Beyond the Basics: Content Protection, Enterprise Deployment, and Future Trends
An interview with Skykit co-founders CEO Irfan Khan and CTO Paul Lundberg
Introduction
Welcome back to our conversation with Skykit’s co-founders! In part one, we explored the security risks facing digital signs and how good hardware choices can help keep systems safe. For this second part, we continue our joint interview with CEO Irfan Khan and CTO Paul Lundberg, maintaining the valuable dynamic between business and technical viewpoints.
Irfan’s business perspective highlights how security decisions impact operational efficiency, compliance requirements, and customer trust, while Paul’s technical expertise reveals the underlying mechanisms that make these security measures work. This combination gives you both the “why” and the “how” behind effective digital signage security.
In this installment, we’ll dive into how companies can protect the actual content showing on their screens, manage digital signs across many different locations, and keep everything connected securely—even in places with poor internet. Irfan and Paul share real-world examples and practical advice that any organization using digital signs can apply.
Content Security and Data Protection
How does the approach to content rendering impact data security in digital signage environments?
Most of our competitors use an approach that takes static screenshots or creates slideshow-type displays. We do something completely different. We employ an edge-first architecture that places computing resources closer to where the data is presented.
Our media players sit at the edge of the network, right near the displays. This setup is much more secure because we store credentials in a protected vault service – they never actually stay on the media player itself. The devices authenticate using standard security protocols without needing any open ports or special firewall exceptions that could create security risks.
"The edge-first architecture ensures data is retrieved securely from enterprise networks without unnecessary exposure."
Because we access dashboards through edge computing nodes, the displays keep their full interactivity. Your team always sees the most current information. Our media players also make dashboards load faster by caching visualizations locally. Only the data changes get updated, which means visuals update almost instantly without compromising security.
This approach eliminates what I call the “screenshot security gap.” Many competitors extract data, store it in separate databases, and then recreate visualizations in their platform. Each of those steps introduces new security vulnerabilities. Our way is much cleaner and safer.
How content gets to your screens is a huge security consideration that most people overlook. Our approach processes data locally on the player, instead of grabbing screenshots and sending them across networks.
This naturally limits data exposure by keeping information contained on the device itself. For organizations dealing with sensitive information – think healthcare patient data, financial information, or government intelligence – this containment strategy significantly reduces risk by minimizing unnecessary data movement.
What security considerations arise when integrating external data sources and analytics tools with digital signage systems?
As digital signs get smarter, they’re connecting to more and more external data sources and systems. This creates some serious security challenges that we’ve had to solve.
For external content sources, we use what we call Content Hook integration with HTTPS for secure transport. We use public/private key authentication for access control – it’s like having a special key that only works for your specific lock. We also pass authentication tokens in authorization headers for API requests, which is an extra layer of security.
For dashboard connections, we use a secure vault service to store credentials. This means credentials never stay on the media players themselves, which is much safer. We also support enterprise authentication methods like Single Sign-On and Multi-Factor Authentication.
We only integrate with external content sources through secure APIs that are protected with OAuth authentication, token-based authorization, and role-based access controls. Our edge-first architecture ensures data is pulled securely from enterprise networks without unnecessary exposure.
To prevent content manipulation, we enforce strict data validation and caching policies. We use unique content IDs, version tracking, and secure hashing mechanisms to ensure data integrity. Our Content Hook callbacks verify updates before media players change their configurations.
As digital signs evolve from simple displays to smart, connected systems, securing third-party integrations becomes crucial. We’ve developed several strategies to keep things secure when connecting to external data sources.
First, we process data locally whenever possible, which minimizes how much information needs to travel across networks. Our hardened firmware reduces the attack surface for integration points – there are simply fewer ways for hackers to get in. We also use formal compliance frameworks to ensure proper data handling.
These strategies let organizations take advantage of integrated data while maintaining strong security. This is becoming increasingly important as digital signs evolve from simple displays to integrated business intelligence platforms.
Enterprise-Scale Deployments and Connectivity Challenges
What are the key challenges in securing large-scale, distributed digital signage deployments, and how can they be addressed?
When you’re dealing with digital signs spread across hundreds or thousands of locations, you run into some unique security challenges. The biggest issue is inconsistency – you end up with a mix of different hardware, operating systems, and management tools. This creates a patchwork of security that’s really hard to monitor and maintain.
We tackle this by using standardized firmware across all devices, which eliminates security inconsistencies. We also use reliable connectivity protocols like MQTT to keep communication flowing with distributed endpoints. And we’re big believers in network segmentation, including cellular connectivity that physically separates signage systems from corporate networks.
"Network segmentation strategies including cellular connectivity have proven particularly valuable in highly-regulated environments."
That last approach has been game-changing for our clients in highly-regulated industries. By putting digital signage on its own dedicated cellular network, organizations in healthcare, banking, government, and defense contracting have eliminated security bottlenecks while preventing possible cross-contamination between systems.
