what keeps hotel it up at night? mark g. haley, ishc, chtp the prism partnership hama september 26,...
TRANSCRIPT
What Keeps Hotel IT Up At Night?
Mark G. Haley, ISHC, CHTPThe Prism Partnership
HAMA September 26, 2013Orlando, FL
2
What Keeps Hotel IT People Up At Night?
September 26, 2013
3
What Keeps Hotel IT People Up At Night?
HSIAData
Security
CloudComputing
September 26, 2013
4
High Speed Internet Access
• It Costs How Much?
• But we just spent $350,000 on HSIA three years ago!
• Why the treadmill?
September 26, 2013
5
HSIA - Demand
• Demand for bandwidth continues to increase!
• No end in sight
September 26, 2013
6
HSIA - Demand
• From a hotel company
2009 2010 2011 2012 2013E0
100,000,000
200,000,000
300,000,000
400,000,000
500,000,000
600,000,000
Bandwidth Consumption (MB)
September 26, 2013
7
HSIA - Standards
• Standards changing, performance improving• Evolution of the 802.11 Wireless Standards– 802.11b >“a” > “g” > “n”– 802.11n is the current standard– Still many “g” devices out there– Generally, access points and client devices are backwards
compatible• Next: 802.11ac
September 26, 2013
8
HSIA – 802.11ac
• What will 802.11ac do for guests?
• 802.11ac DrawbacksSeptember 26, 2013
9
HSIA – 802.11ac
• When?
• Client Devices FollowSeptember 26, 2013
10
HSIA - Implications
• “n” network now?– OK !
• “g” network?– Satisfaction scores?– Invest in “n”• Specify field-upgradeable to ac• Ensure site survey to support greater WAP density
September 26, 2013
11
HSIA
• Elements of cost– Wireless Access Points (WAP)– Switches and cabling– WAP Controllers– Subscriber Management Server– Load Balancing/Bandwidth Aggregation Appliance– Intrusion Detection/Prevention Appliance– Bandwidth
September 26, 2013
12
HSIA – What’s Next?
• 802.11u
• 802.11ad (60Ghz)
• More bandwidth
• More bandwidthSeptember 26, 2013
13
HSIA - Takeaways
• Consumer demand will require continuous re-investment– Try to get on the wave of upgrades instead of under it– Anticipate buying more bandwidth every year
• Upgrade when you guest satisfaction scores tell you that you need to, not when a salesman tells you
• Continuous re-investment requires a revenue stream to support it– Find revenue in HSIA, resist the “Free HSIA” meme– Deliver an Internet experience worth charging for
September 26, 2013
14
DATA SECURITY….What Keeps Hotel IT People Up At Night
September 26, 2013
b
15
Data Security• Fear, Uncertainty & Doubt
September 26, 2013
16
Data Security
• Hotels are targets
• But statistics are improving!
– Why?
September 26, 2013
17
PCI Compliance
• PCI Compliance– Self-regulation imposed by credit card brands– Establishes minimum standards for securing data
and networks from breaches
– Common-sense, but difficult to execute
September 26, 2013
18
PCI Compliance - Risks
• Costs of a Breach– Fines from issuing brands– Costs to address vulnerabilities– Costs of Level 1 audits in future– Lawsuits from card-issuing
banks for card replacement costs
– FTC/CFPB Lawsuits– Loss of customer trust and
goodwill– Loss of business– Tarnished reputation
September 26, 2013
19
PCI Compliance - Players
September 26, 2013
• Key Players & Roles
• Standards “owned” by PCI Security Standards Council
• Enforcement reserved to the issuing brands
20
PCI Compliance - Responsibility
• Always the merchant
• Does that mean the owner is free of responsibility?
September 26, 2013
21
PCI Compliance - Implications
• If manager as merchant is responsible for compliance…..….and they work for you….
• Find out what they are doing!
September 26, 2013
22
PCI Compliance – Owner Questions
• Ask the manager and brand:– Who “owns” compliance in the company?– What budget assigned to PCI Compliance?– What aspects of operation are “in-scope” for PCI
compliance?– Are all in-scope Payment Applications certified as
compliant under PA-DSS?
September 26, 2013
23
PCI Compliance – Owner Questions
• Ask the manager and brand:– What self-attestations have been submitted to
acquirers?– What self-attestations have been submitted to
others? – What is their internal assessment of risk of a
breach?– What processes in place to drive a culture of data
security and privacy in the organization?September 26, 2013
24
Data Security – Other Aspects
• PCI not the only risk in data security
• Hotel-Specific Data Security
• Credential Breaches• Privacy Regulation• Employee DataSeptember 26, 2013
25
CLOUD COMPUTING….What Keeps Hotel IT People Up At Night
September 26, 2013
26
Cloud Computing
• What is it?– Complicated NIST definition:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. “
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
– Simply:• Hosted elsewhere by someone you pay to do it well for you
September 26, 2013
27
Cloud Computing
• Complicated definition includes concepts of self-provisioning, multi-tenancy and on-demand scalability
• Basic hosting can be as simple as a rack you lease in a co-location facility
September 26, 2013
28
Cloud Computing
• Private Cloud: One company maintains the cloud for exclusively for their own use or their customers’ use
• Public Cloud: A service provider sells computing resources in their cloud to all comers
September 26, 2013
29
Cloud Computing - Benefits
• Benefits of Cloud Computing– No people required in hotel to maintain system– Higher level of resources available in hosting
facility– Eliminate/reduce need for data synchronization
between enterprise and property systems– Lower cost of operation*
*usually
September 26, 2013
30
Cloud Computing - Benefits
• If a brand embraces the cloud…
• Reduced CapEx by owner• Reduced OpEx by manager• No work or risks for backups, upgrades,
system maintenance, etc.• PCI scope simplified
September 26, 2013
31
Cloud Computing - Risks
• Lack of control of data• 100% dependence on Internet connection• No control over updates, etc.• Still need to manage interfaces locally• Theoretical risk of compromise of network or
cloud security• Risk of one cloud tenant activity impacting
anotherSeptember 26, 2013
32September 26, 2013
Thank You!