What Makes Cloud-Hosting the Most Secure Option for your Exam Authoring?

You’re looking for a way to enable secure, centralised management of distributed exam authoring.  You want to find a place to handle all your work that will be:

  • A secure system for your exam content
  • Accessible and easy-to use for your team
  • Flexible to your developing needs
  • Manageable for your IT team

Should you acquire a codebase, store everything locally and manage it yourself? Or use a cloud hosted system instead, purchased under license?

Many awarding bodies have been reluctant to trust their sensitive exam content to a shared tenancy model. However, cloud-hosted applications don’t have the limitations previously associated with using shared data centres.

At the same time, local hosting has become more cumbersome. It requires a lot of hardware, management and internal expertise to maintain.

Cloud Vs Local

Building and maintaining secure, resilient and performant IT infrastructure is not a primary business activity for most awarding organisations. So, any commitment to maintain proprietary software will introduce significant risk for the organisation.

That’s why our recommendation is to choose a cloud-hosted solution, and it’s why our exams authoring software, GradeMaker, is only available as a cloud-hosted service.

Here are some of the most common questions being asked by awarding bodies comparing local vs cloud-hosted question development systems.

Are cloud-hosted exam authoring systems secure?

A common perception of the multi-tenancy model is that it’s easier for unauthorised people to access a shared database in the cloud than a single database protected by the company’s firewalls.

The reality, however, is that the database is only as safe as the security protocol that protects it.

Specialist tech companies offering secure cloud-based services will have invested significantly in protecting their applications. They will also have specialist teams and processes in place to maintain required levels of security, using instruments such as penetration testing and security auditing to ensure confidential content stays protected as the system is enhanced.

These applications will also be designed to restrict unauthorised access to customer data, using best coding practice and integrating tight permissions controls.

At GradeMaker, our application is hosted by one of the world’s leading cloud service providers and we have structured our application to minimise risk of data loss or exposure.

As you would expect, we enforce secure passwords, enable two-factor authentication, and segment access using roles and permissions. We also take advantage of other aspects of the application, and segment data access further by subject and by workflow step, thus limiting the amount of data accessible to any given user to just the data they need to complete their task. We can also audit user access and trace different versions of content to identify who did what and from where.

Some of GradeMaker’s key security features include the ability to:

  • Block unauthorised access with secure login and two-factor authentication delivered either by an SMS message or an Authenticator App
  • Restrict access to a specific set of IP addresses (IP whitelisting) or block access from others (IP blacklisting)
  • Have your content automatically and securely backed up to multiple secure locations (typically with more than one backup routine, for example every few hours, every day, every week)
  • Track users so you can see who has viewed each item, allowing you to take swift action in the event of a security breach

Our development team keep on top of new and emerging security threats and our service is ISO27001-accredited, which means it benefits from regular security testing and monitoring.

Another key protection we offer comes in the event password credentials are compromised. Our User Management tools limit content access by a combination of Role AND Subject access. This limitation on access rights is made stricter by the use of workflows, ensuring that key user groups (authors and assessors for example) can only see content which is: in a subject group they can access; in a stage they can access (e.g. reviewing) and has been allocated to them personally as part of the workflow. 

Will I have control over how the system works?

Yes, there are a wide variety of customisation options available within the system so that you can fit the system around the way you want to work.

Online Test Development Settings

This includes market leading workflow assignment tools, refined user permissions settings, and a rich set of customisable meta data options for organising and tracking content.

It is also possible to customise the capability of the software to your needs over time – our development roadmap is driven by our clients’ changing needs. We will continually work with your team to make sure we understand your challenges and your priorities.

Will I have control over my exam content when it is cloud-hosted?

Even though your content isn’t hosted by you, it is still owned by you  and exclusively by you.

There is some shared ownership  but of functionality, not data. An advantage of the multi-tenancy model is that your organisation will benefit from enhancements originally driven by other clients facing similar challenges to your own.

Even if you decide later on to switch systems and terminate your cloud-hosted service, you’ll still stay in control of your data. With GradeMaker, in the event of termination, any personal data can be permanently deleted in the application and exam content can be withdrawn from use and made inaccessible in the live database and backups.

Holding Exam Content in the Cloud

Another misperception around cloud-hosted services is that it’s easier to lose your data when it is not stored in a physical place. The reality is the opposite: cloud hosting services feature regular cycles of backups, so in the event of a catastrophe, your data cannot be lost.

With GradeMaker, your content is backed up via a highly resilient and regularly tested service. The GradeMaker system takes separate data back-ups:

  • every 6 hours, stored for 7 days
  • daily, stored for a minimum of 15 days
  • weekly, stored for a minimum of 26 weeks

We regularly test the ‘restore from backup’ procedure as part of our normal release cycle, and backups are held for restoration after a disaster or data corruption incident on a system-wide basis.
Even if the worst happens to your system, your data is always safe in the cloud.

Is cloud-hosting cost effective?

GradeMaker’s model is significantly more cost efficient than locally hosted platforms, as it allows you to benefit from shared infrastructure, shared maintenance, ongoing performance enhancements, new features, fixes, and updated browser support.

This is all made automatically available without requiring an in-house team of developers dedicated to running the service.

Reducing the cost of exam development system hosting

Cloud-hosted services like GradeMaker can also scale to meet demand much more easily and cheaply than a local data centre which would have to be sized for peak demand all year round. This ‘elastic demand infrastructure’ means that your crucial systems won’t be disrupted by spikes in usage during busy periods.

GradeMaker subscriptions are offered on a tiered basis. How much you pay for the service will depend on your size and usage, so you don’t end up paying for capacity or features you don’t want.

How Would GradeMaker Work for my Team?

We help some of the world’s largest awarding bodies to manage their exam authoring processes through a cloud-based system and help them to improve the quality, security and efficiency of their development practices. The GradeMaker team works to bring you the control and flexibility of a locally hosted system, but with all the benefits of a cloud-based environment.

If you want to know more about how this works, you can book a demo here and one of our team will get in touch as soon as possible.

Our Customers

Our Partners
We are proud to work with a wide range of leading assessment organisations.