Security Technology Unlocked
By Derek Gale, Associate Editor -- HOTELS Magazine, 1/1/2006
|
Whether opening a new hotel or retrofitting an existing one, choosing a locking system can be confusing. Many factors can play into the decision—security, design, interaction with other systems, ability to be upgraded, etc. For chain hotels, the decision often is made simpler because of certain vendors being approved by the brand or existing relationships. “There’s no motivation to change once a large chain has selected particular vendor,” says Jim McGlynn of O’Neal/Gaj, a Dallas-based technology consulting firm. But for those starting from scratch, what makes one electronic locking system different from another? In a market that some say has become commoditized, product innovation and segment specialization are helping vendors distinguish themselves and helping executives make the right choice for their hotels.
For those concerned about the durability of door locks, Norcross, Georgia-based Onity recently announced that two of its electronic lock models have been certified as compliant with the Builders Hardware Manufacturers Association/American National Standard Institute A156.25 grade 1 standard for electrified locking devices. To achieve this certification, the locks had to endure a break-in test, testing for operational function, slam cycle, security strength, high-voltage shock, temperature extremes, corrosion, moisture, dust and salt spray, as well as a full battery of electrical function tests. “Over the past several years, electronic locks have come to be viewed as a commodity, and as a result, many products of questionable quality and durability have flooded the marketplace,” says Adam Yapkowitz, vice president of business development at Onity. “It is imperative to the future of our industry to provide a benchmark of quality that is set by a respected third party.” The certified Onity locks are the HT24 and HT28 models.
For those with design in mind, Moss, Norway-based VingCard offers its Signature Series locking solution. The company partnered with Philadelphia-based product design firm Bresslergroup to come up with a lock that takes ergonomics and hotel guest and staff use into consideration and has minimal hardware on the outside of the door. The Signature lock features two bezel styles and 18 handle styles in different finishes from a variety of designers. “The design of hotel door locks has been pretty much overlooked until now,” says Junior Patel, assistant project manager for Tarsadia Hotels, Newport Beach, California. “Everybody offers a standard looking lock. When I saw the Signature electronic lock, it really stood out.” Tarsadia is installing the product in six of its new hotels. Patel says he also likes that the lock’s technology is upgradeable to proximity keycard reading. This allows the lock to read the keycard without the actual insertion of the card. “Our customers expect the latest technology at our hotels, and we insist on providing it,” he says.
For large convention hotels or casino hotels with multiple check-in stations, Landskrona, Sweden-based Timelox features its DC-One locking system, which combines magnetic card and smart card technology and offers optional central control through infrared communication. The dual-card system, for example, allows hotels to use magnetic cards for regular guests and smart cards for VIP guests, loyalty program members and staff. The DC-One system has been installed by many casino hotels in Las Vegas, including the new Wynn Las Vegas.
If interoperability with existing hotel systems is a key concern, the Advanced Technology Lodging Access System (ATLAS), an ASP.Net system from Kaba Lodging Systems, Montreal, Canada, provides easy compatibility with other vendor systems using Web service technology, regardless of those systems’ location or the type of hardware, network or operating system used. “We are very happy with ATLAS, as it provides compatibility with our hotel’s other systems and integrates perfectly with our existing IT equipment,” says Leonard Rondeau, chief engineer, Radisson Hotel City Centre Indianapolis.
Finally, for high security without keys, Troy, Michigan-based SAFLOK now offers a wireless biometric electronic locking system that allows guests to use kiosks or wireless technology to bypass the front desk and move throughout the property without keycards. The system uses an image template of specific points on a fingerprint and applies them to an algorithm that produces a series of digits unique to that individual. At no time is an actual fingerprint stored in the system, and yet the biometric information can be stored and retrieved to use for comparison as proof of identification.
Virtual Security
Protecting customer data is as important
as protecting guests and physical assets.
For a litany of reasons, hotels need to be paying more attention to data security. With the rise in credit card fraud and identity theft and pending legislation governing data security and liability, action must be taken to protect sensitive information and ensure secure storage of such information. To do this, hoteliers first need to know what data reside in which systems. “The bottom line is that hotels should inventory their network and applications,” says Leo Boike, senior business analyst, Carlson Hotels Worldwide. “Hotels need to know what they have, what type of data they store, where they store it and what their vulnerabilities are. If the hotel, or their corporate office, does not have the technical knowledge needed to do a thorough review, they should consider hiring a third-party vendor to do a security audit.”
|
While it seems obvious that the largest amount of sensitive data resides in property management systems, there are plenty of other systems associated with various transactions performed in hotels that house customer information, notes Elizabeth Ivey, vice president & chief strategist, HVS Technology Strategies. These include spa systems, restaurant operational systems, sales and catering systems, financial management systems, concierge applications and any systems that support customer relationship management. Even e-mail software on employee PCs can contain an ample amount of customer data. And if a hotel backs up its data, sensitive information may be duplicated on backup tapes or remote servers, Boike notes.
What constitutes sensitive data? “Anytime address information resides with billing information and transaction data (specifically credit card transaction data), extreme caution must be taken to secure that data,” Ivey says. “Extra caution must also be taken to ensure that a customer’s personal data, gathered in an effort to serve them better, is not used carelessly. Even a record of a stay, evidence that a guest was present on a certain date, can be considered sensitive.”
With that in mind, where are the risks and vulnerabilities, and what steps can hotels and hotel companies take to secure sensitive data? Boike and Ivey agree that the first risk lies with employees. “For all employees who deal with confidential guest data, a background check should be performed before hiring,” Boike says. “In addition, these employees should be advised in the writing of the hotel’s privacy policy and their responsibilities in keeping this data private.” Along with background checks, Ivey recommends creating a culture of privacy and security among all employees. And both Ivey and Boike note that skilled and accountable administrators should issue individual network and application log-ons and passwords so that activity can be logged and monitored.
Another risk is the Internet. “Any application or network that has access to or from the Internet is potentially vulnerable,” Boike says. “[These] applications and networks should be reviewed and maintained to close any security vulnerabilities. Measures should be taken to protect systems against threats from outside the hotel environment.”
A final vulnerability lies with hotels’ business partners. “[Hotels] should audit any outside company or business partner that receives, stores, or processes confidential or highly restricted data on [their] behalf to ensure that they meet strict security standards,” Boike says. Ivey adds that in such circumstances, data handling policies and procedures should be explicit. “Too often, these things are thought to be understood without actually being contractual,” she says. “This leads to increased liability and risk for both parties.”
What makes all of these precautions so important? Consider the ramifications of an attack resulting in data theft. “If you do not properly secure the guests’ private data, log and monitor access to that data, and fix any leaks in security, you could be held liable if this data was accessed by unauthorized people,” Boike says. “Plus, the public relations to your hotel and any hotel chain with which you share your name would be affected.” Ivey is more blunt. “The media and litigators would have a field day,” she says, “even if the damage was relatively isolated.” Bottom line? The costs, both monetary and in terms of future business, would be much higher than a sensible investment in securing sensitive data.
View All Blogs
