hotelPhoto source: Flickr

But you can never leave.

Secure lodging and reputation are paramount for hotels of any size. Protection and maintenance of assets including human, physical and other

intangible assets is key. A hotel’s reputation and standard conduct of business is based on the protection that is afforded to guests, employees, visitors, contractors, the physical structure of the premises and all that is contained therein and pertinent to the property.

Yes, in present times, hotels are collecting a lot of guest information and retaining it, especially digitally and hence the parallels to the famous Eagles song, “Hotel California”.

Hotel Security for digital information is a bigger concern than ever before, due to a number of reasons. Hotels are acutely dependent on a positive user experience. However, the more seamless things are for the guests, the higher the amount of data that the hotels collect and retain. Also, Technology plays a major role in making that possible which if not assessed properly can lead to big security exposures. Exposures that can lead to compromise and breach of guest information unless protected with the right security.

Physical security requirements are simpler to define and most hotels already have them in place such as:

  • Round the clock security personnel who are monitoring site security and cameras;
  •  Validation of government-issued photo ID, driver's license, or passport upon check-in.
  • Staff training in security and emergency-management

Hotel Security challenges in the digital age

There are four main areas making security a challenge for the hospitality industry today.

1. Higher interconnectivity among initially disparate systems. 

 According to Larry Mogelonsky, a hotel expert “No longer do you think of a phone system, a Wi-Fi system or even a guestroom safe as a separate entity. Rather, think of how each element you acquire interconnects with all the other components. It’s no longer just a door key or a smart thermostat, but a device that constantly communicates with your PMS and security system. Similarly, every POS terminal throughout your property is continuously generating data that streams into your guest history as well as your P&L.”

Each one of these system's security and vulnerabilities requires analysis &

Interfaces between each one of these systems, especially those carrying sensitive data requires risk assessments to ensure these systems and their data cannot be compromised. 

2. New Technology and Applications.

Hotels are increasingly experimenting with new technology, which requires both a clear understanding of the threat model to its implementation and context. It also requires a risk assessment of the security of the technology.

One new technology hotels are bringing in is to let smartphones function as keys. The keys are activated through smartphone apps. When guests check in through the app, the hotel sends them their room numbers and enables the phones to act as virtual keys. Sensors in the door can detect and verify the phone through technology such as Bluetooth LE.

There are applications that extend the TV platform to mobile and allows guests to access information and control the in-room TV using a room-paired tablet or a downloadable version to a guest mobile device. They allows guests to choose what to watch or listen to next on the in-room TV by browsing TV channel listings, programs, movies, music available for on-demand listening and world radio. Some enable guests to take advantage of the in-room TV to view their personal photos, music and videos stored on their device. Additional features include the ability to stream content to the TV from iOS devices via Airplay from Apple and PVR functionality enabling guests to record future programs.

3. Mission Critical Systems getting outsourced or moving to the cloud:

Hoteliers view making the move to the cloud and subscription based services as providing their organization competitive edge. Moving to the cloud requires careful risk analysis for any function, but when it involves critical functionality and contains sensitive data such as Property Management Systems (PMS) there should be a risk assessment performed so that security exposures can be identified, understood by all stakeholders and mitigated.

In hospitality a PMS is a comprehensive software application used to cover some basic objectives such as coordinating the operational functions of front office, sales and planning etc. and automating hotel functions like guest bookings, guest details, online reservations, point of sale, telephone, accounts receivable, sales and marketing, banquets, food and beverage costing, materials management, HR and payroll, maintenance management, quality management and other amenities. Hotel property management systems may interface with central reservation systems and revenue or yield management systems, front office, back office, point of sale, door-locking, housekeeping optimization, pay-tv, energy management, payment card authorization and channel management systems.

Today, the PMS functionality extends far beyond the traditional realms leading to integration with more systems – which increases the security vulnerability potential.

4. Focus on meeting Payment Card Industry (PCI) compliance as opposed to assessing the overall risk.

Security risks, require an increasingly sophisticated response that is intelligence-led and risk-based. The security risk environment is highly dynamic and needs to be managed both centrally and locally in hotels. This goes beyond meeting Payment Card Industry (PCI) compliance.

Hotels are increasingly dependent upon the availability, integrity and confidentiality of information and the ability to report appropriate and accurate business performance, including financial reporting, to investors and markets.

A hotel's reputation and performance may be adversely affected if it fails to maintain appropriate confidentiality of information and to ensure relevant controls are in place to enable the release of information only through the appropriate channels in a timely and accurate manner.

Posted by:

Pamela Gupta