What Keeps Hotel IT Up At Night? Mark G. Haley, ISHC, CHTP The Prism Partnership HAMA September 26, 2013 Orlando, FL

What Keeps Hotel IT People Up At Night? September 26, 20132

What Keeps Hotel IT People Up At Night? HSIA Data Security Cloud Computing September 26, 20133

High Speed Internet Access It Costs How Much? But we just spent $350,000 on HSIA three years ago! Why the treadmill? September 26, 20134

HSIA - Demand Demand for bandwidth continues to increase! No end in sight September 26, 20135

HSIA - Demand From a hotel company September 26, 20136

HSIA - Standards Standards changing, performance improving Evolution of the Wireless Standards – b >“a” > “g” > “n” – n is the current standard – Still many “g” devices out there – Generally, access points and client devices are backwards compatible Next: ac September 26, 20137

HSIA – ac What will ac do for guests? ac Drawbacks September 26, 20138

HSIA – ac When? Client Devices Follow September 26, 20139

HSIA - Implications “n” network now? – OK ! “g” network? – Satisfaction scores? – Invest in “n” Specify field-upgradeable to ac Ensure site survey to support greater WAP density September 26,

HSIA Elements of cost – Wireless Access Points (WAP) – Switches and cabling – WAP Controllers – Subscriber Management Server – Load Balancing/Bandwidth Aggregation Appliance – Intrusion Detection/Prevention Appliance – Bandwidth September 26,

HSIA – What’s Next? u ad (60Ghz) More bandwidth September 26,

HSIA - Takeaways Consumer demand will require continuous re-investment – Try to get on the wave of upgrades instead of under it – Anticipate buying more bandwidth every year Upgrade when you guest satisfaction scores tell you that you need to, not when a salesman tells you Continuous re-investment requires a revenue stream to support it – Find revenue in HSIA, resist the “Free HSIA” meme – Deliver an Internet experience worth charging for September 26,

DATA SECURITY ….What Keeps Hotel IT People Up At Night September 26, b

Data Security Fear, Uncertainty & Doubt September 26,

Data Security Hotels are targets But statistics are improving! – Why? September 26,

PCI Compliance – Self-regulation imposed by credit card brands – Establishes minimum standards for securing data and networks from breaches – Common-sense, but difficult to execute September 26,

PCI Compliance - Risks Costs of a Breach – Fines from issuing brands – Costs to address vulnerabilities – Costs of Level 1 audits in future – Lawsuits from card-issuing banks for card replacement costs – FTC/CFPB Lawsuits – Loss of customer trust and goodwill – Loss of business – Tarnished reputation September 26,

PCI Compliance - Players September 26, Key Players & Roles Standards “owned” by PCI Security Standards Council Enforcement reserved to the issuing brands

PCI Compliance - Responsibility Always the merchant Does that mean the owner is free of responsibility? September 26,

PCI Compliance - Implications If manager as merchant is responsible for compliance….. ….and they work for you…. Find out what they are doing! September 26,

PCI Compliance – Owner Questions Ask the manager and brand: – Who “owns” compliance in the company? – What budget assigned to PCI Compliance? – What aspects of operation are “in-scope” for PCI compliance? – Are all in-scope Payment Applications certified as compliant under PA-DSS? September 26,

PCI Compliance – Owner Questions Ask the manager and brand: – What self-attestations have been submitted to acquirers? – What self-attestations have been submitted to others? – What is their internal assessment of risk of a breach? – What processes in place to drive a culture of data security and privacy in the organization? September 26,

Data Security – Other Aspects PCI not the only risk in data security Hotel-Specific Data Security Credential Breaches Privacy Regulation Employee Data September 26,

CLOUD COMPUTING ….What Keeps Hotel IT People Up At Night September 26,

Cloud Computing What is it? – Complicated NIST definition: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. “ – Simply: Hosted elsewhere by someone you pay to do it well for you September 26,

Cloud Computing Complicated definition includes concepts of self-provisioning, multi-tenancy and on- demand scalability Basic hosting can be as simple as a rack you lease in a co-location facility September 26,

Cloud Computing Private Cloud: One company maintains the cloud for exclusively for their own use or their customers’ use Public Cloud: A service provider sells computing resources in their cloud to all comers September 26,

Cloud Computing - Benefits Benefits of Cloud Computing – No people required in hotel to maintain system – Higher level of resources available in hosting facility – Eliminate/reduce need for data synchronization between enterprise and property systems – Lower cost of operation* *usually September 26,

Cloud Computing - Benefits If a brand embraces the cloud… Reduced CapEx by owner Reduced OpEx by manager No work or risks for backups, upgrades, system maintenance, etc. PCI scope simplified September 26,

Cloud Computing - Risks Lack of control of data 100% dependence on Internet connection No control over updates, etc. Still need to manage interfaces locally Theoretical risk of compromise of network or cloud security Risk of one cloud tenant activity impacting another September 26,

September 26, Thank You!