Summary of Technical Security Measures - Article
Layered security model, detailing application, infrastructure, and organizational controls implemented to protect data, ensure resilience, and maintain confidentiality, integrity, and availability.
Updated: 15 Mar 2026
6 min read
Summary
This section provides an overview of the technical and organizational security measures implemented by Eurekos to protect platform data, infrastructure, and operations. Controls span the application, infrastructure, and governance layers to ensure confidentiality, integrity, and availability.
In this article you will learn:
- How security controls are structured across application, infrastructure, and organizational layers
- How identity management, access control, and monitoring protect the Eurekos platform
- How encryption, network security, and backups safeguard data and infrastructure
- How governance, vulnerability management, and threat intelligence support ongoing resilience and security maturity
Background
Summary of the core technical and organizational security measures implemented to protect data, systems, and operations against breaches, misuse, and service disruption.
Information security within a cloud-based LMS environment rests on three interdependent components:
- The application layer – the LMS platform itself, including configuration, roles, permissions, and access controls
- The infrastructure layer – the hosting environment, covering servers, hardware, network controls, and encryption mechanisms
- The organizational layer – governance processes, access management, data handling practices, and the human factor
Each layer contributes to safeguarding confidentiality, integrity, and availability. The measures below are structured accordingly to reflect this layered security model.
Eurekos Application Security Measures
The Eurekos application includes built-in controls designed to protect user accounts, system configuration, and platform integrity.
| Control Domain | Security Objective | Implemented Measure |
|---|---|---|
| Identity & Authentication | Enforce strong credential standards | Minimum 12-character passwords with configurable complexity requirements |
| Identity & Authentication | Prevent brute-force access attempts | Automatic account lockout after five failed login attempts with email notification |
| Session Management | Reduce risk of unattended sessions | Automatic session timeout after 24 hours (configurable) requiring re-authentication |
| Access Anomaly Detection | Detect suspicious login behavior | Geo-location alerts for logins >50 km from previous access (adjustable) and from new browser/device |
| Authorization & Least Privilege | Prevent unauthorized configuration changes | Role-based access control (RBAC) with predefined roles and permission boundaries |
| Audit & Accountability | Ensure traceability of system activity | Logging of successful/failed logins and user/content create, modify, delete actions |
| Threat Protection | Mitigate automated and high-volume attacks | Native flood control and automatic IP blocking |
| Network & Perimeter Security | Restrict high-risk geographic access | Integration support for third-party tools including geo-blocking |
Server & Infrastructure Security Controls
The hosting environment supporting Eurekos is protected through layered access controls, monitoring, and encryption standards designed to prevent unauthorized access and service disruption.
| Control Domain | Security Objective | Implemented Measure |
|---|---|---|
| Identity & Access Management | Eliminate credential-based server compromise | Password-based server login disabled; SSH key-based authentication only |
| Access Governance | Ensure controlled and time-bound privileged access | SSH key access managed through authorization workflow with automatic revocation |
| Monitoring & Oversight | Ensure visibility of privileged access | Security Officer notified of every successful server login |
| Threat Detection | Detect brute-force or malicious access attempts | Failed login attempts continuously monitored and analyzed |
| Change Management & Accountability | Ensure traceability of infrastructure changes | Logging of service-level actions (start, stop, reload, restart) including initiating user |
| Network Security | Restrict unauthorized network access | Dual firewall architecture (server-level + hosting provider firewall) |
| Attack Mitigation | Block brute-force and unauthorized access attempts | Firewall rules actively block repeated failed login attempts and suspicious activity |
| Data Protection in Transit | Protect confidentiality and integrity of data | RSA 4096-bit TLS 1.3 encryption for all server-user communication |
| Secure Integration | Protect third-party communication channels | All external integrations operate exclusively over encrypted channels |
Organizational & Process Security Controls
Eurekos applies structured operational and governance controls to protect data, manage risk, and ensure resilience—covering monitoring, access management, third-party security, and data protection practices.
