Physical security of our server clusters is the responsibility of our hosting vendors.
Electronic security is partly our hosting vendors, but also shared with our platform. We employ a variety of anti-hacking technologies to support our strict security measures as well as transferring all system traffic and data across SSL-secured (TLS 1.2, SHA256) connections. We maintain an A+ security rating as evaluated by Qualys SSL Labs, the full report of which can be found here.
Further, we are not in favor of using of technologies and protocols that add risk by introducing opportunities for security compromises. one example of this is our focus on single sign-on and Learning Tools Interoperability integration for authentication over LDAP to eliminate the need for internally storing or handling passwords.