by
Lynn Goodendorf
Cybersecurity

Basic Operations of Computer Forensic Laboratories

Reliable intel is valuable in strategic planning because it puts us in a position to set priorities on defense measures. Verizon’s 2023 Data Breach Investigations Report, available at no cost, provides a wealth of information that has been thoroughly analyzed and concisely presented. It includes specific analysis for the accommodation and food services sector and a section devoted to small and medium businesses. This article describes highlights as they relate to hospitality.

2023 CIO Summit Review

by
Jeffrey Stephen Parker
CIO Summit Review
Share

This year, an outstanding group of hospitality IT leaders gathered to engage in discussions, enjoy each other's company, witness bats at sunset, and sink each other’s boats.

One of the highlight events was the scavenger hunt, making its third appearance at the CIO Summit.

Participants immersed themselves in Austin's history, exploring Texan landmarks, artwork, and shopping districts. The excursion also included a visit to a local brewery, where one enthusiastic attendee nearly dominated a beer trivia challenge.

Among the various themes explored during the summit, Artificial Intelligence (AI) took center stage. AI was a topic of fascination, concern, and exploration for both speakers and attendees alike. Full disclosure, I used ChatGPT to edit this article.

"TEST, TRAIN, IMPROVE, RINSE, REPEAT"

The summit kicked off with a focus on cybersecurity. Douglas Landoll, formerly associated with NATO and the US FBI, emphasized the importance of vigilance and readiness in the face of evolving cyber threats. Landoll highlighted that all organizations share a common threat landscape, emphasizing the need for comprehensive cybersecurity measures.

Landoll also stressed the significance of cybersecurity teams, citing the difficulty of finding, trusting, and adequately training cybersecurity professionals. He emphasized the importance of proper screening and nurturing a team's motivation and engagement, not solely relying on financial incentives. If your team is unhappy or unchallenged, money is a great motivator to change companies.

In organizations without a Chief Information Security Officer (CISO), the highest-ranking security professional assumes this crucial role. These individuals need the appropriate access, resources, and the ability to influence organizational risk posture. It's imperative that cyber professionals hold positions enabling them to be effective.

The role of a CISO involves guiding risk assessment and remediation efforts, addressing critical vulnerabilities first, and progressively tackling less critical issues over time and budget. Correcting small stuff should not be overlooked, as small changes can have a substantial impact on overall security.

Effective cybersecurity starts with clear policies and precise terminology. Consistency in terms is vital, not only within policies but also across contracts, insurance documents, and legislation. Cybersecurity provisions should be embedded in contracts involving data or network interactions.

In the event of a cybersecurity incident, detailed and well-structured response plans are essential. Preparedness is key, and post-incident analysis helps refine response strategies. Breaches should be expected, and it's the response that defines the success of an organization's cybersecurity efforts.

The mantra of "Test, Train, Improve, Rinse, Repeat" encapsulates the continuous improvement cycle in cybersecurity.

Impact of Artificial Intelligence on Hospitality

David Chestler, president of PROVision Partners, led one of the summit's AI sessions titled "The Rise of The Machines: Im- pact Of Artificial Intelligence on Hospitality." He highlighted that AI, despite its

65-year history, has gained prominence recently, driven by societal demand and technological advancements.

Chestler questioned the fear of AI ingrained through media portrayals. Hospitality has long embraced AI, from revenue management to Smart Chat Bots. AI's future promises even more remarkable advancements in content creation, guest engagement, and operational optimization. This technology allows teams to delegate routine tasks to machines, fostering creativity, and enriching guest experiences.

AI adoption is on the rise, as demonstrated by a Honeywell study of 1,000 retailers. Challenges, including budget con- straints, demonstrating business value, and a lack of internal expertise, exist but can be mitigated with the right approach.

David points that the Honeywell study found:

  • 38% of those surveyed are using these technologies for select use cases or regions
  • 35% are using them on a larger scale
  • 24% are in a pilot phase or in discussions
  • Only 3% said they weren’t using these technologies at all

​But it also found these challenges to implementing AI:

  • Budget restrictions (39%)
  • Difficulty in demonstrating business value (29%)
  • Lack of internal expertise to maintain the technology (21%)

Many companies are ‘dipping their toes’ where Chestler feels that they should be going for a swim. He recommends a Full Stack commitment to AI, not just in the technology side, but in the human side. AI is a great tool in the hands of a great team.

There is an incremental (exponential?) cost to being a slow adopter, it is going to cost more to jump on the AI train in a year, and even more in two years. Companies that are taking action now are already seeing a strong ROI through Revenue Growth (50% greater) and improved customer experience. Where will your company be when your competitors are already capturing your guests through AI?

