Home » Categories » Multiple Categories

How Secure is Our Patron Information?

We are often asked the question, “How secure is our patron data?”, and "Is my data kept private?”  We realize a simple response of “Very secure” will not satisfy most.  We also know that a highly technical (read: boring) response will be difficult to relay to your concerned patrons.  It is for this reason, we wrote this article.  We hope your patrons will find it both informative, and fun.


Security ≠ Privacy

Before we proceed, we feel it is important to address a common misnomer.  Security and Privacy are not interchangeable terms.  Security is about mitigating risks to data.  Privacy is about using data responsibly.  However, privacy exposure may result as a lack of proper security.  In that respect, this article will cover the “Shared Responsibility” model.  The first half will cover some of the measures we take to ensure your patron data is secure.  In the last half, we offer some recommendations for ways you can prevent a breach of privacy.



It is important not to discount expertise and knowledge when it comes to securing data.  To provide world-class security, a company requires some of the smartest minds in the world in the fields of networking, systems administration, security, etc.  And guess what?  They don't work for us - which is why we rely on the experts at AWS (Amazon Web Services).

"AWS is knowledge commoditized."

If you're not at all familiar, AWS is a collection of remote computing services that make up a cloud computing platform.  AWS is not amazon.com; although, that website is hosted in AWS, along with many other popular sites and platforms, such as Netflix, Instagram, Reddit, and Dropbox.

Just like with the field of medicine, there are specialists in the field of IT.  These specialist do not work at your local library, or even small-to-medium businesses like Evanced.  They work for Fortune 500 companies, and mega-cloud computing platforms like AWS.  We benefit from the volume of customers AWS supports.  AWS is knowledge commoditized, and that means we don't need to locally staff a team of SysAdmins, and a separate team of NetSec experts.  We can instead focus our time on our applications, and our customers.

AWS officially launched in 2006, making them the oldest, and most experienced cloud computing platform.  Another thing they're known for is militant commitment to security.

We'll start with their data centers - the geography of which are unpublished.  These centers are staffed 24x7 by trained security guards, and access is authorized strictly on a 'least privileged' basis.  The guards, as an example, would not have access to the cabinets where the servers are stored.

We follow the same principle of 'least privilege' ourselves when it comes to the access our own employees have within our AWS account.  Employees are given access only to the specific sections of the application that are explicitly required for their job.  Furthermore, we require multi-factor authentication as a measure to assure logins cannot be shared. 




When a hard drive is pulled from production, AWS degausses and then shreds the drive.




When it comes to our applications, we follow the AWS best practice of isolating our database servers from our web servers by firewall (within AWS security groups).  Should, as an example, a hacker discover a zero-day exploit to gain access to a web server, they would not find any customer data within that machine.

Countermeasures are in place to ban offending IP addresses that attempt SQL injections on our applications.  Bots are indiscriminate when it comes to the sites they attack.  System Admins who feel their apps are safe because they're not big or important enough to be a target are fooling themselves.  Up to 80% of website traffic comes from bots.  Every website is a target.

"Good security means layers of security"

Good security means layers of security.  Listing every layer of security, however, is a fast way to make your article boring - so, quickly, here are just a few more, and then we'll move on.

  • API Endpoints are protected by SSL.
  • We offer secure HTTPS access for all of our hosted applications.
  • Unauthorized port scans are detected and blocked.
  • Hypervisor separation prevents one AWS customer from using packet sniffing on another AWS customer's instance, even if both instances are running on the same physical hardware. 

AWS makes security paramount.  We don't expect you to take our word for it, alone, though.  Instead, examine the absurd number of third-party security audits and reviews AWS has undergone.  Our own applications have undergone their own third-party audits.   



We recommend the following:


SSL encrypts the traffic between a patron's browser and our servers.  Our newest applications (SignUp, Spaces, and D!BS sites) provide SSL by default.  SSL can be requested at no additional cost for classic applications (Events, Room Reserve) as well.

Our inclusion of SSL by default makes it very easy to simply link to the HTTPS URL on your website.  As an example, if the link to your application on your website looks like this:  http://libraryname.evanced.info/spaces

Simply update the link to this:  https://libraryname.evanced.info/spaces


Do not share staff logins

This is covered in a nice blog post.  Also covered, ‘Enable auditing’, and ‘Use strong passwords and change them regularly’.


Limit fields

Limit the fields required to register for a program or event.  Only collect data that is absolutely necessary.  The less data you collect, the less impact a privacy breach will cause.


Review our Privacy Policy

General Privacy Policy

Custom Fields
  • Applicable To: All Users
  • Attachments: No
  • Summary: How secure is patron data
5 (1)
Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Comments Comments
There are no comments for this article. Be the first to post a comment.
Related Articles
How can I customize events’ registration form?
Viewed 20479 times since Thu, Oct 27, 2011
Scheduling Holiday Closings in Events and Room Reserve
Viewed 12273 times since Tue, Feb 14, 2012
Frequently Asked Questions: Managing Security
Viewed 6609 times since Tue, Dec 8, 2015
Is There A Way To Track No Shows in Room Reserve?
Viewed 3603 times since Tue, Dec 13, 2011
Keep Me Logged In
Viewed 4167 times since Wed, Oct 23, 2019
Room Reserve - Credit Card Processing
Viewed 3370 times since Wed, Sep 28, 2011
What is a Featured Event?
Viewed 5060 times since Thu, Sep 15, 2011
Editing Events With Registration Enabled
Viewed 20359 times since Wed, Oct 30, 2019
Payment: Mark As Paid - Returns - Staff Adjustments
Viewed 11913 times since Fri, Oct 17, 2014
Patron Calendar in SignUp
Viewed 26116 times since Mon, Sep 17, 2012