Additionally, selecting a solution that delivers the same robust, hospitality-specific
functionality as an on premise system supports globalization for hotels, resorts and
casinos. With access via the cloud, users, partners and suppliers at locations across
multiple continents can share real-time data on everything from guests to revenue.
Information flows more freely and managing daily operations becomes easier as teams
are able to connect from different properties and departments. This also enables
better-informed decision making, as hotel managers have visibility into comprehensive
data and an enterprise-wide view of how their organization is performing and operating.
Many information-critical industries, including pharmaceuticals and manufacturing, must
weigh the potential pros and cons associated with moving to the cloud. But hoteliers are
in a unique position because guest satisfaction, not the delivery of a physical product to
market, is the top priority. Compromised guest data including contact and credit card
information would mean a serious blow to revenue for a hotel chain or casino, as guests
would no longer feel that their identities were safe while staying at the property. With
more ways than ever for customers to voice feedback, including social media and online
rating sites, news of a security breach would travel faster than ever before.
Because of the guest's distinctive control over hoteliers' success, it is even more
important for companies to vet a vendor's approach to cloud security before selecting a
provider for their cloud technology. Hotels own and manage the data, but it is the
technology vendor's job to protect that data. Technology providers should instill
confidence in customers that best-practice protocols and a thorough, continuous
improvement approach will be utilized for any cloud-related projects.
However, many hoteliers are hesitant about moving to the cloud because with 24/7
guest interaction, a back-end system glitch could have negative implications on
customer satisfaction. Compromising guest profiles or credit card information could be
disastrous, making many hospitality companies uncertain about cloud deployment. In
order to ensure security when utilizing SaaS-based business applications, hoteliers
should focus on vendor selection and best practices for network safety. Selecting the
right technology provider who employs these practices and is transparent on how and
where data will be stored is critical in minimizing any risks associated with utilizing cloud
technology.
Ensuring security in the cloud is a two part endeavor. Hoteliers must take steps
internally to safely store and transfer data, but software vendors must also take
measures to assess potential threats and implement effective security controls. A
detailed look at the vendor's security approach is essential to confirm that a company
will be thorough and follow necessary protocols. Effective security also begins with
development and the proper training of staff. It should include a multiple layer strategy,
as well as physical and operational processes that support protection. Knowing what type
of monitoring processes and infrastructure-related measures will be taken to minimize
safety risks is essential to when running business applications in the cloud. Vendors are
the direct source for each of these security measures. Hoteliers should view technology
providers as a partner in facilitating data safety in the cloud, and as such should
carefully examine answers to the questions above when moving to a SaaS-based
system.
With security top of mind for cloud deployment, decision-makers should ask these
questions before choosing a technology provider for their project.
1. How in-depth is your security strategy?
Make sure that the
vendor employs an in-depth defense strategy and does not rely on a single security
technique or device. Data assurance should be confirmed through a multiple layer
approach with overlapping security controls.
To proactively defend against an attack, the cloud architecture should include different
levels to protect against specific strikes like a Distributed Denial-of-Service (DDoS)
attack, as well as more general information attacks such as vulnerability scanning. Real-
time monitoring of potential internet threats and firewalls is also crucial in order to
isolate critical components and prevent access from an external network.
2. How are your products developed to enable security in the cloud?
Security parameters for each product should be established from the beginning to
guarantee that they are architected into the software design. Vendors should also
conduct routine testing to identify potential vulnerabilities and problem areas, as well as
code reviews that allow developers to collaborate on safe coding practices. In order to
verify that developers are kept up-to-date on these practices, confirm that the software
provider also conducts regular security training sessions to make sure that all security
policies are followed.
3. Will the cloud network be separated from the general corporate network?
Independent networks that exist autonomously from the general
corporate network provide additional security against data corruption. Solutions can also
be customized to better meet specific security and performance needs when they are
deployed separately from existing networks.
4. Will the network remain protected, even if users do not employ security best
practices?
Hoteliers cannot confirm that each user at every location is
running up-to-date anti-virus protection software and does not have a compromised
system. Therefore, the network should be designed on rigid protocols that enforce
security, even when employees do not.