| Control Domain | Security Objective | Implemented Measure |
|---|---|---|
| Vulnerability Management | Identify and remediate system weaknesses | Weekly vulnerability scans reviewed and evaluated by the Security Officer |
| Operational Monitoring | Detect infrastructure instability or abnormal behavior | Automated alerts for downtime, high CPU/RAM usage, low disk space, and increased error rates |
| Patch & Update Management | Reduce exposure to known vulnerabilities | Continuous updates of system core and contributed modules |
| Privileged Access Management | Minimize super-admin exposure | Only one platform user holds super administrator permissions |
| Credential Governance | Reduce risk of credential compromise | Automatic daily rotation of production administrator passwords |
| Multi-Factor Authentication | Strengthen access protection for critical systems | 2FA enforced for hosting and integrated services |
| Third-Party Risk Management | Ensure secure external integrations | All third-party services assessed and approved by the Security Officer prior to integration |
| Business Continuity | Ensure secure recovery during hardware failure | Master access credentials stored securely in cloud environment with strong password and 2FA |
| Endpoint Security | Protect user devices and workstations | Mandatory firewall, disk encryption, and password lock on all systems |
| Least Privilege & Training | Prevent misuse of administrative utilities | System tools restricted to trained and authorized personnel only |
| Data Protection & Resilience | Protect stored data and ensure recoverability | Backups stored in two physical locations; volumes encrypted at rest using LUKS with Eurekos-managed keys |
Threat Intelligence
Eurekos maintains continuous oversight of the evolving threat landscape through operational monitoring, external intelligence sources, and structured governance processes:
- Emerging threats are identified through daily technical monitoring, input from security networks and interest groups, and automated detection services that flag suspicious behavior or anomaly patterns. These insights are analyzed to assess potential client impact and broader risk trends
- Third-party vendors and infrastructure providers deliver continuous updates, patches, and severity assessments. All advisories are reviewed daily, with mitigation actions prioritized and executed based on formal risk evaluation
- Eurekos collaborates with clients and their IT departments when relevant, sharing intelligence and aligning responses to changes in the threat environment
- Quarterly reviews consolidate monthly security activities, enabling strategic resource allocation and mid- to long-term mitigation planning. Oversight and prioritization are governed by the Information Security Steering Group (ISSG)
Independent security partners conduct regular penetration testing, providing recommendations aligned with current best practices and contemporary threat levels—ensuring ongoing security maturity and resilience.
Mobile App
The Eurekos Mobile App is fully integrated with the Eurekos Platform and derives all data and access from the same underlying services. As a result, the organizational and technical security controls established for the platform also apply to the mobile app.
In addition, the following security and operational measures are in place:
- Secure data transmission–All communication between the mobile app and Eurekos servers is encrypted using TLS 1.3 with RSA 4096-bit certificates
- Initial authentication requirements–The first login requires an active internet connection to authenticate the user against the Eurekos Platform
- Authentication and MFA–Initial login to the mobile app mirrors the platform’s authentication configuration, including support for multi-factor authentication (MFA)
- Biometric authentication–Biometric login (Face ID / Touch ID) can be enabled within the app and requires a successful standard login before activation
- Access revocation–When a user is removed from the Eurekos Platform, access to the mobileapp is revoked upon the next synchronization when the device is online
- Local data storage and device security–Encryption of locally stored data on the device (such as downloaded courses or pages) depends on the security configuration of the individual device
- Secure development framework–The mobile app is developed using Flutter, enabling a single, secure codebase compiled separately for Android and iOS. We use Secure Data Storage to store sensitive data
- Secure development and monitoring–Aikido is used to support secure development practices and continuous security monitoring, including detection of vulnerabilities and security issues across the application lifecycle
- Application management and monitoring (Android)–Firebase Console is used to manage applications, team access, and security rules during development and distribution via Google Play, including app performance monitoring and crash reporting
- Application management and monitoring (iOS)–Xcode and the Apple Developer Program are used for iOS publishing, app performance monitoring, and crash reporting
- Distribution platforms–The app is distributed through the Google Play Store and Apple AppStore, using official SDKs and compliance requirements.
- Code signing and integrity–API keys and signing credentials are securely stored in Codemagic, ensuring application signing and preventing unauthorized code modifications
- Vulnerability management–Automated vulnerability scans are performed daily. Reports are reviewed and evaluated by the Security Officer, and remediation actions are tracked as required