Human resources and customer experience lead AI projects, but IT security and production are close. Unfortunately, legal risk is well behind, and we need that gap to close.

15 KEYS TO AN EFFECTIVE AI STRATEGY

  1. Identify Business Goals and Challenges
  2. Conduct a Comprehensive Assessment
  3. Assemble a Cross-Functional Team
  4. Define Use Cases
  5. Prioritize and Start Small
  6. Choose the Right AI Tools and Partners
  7. Data Privacy and Security
  8. Governance and Controls
  9. Pilot and Iterate
  10. Foster a Culture of AI Adoption
  11. Measure and Track Results
  12. Scale Gradually
  13. Understand costs
  14. Long term implementation plans
  15. People First


Look for successes that are cross functional, this is where we will see the big- gest impact, the most suc- cess; and trigger the best long-term adoption. In a quote attributed to many, but most recently Mr. Mike Blake, AHLA\HTNG: “Dream Big, Start Small, Scale Fast.”

Chestler closed by reminding us that AI won’t take your job. SOMEONE using AI will take your job.

Day one was followed by an ice breaker showcasing some artistic talent, an excellent meal, and everyone regaling in their favorite concert.

AI @ WORK: WHAT EVERY CIO IN HOSPITALITY MUST KNOW ABOUT LEGAL RISKS

Erin Snodgrass, of Foster Garvey, kicked off our legal session with a thought-provoking question about AI adoption in our companies. The trick here is that the answer is always YES. If you answered no, it simply means you aren’t aware of it yet. Brace yourselves; next year, everyone will be saying yes!

In her presentation titled "AI @ Work: What Every CIO in Hospitality Must Know About Legal Risks," Erin generously offered us FREE LEGAL ADVICE! She delved into the world of Generative AI (GAI) and highlighted the challenges it presents. People tend to place trust in results generated from incomplete data sets, which can lead to some amusing confusions—like mistaking elevators for escalators. To get the best results from GAI, mastering the art of crafting accurate prompts is crucial. However, GAI's performance is only as good as the data it's been trained on. This raises questions about its accuracy and the reliability of the underlying data (keep in mind that Free ChatGPT ceased learning in 2021). Moreover, Snodgrass emphasized the importance of guarding against bias in AI. When we feed biasedinformation to AI, it tends to perpetuate that bias.

Our teams are undoubtedly embracing GAI tools, primarily in engineering, marketing, and human resources. However, they are also working with data that may or may not be something that our companies want shared in the wild.

Several players are active in this space, but Snodgrass specifically highlighted Open AI (ChatGPT), Hugging Face, Microsoft, Google Bard AI, and LLaMA by Meta. She also mentioned that companies like Expedia and Ho- telPlanner are harnessing AI to assist travelers in planning their trips.

AI, like any new technology, comes with inherent risks, including concerns related to security, privacy, and control over intellectual and proprietary information. Much of the data processed by AI systems may fall under regional, national, or international regulations. Transparency is a critical aspect for regulators, but Generative AI often operates as a ‘black box’ once the prompt is set in motion.

Snodgrass outlined a series of important questions to consider when dealing with AI:

  • Where does the information used by AI come from, and what is its source?
  • Are users at risk of importing viruses or malicious links through AI-generated results?
  • Who owns the content created by GAI?
  • How should we handle situations where GAI produces content that includes intellectual property from someone else's input?
  • Can we provide assurances that infringement isn’t occurring through the use of AI?
  • Is there a possibility of being indemnified if AI-generated content infringes on copyrights or other rights?
  • How can we safeguard our data, protect our guests, and secure our teams when dealing with AI?

Snodgrass highlighted a noteworthy legal precedent in the 9th Circuit Court. The court ruled that materials created by AI aren’t eligible for copyright protection, citing the case of Naruto v. Slater, where PETA sought to copyright art created by a monkey. The court's decision essentially stated that the "Monkey does not have Stand- ing," which in this context implies that AI can’t claim copyright protection. This means that the output of AI- generated content can’t be copyrighted. However, there are ongoing legal cases where content owners challenge AI-generated creations involving their proprietary or intellectual property.

Her insights reinforced the earlier remarks made by Landoll and Chestler regarding the importance of col- laborating with leadership to formulate a comprehensive strategy, establish appropriate contractual agreements and policies, and continuously train our teams.

