eLearning platform provider selects smartbloc. from norm. to protect students
An eLearning platform provider founded in 2013, is determined to help schools close the maths attainment gap. For the last decade, it has offered virtual one-to-one tutoring, downloadable worksheets and other resources to aid the learning process in primary and secondary schools in the UK and beyond. Its work has become even more vital over recent years, with the pandemic accelerating the shift to online learning and increasing the need for catch-up tuition. Since its foundation, the organisation has single-handedly supported over 3,300 schools and taught over 140,000 children, delivering more than 1.7 million lessons worldwide.
In brief
- The eLearning platform provider’s work with thousands of UK primary and secondary schools means it handles sensitive data on tens of thousands of pupils, many with Special Educational Needs (SEN). Cybersecurity had always been of the utmost importance, but its involvement in the National Tutoring Programme has meant it now has more pupils signed up than ever before, and it sought out a cybersecurity adherence baseline to make sure it was doing all it could to protect its users.
- norm.’s smartbloc. service provides penetration testing, vulnerability management and a wide range of other modules which can be tailored to different commercial requirements, maintaining the highest information security requirements.
- By employing various smartbloc. modules from norm., the provider has assurance that any sensitive data it holds is protected and that vulnerabilities can be identified and automatically patches.
The challenge
The eLearning platform provider’s proven track record of delivering virtual tutoring meant it was ideally placed to participate in the National Tutoring Programme (NTP), which was launched by the UK government in late 2020. This £1.7 billion scheme provides catch-up learning to pupils who missed out on teaching during the COVID-19 pandemic. Involvement in the NTP posed a great opportunity for provider to scale up its business.
However, it knew growth was only sustainable if the company had a strong cybersecurity posture. It wanted to beef up penetration testing of its elearning platform to proactively spot potential areas of weakness which could be exploited. This would ensure the platform remained online and pupils could receive their maths tuition without fear of disruption.
Although not mandatory for NTP learning providers, the provider was also keen to become ‘Cyber Essentials’ accredited. Cyber Essentials, a government-backed and industry-supported scheme, is seen as the gold standard for cyber security in the UK as it allows businesses to prove they have the necessary technical controls in place to protect against online threats. With this accreditation, the organisation could provide extra reassurance to the increasing number of schools and pupils relying on its services.
As the CTO at the eLearning platform provider explains, hiring a new Information Security Officer was initially considered to manage the Cyber Essentials accreditation process: “We’re a small team, and although hiring a new ISO sounded like the right idea, it was no silver bullet. We knew it was difficult to hire a person with the necessary skills to hit the ground running from day one, plus no single candidate would ever be able to offer the 24/7/365 support we needed to monitor and maintain our cyber security posture,” they explain.
In addition, the CTO and their colleagues did not have the highly specialist skills required to conduct complex penetration tests. This led the provider to seek out a third party managed security service provider, with a dedicated security operations centre (SOC) for round-the-clock monitoring and a team of specialist penetration testers.
The solution
Following a personal recommendation, the CTO appointed norm. in March 2021, signing up to smartbloc., norm.’s award-winning Cyber Security as a Service (CSaaS) offering. smartbloc. comprises a number of different service modules that customers like the eLearning platform provider can select to reflect their individual security requirements.
As the CTO explains, “We knew we needed penetration testing for the e-learning platform, but we also wanted to see if we could also get help securing Cyber Essentials all in one package to form our security baseline. norm.’s smartbloc. offering attracted us, as it covered these services and much more, all in one place.”
The eLearning platform provider is using the following smartbloc. modules:
- Compliance Services ensure that the provider has the necessary policies, procedures and measures in place to enable it to acquire and maintain Cyber Essentials accreditation
- Regular Penetration Testing of the provider’s e-learning platform to ensure cyber resilience
- Cyber Safety and Phishing Service delivers bite-sized training to employees
- Vulnerability Management continuously monitors the network and end-user devices for all known vulnerabilities, automatically applying patches
- Board Reports provide the provider’s senior management team with easy-to-digest information on the risks facing the company and what has been done to remediate them
The eLearning platform provider has taken advantage of smartbloc.’s flexibility. As the CTO explains, “What stood out for us was just how flexible norm.’s service is, with the easily-interchangeable modules. We’ve already upgraded the vulnerability scanning part of the CSaaS package, so it now automatically patches any weaknesses, with no human intervention required.”
norm.’s penetration tests on the e-learning platform are a key pillar of the service. Taking place in the summer holidays, norm. looks for potential weaknesses in hardware, software and the network. It then flags up these weak spots to the provider, giving it vital, actionable intelligence in order to strengthen the platform’s resilience as the business continues to scale up.
The benefits
For the CTO, the service’s benefits are clear: “Our partnership with norm. is one of equals: it’s always easy to ask questions or talk to a member of the team. The team isn’t just providing a service, it’s highly consultative, meaning there’s constant dialogue going on.”
The eLearning platform provider benefits from norm.’s smartbloc. in the following ways:
- smartbloc. offers enterprise-grade cyber protection two-thirds cheaper than the cost of procuring
individual cyber security products elsewhere - With norm.’s UK-based Security Operations Centre (SOC), the internal eLearning platform provider’s team can focus on its daily work with schools while also scaling the business
- The provider is able to conduct pen testing at a convenient time, receiving insights which allow it to constantly improve its security posture
- norm.’s Compliance Services have allowed the provider to achieve Cyber Essentials accreditation, aiding its long-term business goals
- Board reporting gives senior management the lowdown on the risk landscape in a jargon-free way, giving reassurance and confidence in the provider’s security posture
The CTO concludes, saying “norm. helped deliver us that much-needed baseline at the right time, allowing us to go above and beyond the current cyber security requirements of the e-learning industry. Its customer service has been exceptional, leaving us in no doubt about what must be done at any given moment. norm. has given us tremendous confidence that we can continue our work in closing the maths attainment gap without disruption, while also protecting our customers and their data.”