Clever is Secure by Design: Roadmap for 2024

Classroom MFA protects Clever single sign-on applications by requiring an age-appropriate second factor – Clever Badges or pictographs – to log in. It helps districts stay ahead of cybersecurity threats without disrupting learning by providing factors that are well-suited for classroom users in addition to admins.

Releasing Classroom MFA means that districts can now provide secure access to technology for all users, including students, with MFA built for the classroom – even though students may not possess a mobile device traditionally used for MFA.

Roadmap features include:

• Classroom MFA: Clever Badges and pictographs to create a second layer of security for Clever without a second device. Available February 2024.
• Picture MFA: Choose a two-photo pictograph as a second factor for young students. Available February 2024.

Clever IDM keeps school user accounts secure by automating account provisioning and identity management for Active Directory, Entra ID, and Google Workspace. Identity management is a foundational component in providing secure digital access to students, teachers, and staff in schools. Automating it ensures that schools reduce risk by eliminating points of failure inherent in scripts or manual updates.

Roadmap features include:

• Password resets and account recovery: Save time and reduce security gaps with centralized password management. By enabling self-serve and delegated password resets and account recovery for Google, Active Directory, and Entra ID from within Clever, students and teachers won’t need to leave their digital learning home. Available January 2024.

• Advanced group management: Tighten access controls with customizable group membership management for Google, Active Directory, and Entra ID. Available May 2024.

• Active Directory centralized management: Securely manage on-premise Active Directory accounts from your secure cloud-hosted Clever environment. Early access available February 2024.

Secure rostering and authentication is another critical aspect of layered security and risk management – and our solutions are available at no cost to schools. Any school can easily secure access to their edtech applications through our best-in-class API.

Roadmap features include:

• Transforming CSVs within Clever: Build and manage CSV file transformations and securely send them to applications via Clever. Available January 2024.
• Sensitive data fields: Clever has expanded the scope of sensitive data that districts can selectively share with applications. Increasingly, student demographic data is used for creating actionable plans to target interventions. Clever’s new demographic data fields ensure the data remains encrypted and secure. Available for select applications February 2024.
• Clever LMS Connect: A standard, secure, single sign-on integration that syncs assignments and applications in their LMS, while saving teacher time with seamless gradebook and assignment syncs with learning applications. Early access available April 2024. Sign up today.

Advanced password management and protection can help school districts detect, respond to, and prevent potential threats before they happen. In 2023, we launched randomized passwords, and in 2024 we’re focused on passkey support and password checks to help schools manage their password risk

Roadmap features include:

• Passkey support: Clever will be compliant with the latest password protocol, adopted by Apple, Microsoft, and Google. Available Back to School 2024.
• Password checks: Clever already automatically detects leaked passwords and prevents users from reusing it on Clever. By the end of 2024, every password on Clever will be checked against unsafe and leaked password lists.

We have consistently committed to comprehensive security practices, a secure development framework, and third-party certifications to help protect sensitive data. In 2024, we will be on-track to complete SOC2 certification by the end of August 2024.

In addition, we want to highlight our commitment to security and data privacy through our actions throughout 2023 and 2024:

• GDPR compliance: Clever takes a privacy-first approach to the collection of personal data and is GDPR compliant.
• Neutral third-party recommendations and rubrics: We are committed to vetting and promoting neutral third-party security rubrics, including COSN and NIST, to support schools in their choice of tools and methodology. Read them today.
• Vendor management strategies: We aim to serve as a partner to all edtech applications and schools in security and privacy practices. We provide security consultation for all edtech applications integrating with Clever, require Clever Library applications to sign a Universal Data Sharing Agreement, and provide districts with guidelines for vetting third-party applications.
• Employee training: Clever will continue to require yearly security training for all employees, and twice yearly for employees that access personally identifiable information. We updated thesecurity training policies in February 2024.