Community Help

amyslack · ‎09-21-2023

I am a Canvas administrator and recently been tasked to complete a risk assessment of all of our data in all of our systems as a college. And while not my favorite task it has got me to thinking about all the What Ifs...

So, my question is what if an institution is hacked or gets ransomware on Canvas - how do you recover your data? Is Instructure able to help with this? Should we be backing up our Canvas data somewhere or paying for a service to do this?

With the way beta and test work would that be enough in the event something like this happened - would those be impacted as well? How could we prepare for this?

My background is originally in instructional design (and teaching Chemistry), and I am definitely learning more about cybersecurity as it seems we are having to be on high alert more. So I wanted to see if I could ask a larger group of admins who have faced this issue or have more expertise in this that have a plan in place. It really is everyone's responsibility to protect our systems but wanted to ask the community - what do you and your institution do to be prepared in the even that catastrophe strikes to make sure you can recover your Canvas data and how would you respond in this situation?

chriscas · ‎09-29-2023

Hi @amyslack,

This is a good topic for discussion!

I'll start off by saying that I think there is going to be a huge difference in this area between being on an Instructure-hosted cloud Canvas instance and running a Canvas instance on your own servers.

If you're running your own servers, there's a lot more to consider and do to secure those servers (update the operating system, keep all of the libraries up to date, secure passwords, etc etc... In this scenario, you'd also be responsible for having backups of databases and everything in case of hardware failure, security incidents, etc. Having experienced system administrators seems crucial for those who run their own instances.

If you're running on Instructure's cloud, all of that is really done by Instructure (and we hope they do it well and never miss a step). I suppose Test/Beta could be potentially useful, but it would really depend on what kind of incident occurred, and what exactly needed to be done to recover from it. I do believe Instructure has a disaster recovery plan in place for most things, and if you're a customer your CSM can probably get you a copy of that plan.

-Chris

amyslack · ‎10-02-2023

Hello @chriscas -

Thanks for engaging in this conversation and clarifying the two scenarios. That makes sense - we are not self-hosted - whew that does sound like way more work and things to be concerned about for sure! If we were self-hosted I could see how it would be extraordinarily important to have an expert who knows these pieces for sure!

Being hosted by Instructure would in theory mean that they would have these pieces covered. I will reach out to my CSM and just see if they can explain the plan would be in the case of this What If - but realized it was a good idea to start this conversation here on the community since some of us who are LMS admin types aren't necessarily the people making cybersecurity decisions at our institutions, but we are certainly impacted in the case of a disaster! But also, it would be good to know what we need to do as admins to ensure we are supporting the best practices to avoid an issue to begin with or be prepared if one should occur.

Let's Talk about CyberSecurity

Admin

Administrator

Should removing Manage Assignments and Quizzes per...

How do i find the join id for my course called "Ma...

Peer review w/ rubric submits for me but for instr...

Mastery Paths Not Working

Do Accommodations made in a associated courses bre...

Should removing Manage Assignments and Quizzes per...

How do i find the join id for my course called "Ma...

How do I adjust the column width in a table?

How to permanently delete a term?

Peer review w/ rubric submits for me but for instr...

You're signed out

Let's Talk about CyberSecurity

Community Help

View our top guides and resources: