MyVCCS IP history is kept for MyVCCS access keep for 90 days and can be requested via ticket.
If an intruder also accesses the Google account, Google keeps the last 10 IPs used to access the account visible to end users. Individuals can log into the account, look in the lower right-hand corner for "Last Activity," and click "Details." See http://support.google.com/mail/bin/answer.py?hl=en&answer=45938&ctx=gmail. We also have six months of access logs in the administrative interface. You should file a ticket to get a report on Google logs over a more extended period.
In Canvas, the user detail page includes an option to download a CSV of user access, including the IP address and other helpful information. This information can also be accessed via the API and will be in our data warehouse.
Users must set their passwords and configure at least one Multi-Factor authentication option. Following a compromise, users are required to do this. Google has a security checkup that is useful to run through. Two-step verification (e.g., getting codes on a mobile device) is excellent.