Securing digital signage systems
The average company network has many more devices connecting to it than even just a few years ago. In addition to traditional workstations there are now smartphones and tablets alongside a wide variety of Internet-connected equipment from printers, access control systems and security cameras to digital signage, smart TVs, thermostats and even everyday appliances like coffee machines. In situations where digital signage shares the network with such a diverse range of devices and applications use of software-based site-to-site VPNs are often the best way to ensure security, signal continuity and optimize flexibility.
Applications such as security cameras and digital signage often have to stream audio and/or video continuously. When so much data is being transmitted it places an especially heavy load on the network. This can be a problem on networks that run older, limited capacity hardware. If the network struggles to keep up it can lead to lag or even loss of signal.
There is also the issue of proximity. In many digital signage scenarios, it is standard to place the controller, usually a PC, just behind the screen. This can be a limitation – impacting on flexibility and on aesthetics.
Today, there has never been more pressure on advertisers to maximize the returns from their campaigns. This means that wherever digital signage applications are in operation – in public transportation vehicles, airports, shopping malls and so on –advertisers expect to be able to continually adjust the content to suit the audience.
To do this, computers are used to collect "live" data so that the content can be increasingly personalized. Digital signage is also not immune to hackers. It has been widely reported that the Internet of Things (IoT) trend is becoming every hacker’s dream. As part of this trend digital signage is vulnerable to attack from digital vandals who may want to disable or deface the content.
Vulnerable digital signage is relatively easy to find. Free search engines like Shodan allow users to find thousands of working Internet-connected devices worldwide, including digital billboards, that have not been properly secured. They are open invitations to pranks like this one in Atlanta in 2015.
Since any display problems quickly add up terms of revenue losses it is not unusual for outdoor advertising companies to deploy some kind of redundancy capability with their digital signage. Some audio-visual-over-IP platforms can capture, encode and stream a signal for decoding and displaying onto remote digital signage screens.
By placing two encoders at each location it is possible to remotely switch from one to the other should any problems arise. It is further possible to manage every encoder and decoder via a VPN connection to protect against tampering and further ensure signal redundancy.
Site-to-site VPNs allow display owners to connect with multiple digital signs from one central location. A good example might be the owner of a restaurant chain who wants to update software that sets the display remotely from a central location. Using a secure VPN connection all signs on the network can be updated to display the same thing at the same time.
Comprehensive VPN software solutions are ideal. They fit easily into the existing infrastructure and require no additional hardware. Moreover, data traffic is secured at the device itself ensuring there is encryption throughout the installation.
There are three areas to take into account when setting up a VPN in such an environment:
- Connections – decide whether the application requires on-demand or always-on access as well as command line or API control.
- Security and Authentication – secure, encrypted VPN tunnels against hacking and secure authentication with soft- or hardware certificates
- Centralized Management – a central way to remotely configure digital signage either via a system image or software distribution roll out, patching/updating software, scaling up/down VPN connectivity and managing authentications.
Network access control via the deployment of VPNs can substantially mitigate or totally eliminate the risks associated with digital signage systems. Without reliable VPN connections signage is at risk of interruption or failure—severely impacting campaign effectiveness. VPN software can easily scale up to managing and securing the connections of thousands of digital signs on a single network and their interaction with the central management point.