Need help choosing a product for your project?

Use Case Article

Use Case

Human Resources App Lockdown

Secure your HR app with Kiosk Software

Human Resources App Lockdown


A natural path for human resource applications is toward self-service management, whereby each employee is empowered to make and submit decisions about their healthcare coverage, 401(k) plan, or time and attendance schedule online via the company’s intranet. This eliminates the inefficient and costly one-on-one interaction with HR/supervisory staff. Most commercial HR software vendors have web-based applications that target this vertical market.

An intranet solution, however, is only useful to those staff that has access to the intranet. For example, many industrial and healthcare organizations have staff with no permanent work location and no access to the intranet, leaving them to perform HR functions with paper in long hand.

The solution is to provide a computer kiosk in a convenient location, such as a cafeteria, that enables access to the HR applications on the intranet.


Why go to the bother and expense of installing a computer kiosk? Why not simply install a normal desktop computer? The answer to this question is best answered by understanding the difference between desktop personal computer users and general public computer users.

In a desktop scenario, the user has responsibility for the computer and generally is the only user of the computer. One isn’t as concerned about the desktop user physically harming the computer or operating system. Also, if the desktop user walks away from the PC for a moment, it isn’t necessary to immediately log that user off the system, nor is there the concern of enticing the user to utilize the desktop computer.

On the other hand, a general use computer has many users and none of them have a sense of ownership for the computer, so it is critical that the general use computer be designed for and housed in a robust structure with resilient components that ensure the long-term survivability of the hardware. Privacy is a significant issue with a general use computer, so it is critical that immediately upon leaving the computer, the user’s session is terminated and the application is reset to its home page. In other words, the computer needs to be a specialized kiosk.


The kiosk user has special needs that are vastly different from the desktop user.


Application availability is critical to the success of the kiosk. When an employee steps up to a kiosk, the HR application has to be running and ready for use. Unlike a desktop user, the kiosk user cannot be expected to hunt around the desktop, open up a browser, and surf to the proper URL. They should be limited to whatever applications relate to the purpose of the kiosk and nothing else. Finally, when the employee steps up to a kiosk, the application should be reset to the start page of the application. The user should not be confused by seeing the last page the previous user viewed and have to manually return to the start page.


As might be expected, security is a significant issue in deploying a kiosk. Because the unit is available to everyone for extended periods of time and often situated in such a way to maximize privacy, it is often hard to catch anyone maliciously attacking the kiosk, be it physically or programmatically.

Physical abuse can be prevented, or at least mitigated, by the quality of kiosk purchased. It is critical that the enclosure, keyboard, trackball, display, printer, and whatever other peripherals are required match the environmental/user stress to which it will be subjected.

Programmatic abuse must be prevented by the kiosk system software. It is critical that the kiosk software prevent the user from ever reaching the desktop or file system. This can be tricky because standard print dialogs allow the content to be printed to a file and enable the user access to the file system. The same is true for many email links that load the default email tool and allow the email to be saved to a file. Also, if a keyboard is included in the kiosk, then the kiosk software must also disable all problematic specialty keys such as ctrl-alt-del. Kiosk software must be able to prevent misuse of these features. In addition, the standard browser menus must be disabled because these provide too much configuration control to the user. Finally, it is important to prevent the user from accessing URLs not applicable to the function of the kiosk. This can be accomplished by hiding the address bar and incorporating domain and page checking into the kiosk system software.


Kiosk visibility is also critical to the success of the kiosk. If the staff doesn’t know that the kiosk is available to them, then it won’t be used. Certainly, announcements in the company newsletter and posters displayed throughout the facility help, but it is equally important that the kiosk itself be enticing to the employee. This includes branding the exterior of the kiosk and displaying graphics on the computer monitor in such a way as to identify the purpose of the kiosk as well as draw the employee to use the kiosk.


Since the user will be logging into their HR account, and their account contains confidential and private information, it is important that the kiosk’s physical design and placement, as well as programmatic function, protect that information. Not only does the kiosk need to be equipped with vision barriers and placed so that other staff cannot easily see the display screen, it also needs to have the perception that the information is safe and secure. The best-safeguarded kiosk will be wasted if no one uses it because the perception of safety is missing.

The kiosk system software also needs to ensure that the user’s session is automatically ended when the user leaves the kiosk. This is typically done using a security mat or proximity switch that initiates the logon screen when a user arrives at the kiosk. This sequentially flushes local variables and resets the application immediately upon the user leaving the kiosk.

In HR applications, users often want a printout of their changes and records. Many times, users will print their information and then proceed with their other HR activities. If the user then forgets about the printout, there is a risk of other employees removing the printout and viewing their private information. Kiosk printers with retracting capabilities are a must for user privacy. Now, if forgotten by the user, the document is retracted back to an internal disposal box, thus maintaining the user’s privacy. Kiosk printers generally retract after a designated amount of time, but this does not ensure complete privacy. What if a new user walks up to the kiosk immediately after the first user and takes the printout before the printer has been set to retract? The most reliable way to make certain that the user’s printout is protected is by conjoining the retract event with the security device’s termination of the user’s session. Now, if a user steps off the security mat without taking his or her printout, it will instantly be retracted, thus ensuring the user’s complete privacy.


Maximizing your return on investment will be an important consideration in determining the overall approval of the project, as well as how many kiosks can be placed. Obviously, each project is unique and will depend on the number of staff affected and the financial benefits of self-service as compared to the cost of initial deployment and recurring expense. Skimping on the hardware specification may help meet your financial target, but it is an expedient move with long-term negative consequences; therefore, to maximize ROI focus on savings in the software expense instead.

To minimize software cost, the goal is to use the same HR intranet application as the desktop users. To create a modified HR application for use by the kiosk not only means initial development cost but also the recurring expense of maintaining two versions of essentially the same application. Instead, insist that kiosk specific functionality be implemented within the kiosk system software. Ideally that functionality should be accomplished through simple configuration rather than paying a programmer to write code.


A cost benefit analysis will determine whether it is beneficial to deploy your HR intranet application to a kiosk; however, it is important to understand that a kiosk’s availability, security, visibility and privacy requirements are significantly different from a standard desktop. The proper selection of kiosk hardware and kiosk system software is necessary to adequately address these differences.

NEED MORE HELP? KioWare has played a role in numerous HR kiosk projects. Check out 5 Ways Your Human Resources Department Will Benefit From Kiosks, Kiosk Security and Privacy, and Lessons Learned from a Long-term Kiosk Project.

When it comes to the confidential nature of data accessible from human resources kiosks, KioWare Kiosk Software is an essential part of your project to secure that data. Read more about kiosk software here: Protect from Security Breaches, Kiosk Software Prevents Hacking, Kiosk Software: Security Features, and How Secure is Your Kiosk?.

Human Resources
Back to top