How is my data protected?

Udemy’s security strategy is governed by a controls framework. The framework consists of consolidated requirements from regulatory bodies, critical security controls, and industry standards. Udemy’s senior leadership, Legal and Information Security teams guide alignment with industry standard security frameworks.

The baseline for Udemy’s security framework is derived from:

Data Encryption

Udemy uses industry-standard encryption methods designed to encrypt communications between Udemy systems and user browsers (e.g., RSA Asymmetric-Key Algorithms).  All data transmitted between customers and the Udemy Business service uses industry standard protocols such as TLS 1.2 (or greater) for data in transit, and 256-bit ciphers for data at rest.  Access to Udemy’s production network and infrastructure is restricted from open, public networks (i.e., the Internet).  Only Udemy-controlled application services are allowed access to Udemy’s production infrastructure.

Data Location

The Udemy Business site (SaaS cloud hosted Web Application) is hosted in a shared infrastructure with logical separation of customer (tenant) data.  Each customer, and user, can only access the data that they have entitlements to.  Access to the data is logically restricted to each customer and their authorized users via authentication and authorization (see Identity Management below).  Udemy data center vendors are located in the United States.  Our data center vendors are industry-leading service providers, with state-of-the-art physical protection.

Identity Management

Securing access to your data begins with identity controls that align with your company’s policies. Udemy allows each customer to deploy federated Single Sign-On to manage access (and revocation) to your Udemy Business Web application environment.  This enables you to centrally manage the authentication and authorization of users so that only authorized users and admins are granted permissions from a central identity system.

Identity Controls