Home » Categories » Multiple Categories

How Secure is Our Patron Information?

We are often asked the question, “How secure is our patron data?”, and "Is my data kept private?”  We realize a simple response of “Very secure” will not satisfy most.  We also know that a highly technical (read: boring) response will be difficult to relay to your concerned patrons.  It is for this reason, we wrote this article.  We hope your patrons will find it both informative, and fun.


Security ≠ Privacy

Before we proceed, we feel it is important to address a common misnomer.  Security and Privacy are not interchangeable terms.  Security is about mitigating risks to data.  Privacy is about using data responsibly.  However, privacy exposure may result as a lack of proper security.  In that respect, this article will cover the “Shared Responsibility” model.  The first half will cover some of the measures we take to ensure your patron data is secure.  In the last half, we offer some recommendations for ways you can prevent a breach of privacy.



It is important not to discount expertise and knowledge when it comes to securing data.  To provide world-class security, a company requires some of the smartest minds in the world in the fields of networking, systems administration, security, etc.  And guess what?  They don't work for us - which is why we rely on the experts at AWS (Amazon Web Services).

"AWS is knowledge commoditized."

If you're not at all familiar, AWS is a collection of remote computing services that make up a cloud computing platform.  AWS is not amazon.com; although, that website is hosted in AWS, along with many other popular sites and platforms, such as Netflix, Instagram, Reddit, and Dropbox.

Just like with the field of medicine, there are specialists in the field of IT.  These specialist do not work at your local library, or even small-to-medium businesses like Evanced.  They work for Fortune 500 companies, and mega-cloud computing platforms like AWS.  We benefit from the volume of customers AWS supports.  AWS is knowledge commoditized, and that means we don't need to locally staff a team of SysAdmins, and a separate team of NetSec experts.  We can instead focus our time on our applications, and our customers.

AWS officially launched in 2006, making them the oldest, and most experienced cloud computing platform.  Another thing they're known for is militant commitment to security.

We'll start with their data centers - the geography of which are unpublished.  These centers are staffed 24x7 by trained security guards, and access is authorized strictly on a 'least privileged' basis.  The guards, as an example, would not have access to the cabinets where the servers are stored.

We follow the same principle of 'least privilege' ourselves when it comes to the access our own employees have within our AWS account.  Employees are given access only to the specific sections of the application that are explicitly required for their job.  Furthermore, we require multi-factor authentication as a measure to assure logins cannot be shared. 




When a hard drive is pulled from production, AWS degausses and then shreds the drive.




When it comes to our applications, we follow the AWS best practice of isolating our database servers from our web servers by firewall (within AWS security groups).  Should, as an example, a hacker discover a zero-day exploit to gain access to a web server, they would not find any customer data within that machine.

Countermeasures are in place to ban offending IP addresses that attempt SQL injections on our applications.  Bots are indiscriminate when it comes to the sites they attack.  System Admins who feel their apps are safe because they're not big or important enough to be a target are fooling themselves.  Up to 80% of website traffic comes from bots.  Every website is a target.

"Good security means layers of security"

Good security means layers of security.  Listing every layer of security, however, is a fast way to make your article boring - so, quickly, here are just a few more, and then we'll move on.

  • API Endpoints are protected by SSL.
  • We offer secure HTTPS access for all of our hosted applications.
  • Unauthorized port scans are detected and blocked.
  • Hypervisor separation prevents one AWS customer from using packet sniffing on another AWS customer's instance, even if both instances are running on the same physical hardware. 

AWS makes security paramount.  We don't expect you to take our word for it, alone, though.  Instead, examine the absurd number of third-party security audits and reviews AWS has undergone.  Our own applications have undergone their own third-party audits.   



We recommend the following:


SSL encrypts the traffic between a patron's browser and our servers.  Our newest applications (SignUp, Spaces, and D!BS sites) provide SSL by default.  SSL can be requested at no additional cost for classic applications (Events, Room Reserve) as well.

Our inclusion of SSL by default makes it very easy to simply link to the HTTPS URL on your website.  As an example, if the link to your application on your website looks like this:  http://libraryname.evanced.info/spaces

Simply update the link to this:  https://libraryname.evanced.info/spaces


Do not share staff logins

This is covered in a nice blog post.  Also covered, ‘Enable auditing’, and ‘Use strong passwords and change them regularly’.


Limit fields

Limit the fields required to register for a program or event.  Only collect data that is absolutely necessary.  The less data you collect, the less impact a privacy breach will cause.


Review our Privacy Policy

General Privacy Policy

Custom Fields
  • Applicable To: All Users
  • Attachments: No
  • Summary: How secure is patron data
5 (1)
Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Comments Comments
There are no comments for this article. Be the first to post a comment.
Related Articles
Events/Room Reserve Version 7 History
Viewed 641692 times since Tue, Sep 27, 2011
Enhancements to SignUp, Spaces, and D!BS
Viewed 6146 times since Tue, Sep 17, 2019
Keep Me Logged In
Viewed 5582 times since Wed, Oct 23, 2019
Server Move
Viewed 18361 times since Wed, Sep 28, 2011
What happens to archived events?
Viewed 3349 times since Thu, Oct 27, 2011
508 Compliance and Spaces
Viewed 2757 times since Thu, Mar 27, 2014
SignUp and Spaces Integration: Add Event Room Layout and Equipment
Viewed 2534 times since Mon, Jun 1, 2020
How To Events-Remove a single date from a recurring series
Viewed 21838 times since Tue, Sep 27, 2011
How can I customize events’ registration form?
Viewed 20698 times since Thu, Oct 27, 2011