Tech Talk

Recent posts

With Guests Checking Back In, Hoteliers Look to Take Next Step With New Tech
Posted: 03/07/2023

Business travel is picking back up and families may be taking their first or second real vacations since the pandemic cancelled so many plans just a few years ago. To ensure that guests have the best on-site experience possible, hoteliers are increasingly looking to new technologies to make their stay more comfortable than ever. With an advanced property management systems (PMS) and integration platforms, hoteliers can increase operational and staff efficiency, but also meet changing guest expectations for a high-value but relatively low-touch experience. We looked ahead to see what changes we expect to see sweeping the hospitality industry this year.

Long-term readers of this blog know that I rarely focus on a single company or product. My goal is to help readers understand new and emerging technologies, when and why they might be useful, and what to consider if you are buying them.

Read More +

The Future of Hotels
Posted: 02/21/2023

Hotels have always been a high-touch low-tech business. Today, and into the foreseeable future, hotels are moving away from the pure ‘people serving people’ model towards a more high-tech low-touch business, and doubling down on digitalization. In the paragraphs below, I envision ways in which tech can innovate and enhance the guest experience throughout the guests’ 6 stage hotel journey: Imagine-Book-Stay-Report-Recommend-Return.

Read More +

Definitely Doug 2/10/23: Planning for June
Posted: 02/10/2023

The question I have heard most often in recent months is “where are you going in the last week of June?”. As most readers are aware, two trade shows featuring hotel technology are scheduled during the same dates that week. Many of you are still undecided which to attend. Knowing that your decision will be based at least in part on where others are going (hoteliers and exhibitors both), I decided to try to get some real data that I could share.

The Shiji Distribution Solutions team provided the research on available partners, vendors, and technology, however, for obvious reasons, the chart doesn’t contain every single solution and partner available.

Read More +

comment on this article

Who is Responsible for Securing Your IoT Devices? (Hint: It’s Not Just Device Manufacturers)

06/07/2018

by Dean Coclin

Consumers are growing more comfortable using smart devices at home and while traveling. Asking their Amazon Alexa, Apple Siri and other AI-enabled products to do everything from opening the front door, to turning on/off lights and playing music has become almost second-nature. There are even smart kitchen appliances that you can order to start making dinner while you’re on your way home. That means that offering similar experiences is becoming table stakes for the hospitality industry. However, realize that the more Internet of Things (IoT) devices you connect to your network, the more possible access points to your IT systems and data stores you open for cyber attackers. The onus is on you to harden your security posture, because for now at least, security is typically an afterthought among the device manufacturers.

That may sound ominous, and the risk is real. But I do not want to discourage you from deploying smart devices to create memorable guest experiences and improve customer service levels. In fact, if you haven’t started doing so, you are falling behind.

AccorHotels recently announced a smart room concept that leverages voice activation and IoT to transform the in-room guest experience. Features include a connected tablet guests use to adjust the room's lights, close/open the curtains, control all audiovisual equipment and even tilt the headboard. Similarly, some guests at Wynn Las Vegas can ask Amazon Alexa to control lights, room temperature, drapery and the television, and the hotel plans to add additional capabilities. Marriott is testing out voice-controlled systems in a number of its properties to serve guests who are more likely to search their smartphones for nearby restaurants instead of calling the concierge.

All smart devices, no matter what their functions, must connect to the Internet. That increases the risk of a data breach exponentially. To make matters worse, most were built without basic security principles in mind like device authentication, the ability to change default passwords, secure update methods and basic firewalls. Security is an afterthought, not a necessity, and that opens the virtual door to cybercriminals who are always looking for entry ways into the network.

Consider the findings of a recent survey by the Ponemon Institute and Shared Assessments Program. The resulting report entitled “The Internet of Things (IoT): A New Era of Third Party Risk” is not specific to the hospitality industry, but it does raise several red flags:

97 percent of respondents believe they will suffer a catastrophic IoT-related event within the next two years. 81 percent of respondents believe a data breach due to unsecured IoT devices is “likely.”

The report lists a number of reasons for this pessimism: the increase of IoT devices in the average workplace (nearly 25,000, up about 10,000 devices from last year); unsecure applications on IoT devices; and concerns over third-party contracts and control over the devices. And while the study found “some advances in third-party risk focused on IoT devices and applications from 2017, risk management in this area is still at a relatively low level of maturity.”

These findings should prompt you to ask two questions: Who would take advantage of such weaknesses in my network, and what damage could they cause? The answer to the former is anyone with motive and opportunity. Perhaps a disgruntled guest who happens to be a hacker. Or maybe a terminated employee with some computer skills. And the list of attacks is almost as broad.

The hacker can install “ransomware” like the WannaCry attack that crippled enterprise IT systems worldwide last year to lock out legitimate users until you pay a ransom. They can compromise the devices by installing firmware that turns them into remote-controlled bots. Then they can create a network of these compromised devices to create a “botnet” and launch a Distributed Denial of Service (DDOS) attack on an external target, or targets, like the 2016 Murai attack that took down several companies and educational institutions.

Your challenge is offering guests amazing experiences from IoT devices while maintaining your strong security posture. IoT devices create an expanded attack surface for the hospitality industry, which most properties are either unaware of or unprepared for. So, let’s examine what steps you can take immediately to ensure the safety and security of your IT systems, employees and customers.

Follow basic security protocols, like changing default passwords, and making sure to regularly update the firmware/software on all devices. You have (or should have!) these policies in place for any PCs, laptops and employees’ smartphones that connect to your network, and the same applies to IoT devices. Create and maintain an up-to-date inventory of all IoT devices so you know what you have in case of product recalls or manufacturer updates.

Ensure your IT department manages the devices, not a third party. In the event of a compromise, disconnect devices from the network and notify authorities as soon as possible. Do not power down until authorities tell you to do so.

You should only partner with manufacturers that take a “secure by design” approach to the development of their devices. That typically eliminates first-generation products and relegates you to only buy from vendors that have been in the market a while. The IoT industry is extremely competitive, with vendors rushing their products to market to beat their competitors. Make sure you do not sacrifice security for the sake of having the latest and greatest smart speaker or thermostat in your guest rooms.

Investigate how a vendor ensures the basic security requirements for data confidentiality, data integrity, and data accessibility. One effective approach is the incorporation of Public Key Infrastructure (PKI) using digital certificates. Digital certificates serve as the backbone of Internet security, even if you are not aware that you rely on digital certificates every time you browse the web.

Similarly, a PKI framework can provide assurances for IoT devices and the people who use them. This makes PKI a perfect match for the exploding IoT sector, providing trust and control at scale and in a user-friendly way that traditional authentication methods like tokens and passwords can’t do. Digital certificates used for mutual authentication can authenticate devices to other devices within or outside your networks, as well as authenticating users to devices behind the scenes with minimal-to-no user interaction. They enable safe authentication without the friction to the user experience that comes from user-initiated factors such as tokens and password policies. This protects all devices and networks from malicious actors, even if a data stream or data source were captured or compromised.

Digital certificates leveraging PKI also encrypt sensitive data to ensure only authorized parties can read messages in transit. Using code signing certificates, technical teams can securely patch IoT device firmware, including over the air updates in a similar fashion to how your smart phone gets updates. Code signing also enables secure boot of the device and the integrity of software to the device to protect against malicious files.

Be proactive in taking the necessary precautions before implementing any new IoT devices. Be sure to incorporate PKI into your IT security best practices and policies, and carefully vet any manufacturers before you source from them. You cannot force an IoT device manufacturer to adopt a “secure by design” mindset, but you can demand it of any that want to partner with you.