Canvas has Open Security. And no that's not an oxymoron. It's more like "Oxygenius."

Tell us about a
security issue.

If you have a specific issue or even a general concern about Canvas security, our proverbial door is always open. Email us at security@instructure.com. (If you want, you can use our public key.)

Read the latest
security notices.

Once we learn about a security issue, we’re totally open when it comes to making sure you know what we know. Visit the Canvas Help Center to learn about security threats and to see how we fixed them.

Review our annual,
open security audits.

See for yourself which LMS vendors conduct open security audits (hint: there’s only one) and learn more about how our relentless obsession with openness means good things for the security of your data.

  2011 2012 2013
CanvasInstructure
BlackboardBlackboard No No No
Desire2LearnDesire2Learn No No No
Moodle RoomsMoodleRooms No No No
X Close

Canvas Security Overview

Automatic updates

We automatically install security patches as soon as they’re available, so right now (whenever that is), Canvas couldn’t be more secure.

Data Access

The Canvas API uses the industry-standard OAuth2 protocol, which provides secure access to Canvas data while preventing direct access to Canvas databases.

Authentication

Canvas supports external identity providers (IdPs), including Active Directory, CAS, LDAP, OpenID, and SAML/Shibboleth.

Physical security

All Canvas user data is stored in highly stable, secure, and geographically diverse Amazon Web Services (AWS) data centers.

Protocol and session security

To ensure the privacy and security of your data, Canvas uses HTTPS for all communication and encrypts all inbound and outbound traffic using 128-bit TLS/SSL.

Backup and recovery

Canvas data is backed up redundantly (every day). In case of emergency or disaster, data is recovered from Amazon servers or from our own off-site backup.