THE AGE OF DIGITAL DISRUPTION AND THE ECONOMICS OF HOTELS

Cindy Estis Green, CEO and Co-Founder of Kalibri Labs, delivered an enlightening presentation on "The Age of Digital Disruption and the Eco- nomics of Hotels." She kicked off by emphasizing the pervasive nature of digital disruption, citing various examples:

  • The streaming revolution is causing challenges for Hollywood artists and writers due to AI-generated content and actor replicas.
  • Amazon's increasing interest in the $700 billion grocery market.
  • Spotify's challenge to Apple's iTunes dominance.
  • Author Brandon Sanderson raising $34 million through Kickstarter for four undisclosed books.


One notable development is bipartisan support within the U.S. Federal Government to regulate the growth of tech monopolies.

Estis Green went on to illustrate the shift in the travel industry, re- ferred to as the "Changing of the Gate Keepers." While Global Distribu- tion Systems (GDS) once held sway, market power and technological advancements have empowered Online Travel Agencies (OTA), Travel Management Companies (TMC), and Metasearch platforms to democ- ratize travel data. She predicts that major players in search, content, and e-commerce will increasingly assert control. Notably, tech giants like Amazon ($1.4T), Apple ($2.9T), Google ($1.6T), and Facebook ($770B) dwarf the market value of traditional hotel brands such as Mar- riott ($60B), IHG ($12.9B), Hilton ($39B), Booking ($116B), and Ex- pedia ($15.5B). The financial resources of these tech giants far surpass those of traditional hotel brands and OTAs, making them formidable competitors.

Digital disruption carries substantial costs for hotels. Each stage of the guest journey, from search and booking to arrival, incurs its own expenses. Hotels now face competition from vacation rental platforms like VRBO and Airbnb, while services like Uber and DoorDash are re- placing traditional room service and restaurant revenues. Additionally, using payment networks like Google Pay and Apple Pay comes at a cost.

Disruptors often possess more comprehensive guest information than hotels. Lyft knows a traveler's origin and destination, Google and Apple have location data, and platforms like Toast and Square understand spe- cific preferences. This raises a challenge for hotels in competing with rivals who have access to richer data than hotel loyalty programs.

Estis Green’s proposed solution is for hotel apps to take control of the entire guest journey. Hotel brands have made substantial investments in their apps to en- hance the shopping and booking experience, and now they are expanding to cover other aspects of the jour- ney, including mobile check-in, room selection, up- grades, mobile key access, reserving amenities, earning and using loyalty points, curating local attractions, and enabling mobile check-out.

She also highlights the emerging threat from credit card brands such as American Express and Capital One. These companies possess deep insights into consumer spending habits and can offer incentives like airport lounge access, bonus points, and price protections that hotels can’t match. Capital One, for instance, is investing in companies like Hopper, which acts as both an OTA and an offer cloud, making them more competitive in the travel market.

Furthermore, tech giants like Google and Facebook are intensifying their efforts to dominate the customer experience through enhanced advertising, messaging, partnerships with influencers, and augmented and vir- tual reality experiences. Social media, particularly Tik- Tok, is enabling people to become travel influencers, with a growing number of users booking trips based on platform content and people they follow. This will democratize distribution, with hotels being able to adapt to new technology and compensate many, rather than afew.

Despite these challenges, hotels can take steps to regain control. They can offer exclusive app-only pro- motions, provide a personalized guest experience, and ensure advantages like guaranteed connecting rooms, early check-ins, late check-outs, specific room pref- erences, and views. Hotels can also combat external competition by blocking rewards for reservations made outside their channels and reducing commissions on certain rates or channels.

However, it remains an uphill battle as various ex- ternal entities are vying for the guest's attention and business.

Hotels can take steps to regain control – offer exclusive app-only promotions, personalized guest experiences and guarantee perks.

IS IT IMPORTANT?

After Cindy scared us all with her ‘fear mongering’ (her word, I swear), Brennan Gildersleeve and Michael Moros from Sage Hospitality lighten things up with some audience participation. Gildersleeve is VP of Property Systems for Sage, and Moros is the general manager at the host hotel, the Van Zandt.

In a speed round, Gilder sleeve asked the audience if a topic was important or if they had ‘other fish to fry’.

