Tech Talk

Recent posts

Definitely Doug 6/9/23: Hotels Fighting Trafficking: The Role of Technology
Posted: 06/09/2023

This week I want to address an important issue for the hospitality industry, albeit one that technologists have not historically had on their radar. They can potentially play a significant role in addressing the issue, which is human trafficking, and more specifically sex trafficking.

In my last column, I reviewed some key trends in autonomous mobile robotics for hotels, and dove into three categories of delivery robots in more detail – room delivery, food delivery, and heavy-lift robots. This week I will round out the topic with several other robot types and applications, as well as general guidance for evaluating, acquiring, and adopting mobile autonomous robotics. If you have not yet read part one, I recommend going back and doing so before continuing below, as some of the introductory material is important background to what follows.

Read More +

Best Practices for Hotel & Resort Operators in Pool Season 2023
Posted: 05/25/2023

With the arrival of warmer weather and summer fast approaching, hospitality operators are gearing up for another pool season. This year, technology is at the forefront of driving booking revenue and taking operational efficiency to the next level. Modern technology platforms (such as hospitality’s newest technology category – the Property Experience Management System or PXMS) are providing brand new capabilities that unlock new strategies and approaches to filling the pool with satisfied guests.

Read More +

The Growing Role Technology Plays in Hotels and Restaurants
Posted: 05/25/2023

In the past few years, hotels and restaurants have grown into hubs for entertainment, leisure, and human connection. In an effort to best serve their guests, operators have begun rethinking their technological investments and working to adapt to recent shifts in consumer preference and operations. To ensure that guests have the best on-site experience possible, brands are increasingly looking to new technologies to make their experiences more convenient and comfortable. Advanced property management systems (PMS) and point-of-sale (POS) systems can increase operational and staff efficiency, while also meeting changing customer expectations for a high-value but relatively low-touch experience.

This week I will return to a topic I have covered before, because it has, within the last 12 to 18 months, become one of the hottest-growth categories in hospitality technology. That topic is autonomous mobile robots – specifically, ones that can move around the facility as well as perform specific tasks. Many of these products were launched pre-Covid but were often seen at the time as more of a marketing gimmick than a legitimate operational solution.

Read More +

comment on this article

Key Takeaways From the 2015 Verizon PCI Compliance Report

03/30/2015

by Marion Roger

Verizon released the Verizon 2015 PCI Compliance Report on March 12. The 84-page report contains an overview of how ‘compliant’ companies are and the findings compare prior years’ results to current.

Hospitality Upgrade was invited to interview an author of the report. We asked regular contributor Marion Roger, VP Business Development, Hospitality Evolution Resources, to conduct an interview with Franklin Tallah, lead for hospitality for Verizon.

Note: About 20 percent of the companies covered by Verizon’s report were defined as “hospitality” (grouping hotels, online travel companies, airlines and restaurants.)

To help our readers cut to the chase, Roger asked Tallah, to share what he thought were the most important takeaways for our readers. Tallah’s responses are below:

1. During interim investigation assessments, only 12 percent of all the companies included in the study were compliant at the testing phase, meaning 88 percent were non-compliant at testing. Tallah indicated that the “least prepared industry” was the hospitality segment. Only four percent of hospitality entities were compliant at interim testing level. He went on to add that restaurants and travel companies (OTAs and airlines, technically part of the hospitality segment studied) actually fared better than hotels. Thus, given the three groups COMBINED scored an average of only four percent passing, one could deduce that hotels were even LESS than four percent compliant at the interim stage.

He then expanded his comments to note the report found the hospitality industry as the sector that needs a longer remediation period, sharing they often struggled between the interim findings and fixing issues before the final stages. He attributed that in part to the hub and spoke structure of head offices and the portfolio of properties.

Roger asked if he was surprised that despite the increasing maturity of the standard and organizations’ understanding of it, attaining compliance remains far from easy. Tallah opined that although we operate in such a rapidly evolving threat landscape, the 12 requirements are a good starting point and yet so many are not even passing more than a few.

In particular, Tallah noted that of the 12 requirements, that hospitality companies typically passed only two of them in the interim stage: Requirement #1- having a firewall, and Requirement #12 – Maintaining security policies (an infosec environment.) Of the other requirements (Principles 2 through 11 inclusive) the hospitality industry as a whole failed.

[For those needing a quick “cheat sheet”, the 12 PCI DSS requirements include maintaining firewalls, securing configurations, protecting stored data, protecting data in transit, maintaining antivirus software, maintaining secure systems, restricting access, authenticating access, controlling physical access, logging and monitoring, testing security systems and maintaining security policies.]

2. Of all the data breaches Verizon’s forensics team investigated over the last 10 years, not a single company was found to be compliant with all 12 PCI requirements at the time of the breach. That said, compliance is up on the whole. Between 2013 and 2014, compliance across the entire population studied, rose in every area except testing security systems.

Of the 12 PCI compliance requirements No. 11, Testing Security Systems, was the only requirement that experienced drop off; dropping from 40 percent to 33 percent compliance.

Tallah pointed out that while testing was a challenge for everyone, the 2014 report also uncovered that the hospitality” sector is the one that struggles the most with the internal vulnerability scan phase of testing. This test is monitored as a pass/fail, and the hospitality industry as a whole failed this phase.

3. He wrapped up with some interesting correlation findings related to the principles. The first finding is that on average, breached organizations were 36 percent less likely to be compliant with a given requirement. In particular 45 percent of the breached companies were not compliant on patch management and development security.

Tallah remarked that sadly the study illustrated one can see a clear correlation between those companies that are not fully PCI compliant and the level of risk they face.

There are a variety of angles to take on the report and a lot of detailed data to sift through. Depending on the sector and role the reader, interpretation leads to either very positive or quite negative news.

Delve into the report and grasp that as mentioned earlier, only 20 percent of businesses passed their most recent PCI compliance assessments. But remember: while this is better than the 10 percent compliance rate cited in the 2014 report, it’s important to note that of all the breaches reported by Verizon last year, “not a single company has been found to be compliant at the time of the breach,” underscoring the importance of PCI DSS compliance.

Clearly PCI compliance is only a single element of a much broader security and risk management portfolio. As Forrester Research highlighted on March 3 of this year: “If regulations are the beginning and end of your security strategy, you need to rethink your strategy. Compliance-based strategies have narrow controls that are of limited use to the entire enterprise.”

Click here to view the full report.

About The Author

Marion Roger
President
HRH Services LLC

Marion Roger is a specialist in the hospitality supply chain landscape who has led an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a specialty focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.