Echo has teamed up with AWS to keep our users safe
- Regular security updates: Every week we update Echo with our latest enhancements, bug fixes, and security improvements. All updates from external services are tested by software and humans before rolling out, to avoid disrupting customers.
- Secure data access: Our API provides secure access to Echo data over TLS.
- Authentication: We support external identity providers (IdPs) for single sign-on (SSO) with CAS and SAML, so users can sign into one application and be automatically logged into Echo without needing to re-enter credentials. This feature can help eliminate the need for teachers and students to have multiple credential sets.
- Physical security: Echo uses Amazon Web Services (AWS). AWS protects a global infrastructure of hardware, software, networking, and facilities, and is designed and managed around a variety of best practices and global security standards. AWS participates in various assurance programs, including FERPA, and is regularly independently audited (see https://aws.amazon.com/compliance for full details).
- Protocol and session security: We use HTTPS for all communication and encrypts all inbound and outbound traffic using a minimum of TLS 1.0 with 2018-bit private key.
- Backup and Recovery: Our backend infrastructure design includes redundant servers, database mirroring, and redundant file storage with automatic recovery from failure of any single system. Echo data is backed up every day. In the case of a disaster, data can be recovered from these backups. Backups are regularly tested.