Clever is Secure by Design: Roadmap for 2024
Read Clever’s detailed Secure by Design product roadmap – a critical aspect of fulfilling the Secure by Design Pledge.
In August 2023, I had the privilege of joining the Back to School Safely Cybersecurity event hosted by First Lady Dr. Jill Biden at the White House. In partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Clever signed the Secure by Design Pledge – an ongoing commitment to a secure, interoperable digital learning ecosystem and free and low-cost resources to school districts that strengthen cybersecurity.
Today I am proud to share Clever’s Secure By Design roadmap – which fulfills our commitments to the Secure by Design pledge. In this article, you’ll find an overview of our comprehensive security program, our commitments to the future, and a detailed roadmap to aid your security planning for 2024 and beyond.
Comprehensive security for schools
Clever has employed the secure software development lifecycle since we were founded in 2012. We hold all past and future development projects to the highest product and infrastructure security protocols, including recommendations from CISA:
- Memory safe languages
- Parameterized queries
- Web template frameworks
- Review requirements for each change
- Security code review for security-relevant changes
Please see Clever Security Practices for a complete list of our security practices.
A secure future with Clever
We are committed to secure product development for all users – and have the unique ability to support the edtech ecosystem with our extensive network of school districts and application vendors. By July 2023, every Clever admin and application admin had Multi-Factor Authentication (MFA) enabled to create another layer of protection for the advanced controls, functionality, and data they access. In 2024, we’ve prioritized the following five product areas on our security roadmap:
- Classroom MFA: MFA built for the unique needs of students and teachers in the classroom.
- Automated identity and access management: Improved password resets and account recovery, advanced group management, and enhanced support for Active Directory accounts.
- Secure data management and interoperability: New data ingestion capabilities and LTI integrations to ensure that shared data is encrypted and secure.
- Advanced password protection: Detect, respond to, and prevent potential threats before they happen with passkey support and password checks.
- Enhanced security and compliance: SOC2 and GDPR certifications, plus enhanced employee training.
Our detailed roadmap
Classroom multi-factor authentication
Classroom MFA protects Clever single sign-on applications by requiring an age-appropriate second factor – Clever Badges or pictographs – to log in. It helps districts stay ahead of cybersecurity threats without disrupting learning by providing factors that are well-suited for classroom users in addition to admins.
Releasing Classroom MFA means that districts can now provide secure access to technology for all users, including students, with MFA built for the classroom – even though students may not possess a mobile device traditionally used for MFA.
Roadmap features include:
- Classroom MFA: Clever Badges and pictographs to create a second layer of security for Clever without a second device. Available February 2024.
- Picture MFA: Choose a two-photo pictograph as a second factor for young students. Available February 2024.
Automated provisioning and identity management
Clever IDM keeps school user accounts secure by automating account provisioning and identity management for Active Directory, Entra ID, and Google Workspace. Identity management is a foundational component in providing secure digital access to students, teachers, and staff in schools. Automating it ensures that schools reduce risk by eliminating points of failure inherent in scripts or manual updates.
Roadmap features include:
- Password resets and account recovery: Save time and reduce security gaps with centralized password management. By enabling self-serve and delegated password resets and account recovery for Google, Active Directory, and Entra ID from within Clever, students and teachers won’t need to leave their digital learning home. Available January 2024.
- Advanced group management: Tighten access controls with customizable group membership management for Google, Active Directory, and Entra ID. Available May 2024.
- Active Directory centralized management: Securely manage on-premise Active Directory accounts from your secure cloud-hosted Clever environment. Early access available February 2024.
Secure data management and interoperability
Secure rostering and authentication is another critical aspect of layered security and risk management – and our solutions are available at no cost to schools. Any school can easily secure access to their edtech applications through our best-in-class API.
Roadmap features include:
- Transforming CSVs within Clever: Build and manage CSV file transformations and securely send them to applications via Clever. Available January 2024.
- Sensitive data fields: Clever has expanded the scope of sensitive data that districts can selectively share with applications. Increasingly, student demographic data is used for creating actionable plans to target interventions. Clever’s new demographic data fields ensure the data remains encrypted and secure. Available for select applications February 2024.
- Clever LMS Connect: A standard, secure, single sign-on integration that syncs assignments and applications in their LMS, while saving teacher time with seamless gradebook and assignment syncs with learning applications. Early access available April 2024. Sign up today.
Advanced password protection
Advanced password management and protection can help school districts detect, respond to, and prevent potential threats before they happen. In 2023, we launched randomized passwords, and in 2024 we’re focused on passkey support and password checks to help schools manage their password risk
Roadmap features include:
- Passkey support: Clever will be compliant with the latest password protocol, adopted by Apple, Microsoft, and Google. Available Back to School 2024.
- Password checks: Clever already automatically detects leaked passwords and prevents users from reusing it on Clever. By the end of 2024, every password on Clever will be checked against unsafe and leaked password lists.
Enhanced security and compliance
We have consistently committed to comprehensive security practices, a secure development framework, and third-party certifications to help protect sensitive data. In 2024, we will be on-track to complete SOC2 certification by the end of August 2024.
In addition, we want to highlight our commitment to security and data privacy through our actions throughout 2023 and 2024:
- GDPR compliance: Clever takes a privacy-first approach to the collection of personal data and is GDPR compliant.
- Neutral third-party recommendations and rubrics: We are committed to vetting and promoting neutral third-party security rubrics, including COSN and NIST, to support schools in their choice of tools and methodology. Read them today.
- Vendor management strategies: We aim to serve as a partner to all edtech applications and schools in security and privacy practices. We provide security consultation for all edtech applications integrating with Clever, require Clever Library applications to sign a Universal Data Sharing Agreement, and provide districts with guidelines for vetting third-party applications.
- Employee training: Clever will continue to require yearly security training for all employees, and twice yearly for employees that access personally identifiable information. We updated thesecurity training policies in February 2024.
Summary
At Clever, data privacy and security have always been our top priority. We are proud to have signed the Secure by Design Pledge in partnership with CISA and the White House, and remain committed to supporting both school districts and edtech applications in addressing cybersecurity challenges across the ecosystem. To learn more about our commitments, please visit: Secure by Design – For over 100,000 Schools.
More to read
December 17, 2024
Year in review: Diversity, equity, and inclusion in 2024A snapshot of our learnings around DE&I for 2024 – our focuses, our progress, and where we need to improve.
December 13, 2024
Diversity Report 2024Discover Clever’s 2024 Diversity Report with insights from Amie Ninh, Head of DE&I and L&D. Explore our workforce diversity data, DE&I efforts, and ongoing commitment to building an inclusive, equitable workplace that reflects the schools we serve.
November 11, 2024
Big Ideas Learning launches new LMS integration 4x faster with Clever LMS ConnectLearn how Big Ideas Learning launched their new LMS integration 4x faster and with improved support outcomes using Clever LMS Connect.