Cloud-based LMS challenges Blackboard to major security review


Whereas colleges and universities that use traditional LMS platforms have to wait weeks, sometimes months, for a system update that includes a new batch of security patches, a cloud-based solution like Instructure can fix the problem quickly, because the company updates its system every two weeks, Coates said.

The 127 Instructure staffers also have only a single version of their LMS platform to focus on. Larger LMS systems based on the client-server model often have a dozen or more versions of their LMS running at institutions across the world.

“We only have one thing to worry about, so that gives us a major architectural advantage,” Coates said. “For others, it’s really hard to keep all those [versions] secure all the time. … That’s why we think they might have a big problem on their hands.”

In the SC Magazine article published last fall, Australian higher-education officials said they couldn’t wait for Blackboard’s security updates, which, at the time, were still months from being made available to education customers.

Anonymous sources told the magazine that they considered shutting down their schools’ Blackboard LMS before the security holes were discovered by hackers. This, of course, would eliminate the platform for a college’s online courses.

“We issued a support bulletin to Blackboard Learn clients today after completing our review of the issues,” Blackboard said in a statement published in SC Magazine. “The bulletin includes information about how the issues are being addressed through existing patches and planned releases, as well as recommendations for general security management and best practices.”

Jenkins, the Blackboard spokeswoman, said the security issues detailed in the SC Magazine report have since been addressed, adding that future Blackboard LMS updates will include “complex password management and anti-virus.”