5 Security Questions for Your Cloud-Based Digital Signage Player Provider
If you’re exploring the benefits of a cloud-based digital signage player, you’re probably up to your eyeballs in articles, blogs, and opinions about which system is best.
We have another blog for you but it isn’t about choosing a digital signage player or developing a content strategy. It’s about protecting the system you choose and the data you’re putting into the cloud. In particular, make sure you have these five issues locked down before choosing a provider to go with.
1. Which security standards and certifications do you comply with?
This is the first question to ask, as it reflects a certain level of foundational security that you’ll definitely want for your cloud-based digital signage player. These certifications offer some level of assurance that the provider has systems in place for information security, availability, confidentiality, and privacy standards for different engagements.
Several common standards to look for include ISO 27001 & 27002 or SOC (system and organization controls) certifications, each of which demonstrates different proficiencies for data security:
- ISO 27001 – Establishing a model for implementing, operating, and monitoring an information security management system
- ISO 27002 – Generally accepted objectives and best practices for security controls
- SOC 1 – Financial reporting controls
- And SOC 2 – Establishing standard, documented procedures for organizational oversight, risk management, and vendor management
- Last, SOC 3 – Simplified version of SOC 2
It’s a lot to take in, but don’t worry—you don’t need to be an expert in security certifications to make sure your cloud-based digital signage player is safe. Just make sure your provider has been audited and verified with an appropriate security certification before committing.
2. Do you support single sign-on and identity integration?
Cloud-based digital signage players can be accessed from anywhere and everywhere you need. This is great from a functional standpoint, but less so from a security standpoint. As such, you’ll want to make sure that your provider supports the right type of access management tools that your company needs.
A good cloud-based digital signage player will have single sign-on controls to ensure that digital signage administrators can access every player system with a single login. This is a simple and effective way to authenticate users, but it needs to be supported with identity integration tools that protect your system from unauthorized users.
For example, it’s easy to safeguard on-premise systems that require a physical login, but when we’re talking about an off-premise cloud system, things get a bit more complicated. Employees across different locations may be given access. Identities may need to be verified remotely. And if those employees leave, their credentials will need to be revoked.
Whichever provider you go with, make sure that they offer this blend of sign-on convenience and security. It’s not too much to ask for both!
3. How do you store and encrypt the data?
Data storage protocols are a top priority for any use case, and your cloud-based digital signage player is no exception. Learn as much as you can about your provider’s data storage and encryption policies before entrusting your data to them. This is a big topic to take on, so within this category, try to glean several specific points of information:
- Where are data centers located?
- If nearby, can you perform an on-site audit of the facility?
- Who has access to my data?
- Using which encryption method?
- Is data encrypted while at rest? Does transit affect encryption?
These are big issues that will affect the security of your data—and how much privacy you have with respect to that data. Note that many of these issues will be covered in the provider’s ISO/SOC certifications, so if they have those credentials, you have some assurance that they’ll have good policies in place already. However, asking these questions will give you a chance to hear providers describe the policies themselves and let you follow up with additional requests for details or context as needed.
4. Do you have a dedicated internal team to handle security operations?
Security issues are inevitable, regardless of your chosen provider. Even if you don’t experience a direct breach or security threat, your cloud-based digital signage player may need software patches, maintenance, or other upgrades that will affect the state of its active security. This is your next topic to cover. When these issues arise, who’ll be there to respond?
Depending on the size of your provider and your system, there may be one individual monitoring your data, or there may be several. Again, this comes back to the way the provider chooses to manage your data. Find out who’s watching the system and their policies for responding to issues.
And keep in mind that this doesn’t apply only to your personal data; find out what other security protocols the provider may have in place to keep its systems up and running. For example, do they have ongoing procedures for security testing their systems? Do they have third-party security companies audit their products?
Your cloud-based digital signage player might seem like an unlikely target for attacks or security threats, but don’t let this be an excuse to neglect your system security.
5. What methods do you use to inform customers of vulnerabilities?
As noted above, security issues are more or less unavoidable. Responding to the issue quickly is obviously important. But, just as important is the provider’s policy for informing its customers about potential security issues.
What’s your cloud provider’s strategy for informing you of security issues? What about bugs or glitches that don’t truly qualify as security threats? Are customers notified through a prioritization system before a patch is deployed?
In general, visibility is your friend. Look for cloud-based digital signage player providers who inform customers of issues immediately. This might sound obvious, but not every service provider shares this view—and many opt for a conservative approach where non-disclosure is the norm. Find one who shares your perspective on this issue and who gives you the options you need to manage your own customers’ expectations when vulnerabilities appear.
Lock Down Security for Your Cloud-Based Digital Signage Player
The great thing about managing security across cloud-based systems is that the provider will usually handle all the details for you. Accordingly, depending on who you choose to go with, this can either be a good or a bad thing. This is why it’s so important to do your homework ahead of time. Make sure that your provider has the same expectations for data security as you.