The hospitality industry is adopting the cloud at an astonishing pace, and it’s no wonder: With its ability to connect seamlessly with guests, online travel agencies and property management systems, the cloud makes work simpler, boosts productivity and keeps clients happy. As clients’ lives become more mobile, they want their booking and hotel experiences to be as smooth as possible, too. As such, the cloud is quickly becoming the norm in the industry, and nearly half of all hotels are expected to upgrade to a cloud-based PMS within the next year.
But with any major technology change, even the benefits of cloud adoption brings myriad concerns, not least of which is security. Of course, after the Wyndham breach in 2008 that compromised more than 600,000 accounts and cost the hotel chain millions of dollars, hotels were on their guard, tightening security and strengthening firewalls wherever possible. The problem, though, is that all the breaches in recent memory, from Wyndham to Target to Sony, were the result of weak on-premise controls. It’s no longer sufficient—or smart—to focus on network-based security.
But over the last few years, just as the cloud has become increasingly desirable, those legacy network systems have become increasingly ineffective—especially when it comes to security. Data breaches reached an all-time high last year, and the hospitality industry was certainly a victim, with incidents at the Marriotts, Sheratons and other hotels.
Data breaches have become essentially inevitable—but that doesn’t mean hotels are helpless. Understanding risky behavior and thwarting it before it becomes a problem can help prevent a breach.
Here are several tips to protect hotels and guests’ valuable personal information:
Trust the cloud. Just as a data breach might be inevitable, so are company’s adoption of the cloud. It’s simply the way the world is moving, so it’s smart to switch over sooner rather than later. Not only does a cloud-based PMS boost guest satisfaction and make hotels run more smoothly, it also saves space and increases security.
Encrypt at the file-level. Encryption is the single most important safeguard to implement for the highest level of security—and it’s where the cloud will be the biggest ally. File-level encryption secures files before they ever reach the cloud, which means that they’ll remain encrypted anywhere they go, whether that’s a cloud storage business’s servers or synced to a mobile device. Many storage and sync solutions only guarantee encryption on the given cloud server, essentially undermining the mobility that the cloud makes possible.
Collaborate using shared folders. The days of the fax machine are long gone—or should be, at least. However, many hotels still insist on the antiquated technology, for credit card authorization, for instance. While it may be more secure than email because a fax can’t be intercepted in the ether, its security isn’t airtight either. After all, it’s easy for the wrong person on either end to pick up the fax or misplace it, exposing sensitive credit card numbers. But using an encrypted Dropbox folder, for example, is simple, swift, and painless. Guests or third parties can deposit encrypted information directly into a shared folder, or email the hotel an encrypted file. This type of security is airtight if the encryption on the folders is done on the file level.
Separate encrypted content from its keys. Not all encryption is equal, so it’s critical to read the fine print on encryption services to understand exactly what’s happening to content. One of the main things to watch for is key separation, which means that neither the encryption service nor the cloud provider can decrypt files. This allows for good security hygiene: If a cloud provider is hacked, it doesn’t have the decryption key, so a malicious actor still wouldn’t be able to access the encrypted data.
Stay ahead of the BYOD curve. “Bring your own device” (BYOD) culture is on the rise and more than 40% of American employees are using their personal smartphones, tablets or computers for work purposes. Fully, 83% of employees also prefer to use cloud apps over their on-premise equivalents, for the same reasons guests and clients do: They make things faster, simpler and better. Still, it’s difficult to maintain a grip on security if employees are using unauthorized cloud software—and hotels aren’t immune to the trend. A few years ago, Hyatt became aware of its employees using unauthorized mobile devices and took pains to adopt new strategies and policies; BYOD culture has only increased since then and so have security problems associated with it. Making sure to stay a step ahead of the game and securing existing cloud services in such a way that employees don’t have to change what they’re already doing can only prove to be a boon for businesses—and for hotel’s security. Finding a provider that retains encryption even when files are synced across devices is essential.
The bottom line is that the cloud is here to stay, but it’s not sufficient for the hospitality industry to embrace it blindly. Rather, implementing all necessary safeguards and doing homework to find the right kind of file-level encryption will go a long way to preventing data breaches, keeping company’s information secure and establishing loyalty among guests.
Contributed by Asaf Cidon, Sookasa, San Mateo, California