Businesses in the entertainment & hospitality sector are actively moving into cloud hosted and managed solutions. Why? Cloud based solutions are easier to manage, give access to real-time data and latest technologies, plus provide cost and performance benefits.
What is one of the most popular technologies in use today by gaming and hospitality organizations that utilize cloud-based technology? Kiosks.
In this report, we’ll talk about the concerns and vulnerabilities for casino kiosk security.
Covering the basics
A move to cloud managed solution introduces a number of security concerns and vulnerabilities. That’s why it is important to do a proper study and analysis before and during the vendor selection process. It is equally important for a business to participate actively during the implementation phase and carry out the necessary test cases and user acceptance checks before going live with a cloud managed solution.
In a cloud managed solution – including in the case of kiosks at casinos – there is a software application (aka a client) on the kiosk hardware machine that is locally deployed at the customer site. Additionally, a server application is installed and running in the cloud. The casino kiosk application vendor is implements and manages this process.
The information and the data exchanged between the client and server traverse over the public internet between local premises of the business and the third-party data center where the server application is hosted.
In order to better understand security requirements and vulnerabilities, we need to pay attention to multiple levels of the OSI model. i.e. networking (connectivity level), transport and application layers.
The following are key consideration areas to ensure there is end-to-end security for the kiosk and no security vulnerabilities.
- Ensure that the kiosk machine can only connect and access the kiosk server application from a pre-specified location in the casino venue. This can be done by coupling the kiosk client application with a secure VLAN in the local IT network.
- Onboard the kiosk machine with the kiosk server application when the initial connection is made, and, if needed, on a periodic basis. By combining VLAN authentication and on-boarding, it’s possible to bind the kiosk machine with the client application that is installed on the Kiosk hardware.
- Use authentication and validation between client and server applications. This is also referred to as API authentication and tokens are used in the authentication process. As a best practice, the token can be set to expire in 24 hrs and the client can refresh them on a regular basis.
- Establish user authentication.
- Ensure that all data and end user information is encrypted with a SSL certificate and is transmitted over a secure HTTPS pipe end-to-end between the client and server, even though public internet is in the middle.
- Access to the Sever application on the cloud can be allowed from the Client application and vice versa by configuring the Firewall rules in the IT network at the local Kiosk venues and the Cloud managed by the Kiosk vendor.
- Remember, any sensitive information stored on the Sever application can be hidden.
Do you have the proper security protocols in place to protect your data? Do you have questions on the seven areas above with your current kiosk set-up? Drop us a line at 775-329-7864 or email Amy Hergenother at [email protected] if you’re interested in a kiosk security check-up.