Results:

  • Fast and Reliable Wi-Fi\HSIA — audience and Moros all voted it as important.
  • Strong Cell phone signal — audience was split, but Moros felt it was critical.
  • 65” TV in room — only Matt Schwartz, and maybe two others, felt it was important
  • Streaming content on the TV — all felt it was important. But, this question sparked another discussion. With the increasing costs of content in the room, do hotels still need to provide content if the guest are bringing their own? Mixed results, but most felt only live sports and news were important.
  • Do premium channels matter? All felt they do not.
  • Does kiosk matter? Yes, from everyone.
  • Does mobile key matter? The room was undecided, but guests aren’t using mobile key so it is difficult for Moros to justify the cost or support overhead.
  • Is the ability to charge room for F&B important? Yes from everyone, particularly for business travelers, they want one folio.
  • Text messaging for guests? Yes from everyone. Moros pointed out that the Van Zandt uses text to drive revenue, offering special rates for guests to stay Sunday nights for a reduced rate. This was a two-part success, driving revenue and balancing the housekeeping team, as there aren’t enough on the team to clean all the rooms on a Sunday. Moros also pointed to the importance of leveraging SMS to recover service during the stay, rather than a bad review later.
  • Is electronic tipping important for housekeeping? Mixed from everyone, Moros is still undecided.
  • Modern device charging (wireless, USB C) in a room? Split audience, but Moros feels it is important. Several brought up that the problem is the chargers go bad or get lost quicker then the expected life of the furniture, and that as protocols change to faster more energy thirsty devices, the tech in the room becomes obsolete too quickly to make sense.
  • Delivery robots? To the chagrin of our friends at LG that provided robots, all felt they weren’t necessary.
  • NFT Art in your Lobby (a throwback to last year in Hollywood)? Nope, no one saw or felt any value.

IN THE TRENCHES WITH CONSULTANTS

After trying to build and float (sink) boats as a team activity, things got a little heated with the Consultants’ panel. (someone turned up the heat in the room).

Jady West led a remarkable panel discussion featuring esteemed leaders: Page Petry (PDPetry Consulting), Mark Haley (Prism Hospitality Consulting), and Jeremy Rock (RockIT Group). These individuals collectively brought a wealth of knowledge and experience to our industry. Petry’s 33-year tenure at Marriott, Haley’s 15-year association with Sheraton, and Rock’s leadership since 1999 showcased their extensive expertise. Each panelist shared a compelling story of their journey into consulting, whether it was a desire to avoid relocation, a passion for advising on innovative market solutions, or filling what they perceived as a gap in resources for hotel groups.

Consultants serve a variety of purposes, including staff augmentation, short-term or project-specific expertise, bolstering bench strength, addressing knowledge gaps, and handling functions not available in-house. However, Haley emphasized the importance of not using consultants as replacements for employees.

The panel discussed some challenges associated with engaging consultants, including concerns about costs, aligning expectations, and misunderstanding the role a consultant plays. Rock particularly disliked the term "consultant" due to its negative connotations and believed that the ideal fit was for them to be considered part of a team rather than an adjunct.

While all three panelists primarily focused on hospitality and related consulting (with apologies to Rock), they acknowledged the potential value in bringing in resources specializing in other sectors like procurement and logistics.

The impact of interest rates on construction ROIs was a significant topic of discussion, with rising rates turning once-profitable investments into questionable ones. Many projects had to be delayed or scaled back due to these increased costs, making it challenging to justify investments in technology with substantial upfront expenses that weren't initially budgeted for lower room counts.

Designing under these new capital constraints poses challenges, as companies are starting to cut corners on essential elements like technology infrastructure, potentially leading to future problems.

Petry pointed out that the ongoing pandemic (yes, we are still talking about this in 2023) offered a fresh start for some. She urged the audience to reevaluate their supply chains, review IT spend, and seek innovative solutions to resolve IT budget conflicts.

Trust emerged as a central theme in the relationship with consultants, although there was some debate about where that trust should be placed. Questions arose about consultant-vendor relationships and concerns about potential favoritism. While some assumed that consultants had preferences for specific vendors, the panel emphasized the importance of being as vendor-agnostic as possible. Transparency was deemed vital in building trust, and some felt that disclosed compensation arrangements between consultants and vendors could help offset operator costs.

Looking ahead to 2024 and beyond, the panelists identified several challenges:

  • Anticipated Capex pullback due to the cost of debt.
  • The allure of robots in the industry but the necessity of understanding the complexities involved in deploying them.
  • The increasing importance of reliable cell phone coverage in hotels, which can be a complex issue to address in many buildings.
  • Hotel rates outpacing guest expectations, requiring the development of teams capable of delivering on the promise of higher ADR.


In summary, when engaging a consultant, the key is to find the right fit for your specific needs. Some specialize in infrastructure or construction, others in systems and software, and still others in enhancing the guest and end-user experience. Our gratitude to Jady, Page, Mark, and Jeremy for their invaluable insights.

