Tech Talk

Recent posts

Today I continue my series on enterprise system pitfalls and discuss the problem of over abstraction. Be sure to read my previous post which lays the foundation for this series.

Are we getting the economic return we should be with new technology innovation? In this article, I’m starting a series reflecting on common weaknesses in enterprise systems development, and am going to try to unpack as concisely as I can these pitfalls we fall into.  We’ll analyze why we stumble into these problems, our struggle recognizing the root causes, and the results.

HU talks with Bob Diachenko, the cybersecurity expert who discovered the breach, about steps hotels can take to prevent data incidents

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Proving the Negative

03/09/2015
by Michael Schubach

Remember George W. Bush’s 2004 re-election campaign? Of course you do – Vice President Dick Vader was running the country from the White House basement while President Bush II was telling us how much safer we all were as a result of the government’s hard work. What was the self-evident evidence of our safety? We hadn’t had another September 11, so of course we were safer – what don’t you get?

Skeptics – and I promise you I wasn’t the only one – asked themselves how anyone could prove a negative, that is, how could anyone say with certainty that something didn’t happen as a result of their efforts and activities? It would have been just as valid for the government to claim that since September 11 the U.S. had introduced a rigorous program to halt total solar eclipses over North America. Is it working? The self-evident evidence: have you seen any total solar eclipses since then? The ipso facto conclusion you’d be forced to draw: our swell new total eclipse policy is alive, well and working as planned. And when would we know if the program were somehow flawed in some not-so-obvious way? To get that answer, you’d need to wait for the next total eclipse of the sun. 

I can think of a different analogy that faces every hotel company in business today. Is your rigorous program to halt the prospect of data compromise working? Provided your system is thus-far unscathed, your self-evident evidence is that yes, your system safeguards are alive, well and working as planned. And when would you know if your safety steps were somehow flawed in some not-so-obvious way? To get that answer, you’ll need to wait for your turn in the system-breach barrel.

The latest occupant of the barrel is Mandarin Oriental Hotel Group. It’s too early to know what actually happened – let alone how, when, where or why – so this is not a rush to judgment. It’s really quite the opposite: I’ve been long acquainted with key members of the MOHG technical staff, and if anything, they have been overly protective of their data, their guests’ data, their guests’ privacy and the integrity of their systems and network. I think the negative that MOHG is about to prove is the sad reality that good security works right up until it doesn’t. Given adherence to established guidelines and best practices, you’ll find that you’re reasonably if not fully protected until the nanosecond that someone finds an unanticipated way in.  That is the tremendous negative with which we all are forced to cope. 
       
In the world of system security, there is no silver bullet; if there were, we wouldn’t be having huge, costly and embarrassing breaches… or even this conversation. Let me caveat that statement by noting that data can be more rigorously protected if you are willing to pay the price. With heightened security comes heightened complexity: making your data worthless to steal also makes it difficult (if not impossible) for your systems to consume or share. But supposing that you were willing to throw disproportionate funds at the problem, you, too, could operate a system every bit as secure as the one at the NSA. 

Oops, bad example. I stand by my contention that there is no silver bullet, no unassailable secret maneuver that keeps your data absolutely safe and you absolutely comfortable. The typical problem isn’t some IT wonk asleep at the switch; you’re up against a 24x7x365 barrage by bad guys who intend to erode, circumvent or destroy whatever your good practices have built. Sadder yet, a breach could just as easily come from one of your own good guys who might open the wrong email or inadvertently share a file with the wrong flash drive. In one swift and fell swoop, a friend rather than a foe can usher chaos in through the gate that you’ve so meticulously built and guarded. 

Odd truisms govern the world of system security. Do the wrong things and you’re likely to pay a heavy price; what you don’t know or don’t learn or don’t bother with could cost you the ranch. Do all the right things and… well, sometimes you end up in the same situation. That’s not an excuse for bypassing the time, effort and investment that good security demands – it’s just a reminder that sometimes bad things happen to good practices.

Best of luck to our friends at MOHG.

About The Author
Michael Schubach




Michael Schubach is a regular contributor to Hospitality Upgrade.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code