5. What physical measures will be taken to protect the infrastructure?
If working with the same vendor to establish the data center, hospitality
companies should inquire how the data center will be physically protected. Will there be
registered guest restrictions, locked cage spaces or biometric safeguards? How will they
monitor, detect and alert necessary IT staff and decision-makers if there is a physical
intrusion?
Additionally, traffic within the network should never be broadcast using an antenna or
wireless transmitter. A virtual private network should be required to protect data from
interception by third parties.
6. What mandatory IT infrastructure requirements will be used to support
security?
Before selecting a vendor, make sure that their strategic IT
services include mandatory security requirements. These could include automated
logging of security events, continuous management of backups, and administration of
limited user-account permissions. Services must be built and administered in
compliance with the security standards required for global data centers in order to
enable the highest level of safety. Data should also be encrypted to ensure that the
information of hotel guests is protected from potential threats.
7. What operational practices will be utilized to support security?
The system should provide options for tiers of user access within the network,
allowing hotel staff to see only the information that is required to complete their daily
activities. Access should be structured to reflect specific team's roles and responsibilities
under the principle of least privilege. Additionally, the vendor should not allow hotel
users to tap into supporting operating systems or lower functions, but rather requests
should be managed in different network segments, and then sent to protected back-
end databases.
8. Does the vendor have staff dedicated exclusively to its cloud technology?
Check that the vendor has a specific group or business unit tasked with
the implementation and deployment of cloud technology. This confirms that those
working to build and launch the system have extensive experience with SaaS-based
implementations and are more likely to have received extensive training on cloud
security. Having a group dedicated to cloud technology also indicates that it is a priority
for the vendor, and that they will actively work behind the scenes to enable the security
of your data, as well as continue to develop system protection enhancements.
9. What monitoring processes will be implemented to track potential security
threats?
At the most basic level, the system should maintain centrally
managed passwords to protect administrative access points to the cloud network. The
technology should also alert network management staff to unsuccessful password
attempts and patterns that could potentially indicate a security breach. The system
should always have the ability to authenticate the server, which ensures that all user
sessions are authenticated.
Additionally, vendors should log and monitor security incidents to certify that the system
has not been compromised. By collaborating with hoteliers to investigate intrusion
attempts, vendors can become a critical ally in mitigating safety risks.
10. Is the system ISO-27001 compliant?
Vendors should
demonstrate compliance with this internationally recognized credential for a securely
designed information management system. This is often the first, and most concrete,
box to check when selecting a technology provider for your project. ISO-27001 is
designed to enable the security of financial assets, intellectual property, employee
details, and third-party information, which for hoteliers includes guest-related data.
11. Does the vendor conduct business everywhere that you do?
While cloud technologies have taken a lot of responsibility off of the plates of
hospitality IT executives, achieving the 'last mile' of property-level broadband
connectivity in a global enterprise has grown as a challenge that rivals those of local
sourcing of food and labor. Local ISP offerings should be vetted for reliability, speed
and security, and local data privacy and storage laws need to be researched and
accommodated. Your cloud provider should make this easier by offering a network with
multiple points of presence around the world, not only for shorter hops, but to allow
multiple options for the storage location of your data.
In spite of all these concerns, the hospitality industry's adoption of cloud technologies
has accelerated at a rapid clip in the past few years. The SaaS model is a great fit for
the industry's fragmented ownership structure, and generally allows a larger IT
investment than would have otherwise been the case. Today's growing array of options
allows hotel companies to tread carefully, without having to tread lightly.
Infor is a global leader in business cloud software specialized by industry. We develop complete solutions for our focus industries. Infor's mission-critical enterprise applications and services are designed to deliver sustainable operational advantages with security and faster time to value. Over 60,000 organizations in more than 175 countries rely on Infor's 17,000 employees to help achieve their business goals. As a Koch company, our financial strength, ownership structure, and long-term view empower us to foster enduring, mutually beneficial relationships with our customers. Visit www.infor.com.
