Mr. Ellis

Revenue Management

Cloud Best Practices

11 Strategic Questions for Hoteliers Considering Moving to the Cloud

By Bernard Ellis, Vice President of Industry Strategy, Infor Hospitality

The benefits for hoteliers of moving business applications to the cloud are numerous. Initial costs are lower because there is no need to purchase additional hardware or expand IT headcount. Systems can be deployed faster, changes can be easily made as business needs expand over time, and the long-term return on investment is higher because the technology vendor will handle potentially costly system upgrades and enhancements. Disaster recovery of data is also easier, as information is backed up in the cloud rather than on physical servers.

Additionally, selecting a solution that delivers the same robust, hospitality-specific functionality as an on premise system supports globalization for hotels, resorts and casinos. With access via the cloud, users, partners and suppliers at locations across multiple continents can share real-time data on everything from guests to revenue. Information flows more freely and managing daily operations becomes easier as teams are able to connect from different properties and departments. This also enables better-informed decision making, as hotel managers have visibility into comprehensive data and an enterprise-wide view of how their organization is performing and operating.

Many information-critical industries, including pharmaceuticals and manufacturing, must weigh the potential pros and cons associated with moving to the cloud. But hoteliers are in a unique position because guest satisfaction, not the delivery of a physical product to market, is the top priority. Compromised guest data including contact and credit card information would mean a serious blow to revenue for a hotel chain or casino, as guests would no longer feel that their identities were safe while staying at the property. With more ways than ever for customers to voice feedback, including social media and online rating sites, news of a security breach would travel faster than ever before.

Because of the guest’s distinctive control over hoteliers’ success, it is even more important for companies to vet a vendor’s approach to cloud security before selecting a provider for their cloud technology. Hotels own and manage the data, but it is the technology vendor’s job to protect that data. Technology providers should instill confidence in customers that best-practice protocols and a thorough, continuous improvement approach will be utilized for any cloud-related projects.

However, many hoteliers are hesitant about moving to the cloud because with 24/7 guest interaction, a back-end system glitch could have negative implications on customer satisfaction. Compromising guest profiles or credit card information could be disastrous, making many hospitality companies uncertain about cloud deployment. In order to ensure security when utilizing SaaS-based business applications, hoteliers should focus on vendor selection and best practices for network safety. Selecting the right technology provider who employs these practices and is transparent on how and where data will be stored is critical in minimizing any risks associated with utilizing cloud technology.

Ensuring security in the cloud is a two part endeavor. Hoteliers must take steps internally to safely store and transfer data, but software vendors must also take measures to assess potential threats and implement effective security controls. A detailed look at the vendor’s security approach is essential to confirm that a company will be thorough and follow necessary protocols. Effective security also begins with development and the proper training of staff. It should include a multiple layer strategy, as well as physical and operational processes that support protection. Knowing what type of monitoring processes and infrastructure-related measures will be taken to minimize safety risks is essential to when running business applications in the cloud. Vendors are the direct source for each of these security measures. Hoteliers should view technology providers as a partner in facilitating data safety in the cloud, and as such should carefully examine answers to the questions above when moving to a SaaS-based system.

With security top of mind for cloud deployment, decision-makers should ask these questions before choosing a technology provider for their project.

1. How in-depth is your security strategy?

Make sure that the vendor employs an in-depth defense strategy and does not rely on a single security technique or device. Data assurance should be confirmed through a multiple layer approach with overlapping security controls.

To proactively defend against an attack, the cloud architecture should include different levels to protect against specific strikes like a Distributed Denial-of-Service (DDoS) attack, as well as more general information attacks such as vulnerability scanning. Real-time monitoring of potential internet threats and firewalls is also crucial in order to isolate critical components and prevent access from an external network.

2. How are your products developed to enable security in the cloud?

Security parameters for each product should be established from the beginning to guarantee that they are architected into the software design. Vendors should also conduct routine testing to identify potential vulnerabilities and problem areas, as well as code reviews that allow developers to collaborate on safe coding practices. In order to verify that developers are kept up-to-date on these practices, confirm that the software provider also conducts regular security training sessions to make sure that all security policies are followed.

3. Will the cloud network be separated from the general corporate network?

Independent networks that exist autonomously from the general corporate network provide additional security against data corruption. Solutions can also be customized to better meet specific security and performance needs when they are deployed separately from existing networks.