THE ANNUAL CIO ROUNDTABLE

The last session on Friday is a crowd favorite – the CIO Roundtable (even though there were no actual tables in the room). Matt Schwartz, CIO of Sage Hospitality, once again led the discussion this year.

Schwartz kicked things off with some 'easy' questions about the conferences attendees had on their radar. The majority of the group expressed their plans to attend both HITEC and the AHLA Hospitality Show. A few hands went up for other conferences like MURTEC, and some mentioned attending events outside the industry.

Education emerged as a significant topic, and the consensus was that ongoing education through certifications, in-person classes, and online courses remained a crucial part of their plans for employee retention and upskilling.

Shadow IT became a lively topic of discussion, as Schwartz stood as a 'wall' of innovation standing against the 'tide' of controls, legal reviews, and cost constraints. While many agreed that shadow IT should be discouraged, they admitted that it often came to their attention only when expenses were involved. Free services, especially browser-based solutions, sometimes slipped through the controls.

Leaders mostly concurred that external vendors presented security risks, emphasizing the need for proper vetting and legal/contract review for any solution involving PII, PCI, or fiduciary information. As one participant noted, "A $100 software could result in a $100 million exposure." Many felt that users turned to shadow IT because they were unaware of the solutions offered within the organization. Educating end-users could be the key to addressing many shadow IT issues.

Eric Brunnett from Trump Hospitality injected humor by sharing his unique challenges, including the omnipresence of people with 'ear-pieces' everywhere. Few of us have had to manage IT software with the Secret Service in the mix.

PCI 4.0 sparked divided opinions within the group. While not many were actively pursuing it, they were opting for VP2PE solutions wherever possible. The focus was on shifting risk away from themselves, often leaving the merchant responsible for both compliance and costs.

However, some participants stressed the importance of understanding PCI 4.0 to enable secure payment processing and to leverage it as a catalyst for other security enhancements and investments.

The discussion then turned to the relevance of USALI (Uniform System of Accounts for the Lodging Industry). Approximately 30% of the group saw its importance, but a significant portion had different priorities. Some believed standardization was essential for benchmarking IT expenses across organizations, while others found USALI bundled too many disparate costs, making it challenging to analyze bundled expenses.

The challenge of attracting and retaining talent was a recurring theme, and several strategies were shared:

  • Invest in your people.
  • Prioritize training and development.
  • Foster a positive organizational culture to retain top talent.
  • Offer opportunities for personal and career growth.
  • Eliminate menial tasks to allow staff to focus on more meaningful work.

Lastly, the group discussed their perspectives on AI, such as ChatGPT. When Schwartz asked ChatGPT about the top five things a CIO should focus on, the response emphasized:

  1. Business Intelligence and Data Analytics.
  2. Cybersecurity.
  3. Personalization.
  4. IoT (Internet of Things).
  5. Guest Experiences.

Interestingly, AI wasn’t in the top priorities. The consensus was to concentrate on evaluating AI's potential while addressing concerns related to exposure and shadow IT. Most were in the early stages of exploring generative AI solutions, focusing on understanding how to use them effectively.

Governance emerged as a key consideration, with discussions centered on building policies and frameworks for implementing generative AI, determining when and how to use it, and exploring its vast untapped potential.

Thank you to Rich, Geneva and the HU Team for another great week!

Thank you to our 2023 CIO Summit sponsors who helped to make this event a success. Premier Sponsor: Cox Business Sponsors: Agilysys, Cloud5, Edge, Enseo, Infor, Nomadix, POST Integrations and Sertifi. Our Transportation Sponsors: Canary and Venza.

This is some text inside of a div block.

ARTICLES BY THE SAME AUTHOR

Discover Return On Experience

Three ecosystems — Hospitality & Leisure, Food & Beverage, and Inventory & Procurement — operate independently and together depending on your needs.

DOWNLOAD

Let's Get Digital

7 Questions to Ask Before You Invest in a Hotel Mobile App

DOWNLOAD

Let's Get Digital

With high rates of mobile device users and high expectations to digitally connect, what should your hotel app do? Besides providing a great digital guest experience, your hotel mobile app should be a reflection of your property and should give your guest the digital access they need to experience your property to the fullest.

DOWNLOAD

Return on Experience solutions delight guests, retain staff & grow margins

Agilysys’ Cloud platform, solely engineered for hospitality, delivers Return On Experience (ROE) across every hospitality touchpoint. That means more repeat stays, greater spend, stronger reviews, a more empowered staff and a healthier bottom line.

DOWNLOAD