By Ben Heise

April 15, 2019

Share This:

The 5-Layer Software Security Check

Recent news revealed some significant security risks related to visitor management solutions that are supported by self-service technology. While those issues are real and pervasive, they can be resolved with standard blocking and tackling.

Consider these 5 layers when securing your self-service technology:

PHYSICAL SECURITY. The need to secure hardware connection points are the critical first line of data and network defense. This security can be as simple as the OS level of disconnecting the ports, to the mechanical blocking and denial of access to the ports. It’s not uncommon for solutions in the marketplace or home grown solutions to overlook this, but a malicious insertion of a device into one of these ports, could instantly expose the technology with unstable responses from your solution..

DESKTOP SECURITY. Are you comfortable walking away from your unlocked computer in a room full of strangers? Likely not, which is why leaving a kiosk unlocked also seems risky. Using password protected lockdown software specifically for self-service technology is essential for combatting that risk. While not wanting to dive into the tech, launching a URL with -k in the address is not enough to keep your desktop safe.

This lockdown layer of security is helpful for two reasons. First, a perpetrator would need to know how to trigger the security application. Then, they would have to successfully enter the password to have any desktop access. Creating a limited access user for your kiosk application to run on is an additional means of security. In the event someone did gain access to the desktop, do not let them have admin rights, avoiding any real, harmful damage.

APPLICATION & BROWSER SECURITY. Application and browser security are also key. Using the right tool in the browser for data input is important for maintaining the integrity of the data while avoiding unwanted characters in your system. Why would you want to see an alpha keyboard displayed when you are asking for a date of birth? Sending unexpected data will create unexpected responses in an application. The application running on the kiosk should have secure data capture built within the user interface,
Keeping transactional data in memory or caching transaction information is like leaving a stack of hundred-dollar bills sitting on the dashboard of your unlocked car… you probably just shouldn’t do it. Keeping log files on the kiosk is an ancient practice as well, so destroying all transactional data on transmission complete to the source system will save you from that risk.

BACK END COMMUNICATION SECURITY. Your data virtue could be at risk if the kiosk solutions are reaching to back end systems without proper encryption. This is why communication should be encrypted via HTTPS and SSL which will provide safe, secure tokenized communication for each transaction. Look at kiosk solutions that do not house the data locally, but instead reach to a back end system real time.

DATA STORAGE SECURITY. Storing your registration and check-in data locally? Strike one, why allow data access so close to the kiosk?. Since you want to be able to access this data most likely from multiple sources as well at any time, storing it with a cloud-based solution is a far superior as well as secure. Unencrypted data on your kiosk? Strike two. Data should always be maintained encrypted and in a secure setting. The best way to secure data is to simply pull the needed data during a transaction, and place it somewhere secure, like back in your system.

These are a few, basic layers of security to ensure your self-service kiosk technology is safe. A lightweight, cloud-based self service technology solution that adheres to API protocols will help keep all collected data safe in your system. But your kiosk should be hardened and protected both physically and at the system level. This will help avoid chances of miscreants accessing your network.

Kwerk by CTS

Kwerk is a software product offered by CTS that brings quick, secure self-service without onsite servers. This automation software saves organizations from creating additional work and streamlines processes by allowing end users to update demographics, sign forms and make payments so they can complete their check-in, sign-ups and click throughs.