4. Will the network remain protected, even if users do not employ security best practices?

Hoteliers cannot confirm that each user at every location is running up-to-date anti-virus protection software and does not have a compromised system. Therefore, the network should be designed on rigid protocols that enforce security, even when employees do not.

5. What physical measures will be taken to protect the infrastructure?

If working with the same vendor to establish the data center, hospitality companies should inquire how the data center will be physically protected. Will there be registered guest restrictions, locked cage spaces or biometric safeguards? How will they monitor, detect and alert necessary IT staff and decision-makers if there is a physical intrusion?

Additionally, traffic within the network should never be broadcast using an antenna or wireless transmitter. A virtual private network should be required to protect data from interception by third parties.

6. What mandatory IT infrastructure requirements will be used to support security?

Before selecting a vendor, make sure that their strategic IT services include mandatory security requirements. These could include automated logging of security events, continuous management of backups, and administration of limited user-account permissions. Services must be built and administered in compliance with the security standards required for global data centers in order to enable the highest level of safety. Data should also be encrypted to ensure that the information of hotel guests is protected from potential threats.

7. What operational practices will be utilized to support security?

The system should provide options for tiers of user access within the network, allowing hotel staff to see only the information that is required to complete their daily activities. Access should be structured to reflect specific team’s roles and responsibilities under the principle of least privilege. Additionally, the vendor should not allow hotel users to tap into supporting operating systems or lower functions, but rather requests should be managed in different network segments, and then sent to protected back-end databases.

8. Does the vendor have staff dedicated exclusively to its cloud technology?

Check that the vendor has a specific group or business unit tasked with the implementation and deployment of cloud technology. This confirms that those working to build and launch the system have extensive experience with SaaS-based implementations and are more likely to have received extensive training on cloud security. Having a group dedicated to cloud technology also indicates that it is a priority for the vendor, and that they will actively work behind the scenes to enable the security of your data, as well as continue to develop system protection enhancements.

9. What monitoring processes will be implemented to track potential security threats?

At the most basic level, the system should maintain centrally managed passwords to protect administrative access points to the cloud network. The technology should also alert network management staff to unsuccessful password attempts and patterns that could potentially indicate a security breach. The system should always have the ability to authenticate the server, which ensures that all user sessions are authenticated.

Additionally, vendors should log and monitor security incidents to certify that the system has not been compromised. By collaborating with hoteliers to investigate intrusion attempts, vendors can become a critical ally in mitigating safety risks.

10. Is the system ISO-27001 compliant?

Vendors should demonstrate compliance with this internationally recognized credential for a securely designed information management system. This is often the first, and most concrete, box to check when selecting a technology provider for your project. ISO-27001 is designed to enable the security of financial assets, intellectual property, employee details, and third-party information, which for hoteliers includes guest-related data.

11. Does the vendor conduct business everywhere that you do?

While cloud technologies have taken a lot of responsibility off of the plates of hospitality IT executives, achieving the ‘last mile’ of property-level broadband connectivity in a global enterprise has grown as a challenge that rivals those of local sourcing of food and labor. Local ISP offerings should be vetted for reliability, speed and security, and local data privacy and storage laws need to be researched and accommodated. Your cloud provider should make this easier by offering a network with multiple points of presence around the world, not only for shorter hops, but to allow multiple options for the storage location of your data.

In spite of all these concerns, the hospitality industry’s adoption of cloud technologies has accelerated at a rapid clip in the past few years. The SaaS model is a great fit for the industry’s fragmented ownership structure, and generally allows a larger IT investment than would have otherwise been the case. Today’s growing array of options allows hotel companies to tread carefully, without having to tread lightly.

Bernard Ellis, Vice President of Industry Strategy is responsible for defining the go-to-market strategy of the entire Infor product suite for the hospitality industry vertical, including product positioning, messaging and partner relationships. Mr. Ellis also directly oversees product management of hospitality-specific solutions, and ensures the alignment of all hospitality sales, marketing and product management objectives. Prior to Infor, Mr. Ellis held executive positions with IDeaS, a SAS Company, SynXis, now part of Sabre Hospitality, and Micros-Fidelio. Mr. Ellis can be contacted at 202-232-3839 or bernard.ellis@infor.com Extended Bio...

HotelExecutive.com retains the copyright to the articles published in the Hotel Business Review. Articles cannot be republished without prior written consent by HotelExecutive.com.