For enterprise deployments across multiple locations and different network environments, we take a multi-layered approach to security. Our platform is built on Google Cloud, which gives us enterprise-grade security, compliance, and scalability right out of the gate. This includes end-to-end encryption and robust identity management.
"We take a Zero Trust approach where devices connecting to Skykit's cloud are authenticated and authorized using modern security frameworks, ensuring only trusted devices and users can interact with the system."
We follow what’s called a Zero Trust model – devices connecting to our cloud have to be authenticated and authorized using modern security frameworks. This ensures only trusted devices and users can interact with the system. It’s like having a bouncer who checks everyone’s ID, even if they look familiar.
For connectivity, we partner with companies like Emnify and Verizon to provide secure, managed connections with data policies and secure APN configurations. We also use hardened media players with custom firmware and secure boot processes to reduce the risk of tampering or malware.
We build in automatic updates and patch management, so you’re protected against new threats without having to manually intervene. Our user and role management system integrates with Single Sign-On, which enhances security for enterprise users. We also support content security and Digital Rights Management for encrypted video streams.
Our cloud architecture is network-agnostic and firewall-friendly, with outbound-only connections that minimize network exposure. We’ve also built in real-time monitoring, logging, and alerting for device health and security issues. And for companies with data residency requirements, we offer regional data isolation to ensure compliance with regulations like GDPR and SOC 2.
What connectivity strategies can help maintain security for digital signage in remote or challenging network environments?
Keeping signs connected securely across all kinds of locations is something we’ve gotten really good at. We’ve developed several approaches that work even in remote areas or places with spotty internet.
One of our best solutions is partnering with cellular providers to offer multi-carrier SIMs. These automatically switch between available networks, so you’ve always got connectivity even in the middle of nowhere. For example, we work with a retail chain that has stores in rural areas. They use our cellular-connected media players with automatic failover, so their content keeps flowing even when the local internet is unreliable.
For places where data is expensive or limited, we’ve built in smart data management. We set up connection policies with adjustable thresholds for bandwidth usage, use adaptive streaming and caching to minimize data usage, and prioritize essential updates. A fast-food chain we work with uses metered LTE connections, and our optimizations have helped them cut cellular costs while keeping their menu boards updated in real-time.
Our network security approach is really straightforward – we only use outbound connections, which means you don’t need any open inbound ports (those are security nightmares). We support private APNs and VPN tunneling for encrypted traffic, and we have secure authentication that works even in mixed network environments. One of our financial clients needed bank-grade security for their branch signage, so we set up VPN-secured connectivity. This gave them encrypted, tamper-proof communications for sensitive internal messages.
We also plan for spotty connections. Our devices can store and play cached content, so they keep working even without real-time cloud access. We’ve got a national gas station chain using this feature to maintain their fuel price displays across locations with variable connection quality.
We’ve had great success with network segmentation, especially using cellular connectivity. By putting digital signs on their own dedicated cellular networks, our clients in healthcare, banking, government, and defense have eliminated security bottlenecks and prevented any cross-contamination with other systems.
This approach not only boosts security but also makes deployment and management much simpler, especially in places where access to IT infrastructure might be limited or inconsistent. It’s a win-win. Better security and easier operations at the same time.
The Future of Digital Signage Security
Looking ahead, what emerging technologies and approaches do you see shaping the future of digital signage security?
I’m really excited about intelligent monitoring and response systems. We’re starting to use artificial intelligence to establish what normal network behavior looks like and then identify anything unusual that might signal a security problem.
These smart systems can spot tiny variations in network behavior that humans would miss, especially across large-scale deployments with thousands of screens. When we combine this with additional security certifications and enhanced monitoring capabilities, we’re creating much stronger security for an increasingly dangerous threat landscape.
"As digital signage continues its expansion across industries, security can no longer be an afterthought. Organizations must demand solutions built with security as a foundational principle rather than a feature addition."
Here’s the bottom line: as digital signs become more common across industries, security can’t be an afterthought anymore. Companies need to demand solutions where security is baked in from the ground up, not just tacked on as a feature.
Digital signage is evolving rapidly from simple screens to mission-critical communication platforms that connect to all kinds of business data, IoT devices, and cloud services. As this happens, security requirements are only going to get stricter.
Our approach of controlling the entire technology stack – from hardware to cloud services – gives us a solid foundation for meeting these challenges.
Looking ahead, we’re continuing to beef up our security through ongoing R&D, regular security audits, and continuous improvements to our device management platform. By bringing together custom firmware, hardened devices, advanced management, edge-based rendering, and secure connectivity, we’ve built a solution that can scale across thousands of locations while maintaining strong security.
This comprehensive approach, backed by our SOC 2 compliance and ongoing security testing, puts us at the forefront of secure enterprise digital signage – and we’re committed to staying there.
This interview has been edited for clarity and length. Read Part 1 for insights on the digital signage security landscape, hardware/firmware security, and compliance considerations.
