we apply comprehensive privacy rules

Drik van Herk

Decor

Get in touch

Want to learn more about digital testing? Leave a message via our contact form!