Automatic updates
We automatically install security patches as soon as they’re available, so right now (whenever that is), Canvas couldn’t be more secure.
Authentication
Canvas supports external identity providers (IdPs), including Active Directory, CAS, LDAP, OpenID, and SAML/Shibboleth.
Protocol and session security
To ensure the privacy and security of your data, Canvas uses HTTPS for all communication and encrypts all inbound and outbound traffic using 128-bit TLS/SSL.
Data access
The Canvas API uses the industry-standard OAuth2 protocol, which provides secure access to Canvas data while preventing direct access to Canvas databases.
Physical security
All Canvas user data is stored in highly stable, secure, and geographically diverse Amazon Web Services (AWS) data centers.
Backup and recovery
Canvas data is backed up redundantly (every day). In case of emergency or disaster, data is recovered from Amazon servers or from our own off-site backup.