1 / 0

What Keeps Hotel IT Up At Night?

What Keeps Hotel IT Up At Night?. Mark G. Haley, ISHC, CHTP The Prism Partnership HAMA September 26, 2013 Orlando, FL. What Keeps Hotel IT People Up At Night?. What Keeps Hotel IT People Up At Night?. Data Security. HSIA. Cloud Computing. High Speed Internet Access.

javier
Download Presentation

What Keeps Hotel IT Up At Night?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What Keeps Hotel IT Up At Night?

    Mark G. Haley, ISHC, CHTP The Prism Partnership HAMA September 26, 2013Orlando, FL
  2. What Keeps Hotel IT People Up At Night?
  3. What Keeps Hotel IT People Up At Night? Data Security HSIA CloudComputing
  4. High Speed Internet Access It Costs How Much? But we just spent $350,000 on HSIA three years ago! Why the treadmill?
  5. HSIA - Demand Demand for bandwidth continues to increase! No end in sight
  6. HSIA - Demand From a hotel company
  7. HSIA - Standards Standards changing, performance improving Evolution of the 802.11 Wireless Standards 802.11b >“a” > “g” > “n” 802.11n is the current standard Still many “g” devices out there Generally, access points and client devices are backwards compatible Next: 802.11ac
  8. HSIA – 802.11ac What will 802.11ac do for guests? 802.11ac Drawbacks
  9. HSIA – 802.11ac When? Client Devices Follow
  10. HSIA - Implications “n” network now? OK ! “g” network? Satisfaction scores? Invest in “n” Specify field-upgradeable to ac Ensure site survey to support greater WAP density
  11. HSIA Elements of cost Wireless Access Points (WAP) Switches and cabling WAP Controllers Subscriber Management Server Load Balancing/Bandwidth Aggregation Appliance Intrusion Detection/Prevention Appliance Bandwidth
  12. HSIA – What’s Next? 802.11u 802.11ad (60Ghz) More bandwidth More bandwidth
  13. HSIA - Takeaways Consumer demand will require continuous re-investment Try to get on the wave of upgrades instead of under it Anticipate buying more bandwidth every year Upgrade when you guest satisfaction scores tell you that you need to, not when a salesman tells you Continuous re-investment requires a revenue stream to support it Find revenue in HSIA, resist the “Free HSIA” meme Deliver an Internet experience worth charging for
  14. b ….What Keeps Hotel IT People Up At Night Data security
  15. Data Security Fear, Uncertainty & Doubt
  16. Data Security Hotels are targets But statistics are improving! Why?
  17. PCI Compliance PCI Compliance Self-regulation imposed by credit card brands Establishes minimum standards for securing data and networks from breaches Common-sense, but difficult to execute
  18. PCI Compliance - Risks Costs of a Breach Fines from issuing brands Costs to address vulnerabilities Costs of Level 1 audits in future Lawsuits from card-issuing banks for card replacement costs FTC/CFPB Lawsuits Loss of customer trust and goodwill Loss of business Tarnished reputation
  19. PCI Compliance - Players Key Players & Roles Standards “owned” by PCI Security Standards Council Enforcement reserved to the issuing brands
  20. PCI Compliance - Responsibility Always the merchant Does that mean the owner is free of responsibility?
  21. PCI Compliance - Implications If manager as merchant is responsible for compliance…..….and they work for you…. Find out what they are doing!
  22. PCI Compliance – Owner Questions Ask the manager and brand: Who “owns” compliance in the company? What budget assigned to PCI Compliance? What aspects of operation are “in-scope” for PCI compliance? Are all in-scope Payment Applications certified as compliant under PA-DSS?
  23. PCI Compliance – Owner Questions Ask the manager and brand: What self-attestations have been submitted to acquirers? What self-attestations have been submitted to others? What is their internal assessment of risk of a breach? What processes in place to drive a culture of data security and privacy in the organization?
  24. Data Security – Other Aspects PCI not the only risk in data security Hotel-Specific Data Security Credential Breaches Privacy Regulation Employee Data
  25. ….What Keeps Hotel IT People Up At Night Cloud computing
  26. Cloud Computing What is it? Complicated NIST definition:“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. “http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf Simply: Hosted elsewhere by someone you pay to do it well for you
  27. Cloud Computing Complicated definition includes concepts of self-provisioning, multi-tenancy and on-demand scalability Basic hosting can be as simple as a rack you lease in a co-location facility
  28. Cloud Computing Private Cloud: One company maintains the cloud for exclusively for their own use or their customers’ use Public Cloud: A service provider sells computing resources in their cloud to all comers
  29. Cloud Computing - Benefits Benefits of Cloud Computing No people required in hotel to maintain system Higher level of resources available in hosting facility Eliminate/reduce need for data synchronization between enterprise and property systems Lower cost of operation**usually
  30. Cloud Computing - Benefits If a brand embraces the cloud… Reduced CapEx by owner Reduced OpEx by manager No work or risks for backups, upgrades, system maintenance, etc. PCI scope simplified
  31. Cloud Computing - Risks Lack of control of data 100% dependence on Internet connection No control over updates, etc. Still need to manage interfaces locally Theoretical risk of compromise of network or cloud security Risk of one cloud tenant activity impacting another
  32. Thank You!
More Related