Receive our daily newsletter with the latest breaking news and hotel management best practices.
Hotel Business Review on Facebook
RESOURCE CENTER - SEARCH ARCHIVES
General Search:

JULY: Hotel Spa: Branding Around the Concept of Wellness

Cecilia Hercik

Looking back at the anecdotes from history books, spas were exceedingly popular in the Roman, Greek and Egyptian eras. Ancient philosophies preach the importance of cleansing the mind, body and spirit through connecting with Mother Earth and the world’s energy, such as “Earthing,” which promotes direct contact with the earth's electron-rich surface. The premise of Earthing is that grounding the body to the earth's surface, most commonly done walking barefoot, stabilizes natural electrical rhythms and reduces disease-causing inflammation. The ancient Egyptians, Romans and Greeks not only practiced Earthing, but also enjoyed hot and cold water treatments, followed by aromatic massages with fragrant oils, and had herbalists and apothecaries. READ MORE

Michael Koethner

In the past few years, there has been an ever-growing, very subtle feeling of insecurity, instability, craziness up to some point of panic, when it comes to people’s daily life, personal growth and the overall economic growth. This feeling has forced humanity and societies to do things that have separated everyone and everything on a large scale with some very unpleasant outcomes. However, in the past 10 plus years this feeling has turned to the other side of the coin with an even deeper sense of urgency surfacing in each of us, to find out what this is all about, supported by a force that is seemingly coming from nowhere. This deep-seated feeling of unrest has been on the rise since the mid 40’s, and pushed aside ever since to avoid confrontation of a possible ugly truth, the truth that the life lived up until today was an illusion. READ MORE

Trent  Munday

Professor Gerard Bodeker has said that spas are the ‘organizational face of Wellness’. What he means by this is that spas provide a safe and understandable entry point into the diverse and often confusing world of Wellness. Much like a hospital is the organizational face of illness. Patients rarely know which medical specialist is the most appropriate for their specific condition. They trust that the hospital will direct them to right doctor. Spas, according to Bodeker, offer the same for Wellness. READ MORE

Maggy Dunphy

Spending time in nature is the best remedy to improve your quality and outlook on life. It also provides the simplest, most cost effective and innovative opportunities to have a positive impact on our overall well-being. Global Wellness Tourism is a $3.4 trillion business as reported by the 2013 Global Wellness Report. Dr. Deepak Chopra noted in a recent speech that, “Wellness is the number one trend in the world today.” And Ophelia Yeung, senior consultant, Center for Science, Technology & Economic Development, SRI, and one of the report’s lead researchers, argued that she only sees more growth ahead: “Prevention-challenged traditional healthcare systems, and an obesity and chronic disease crisis, are simply costing people and governments too much. READ MORE

Coming Up In The August Online Hotel Business Review




Feature Focus
Food and Beverage: Going Local
"Going local" is no longer a trend; it’s a colossal phenomenon that shows no sign of dissipating. There is a near obsession with slow, real, farm-to-table food that is organic, nutritious and locally sourced. In response, hotel chefs are creating menus that are customized to accommodate all the vegans, vegetarians, gluten-free, paleo, diabetics and other diet-conscious guests who are demanding healthy alternatives to traditional restaurant fare. In addition, there is a social component to this movement. In some cases, chefs are escorting guests to local markets to select fresh ingredients and then visit a local cooking school to prepare their purchases. Other hotels are getting guests involved in gardening activities, or exploring local farms, bakeries and the shops of other culinary artisans. Part of the appeal is in knowing the story behind the food - being personally aware of the source and integrity of the product, and how it was handled. In addition to this "locavore" movement, there are other food-related developments which are becoming popular with hotel guests. Small plate and tasting-only menus are proliferating around the country. Tasting-only special event menus offer numerous benefits including guaranteed revenue per customer, reservations usually made weeks in advance, and an exciting dining option for guests to experience. Bread and butter are also getting a makeover as chefs are replacing bread baskets with boards, and replacing butter with custom-flavored spreads. One dining establishment offers a veritable smorgasbord of exotic spreads including garlic mostarda, vanilla tapenade, rosemary hummus, salsa butter, porcini oil and tomato jam, to name just a few. The August issue of the Hotel Business Review will document some current trends and challenges in the food and beverage sector, and report on what various leading hotels are doing to enhance and expand this area of their business.