Mathieu Gorge, CEO of VigiTrust, outlines the basics of big data security in the hospitality sector.
Hospitality is a sector that lends itself to big data analytics. Organisations can draw on multiple sources of customer information from many sources and on many subjects, ranging from room preferences to car hire and restaurant information.
At the same time, organisations may also provide access to systems to external partners, such as suppliers, but will also be required to hold credit card details securely, so big data security is a major concern also.
Adshead: What are the key issues around big data security in the hospitality sector?
Gorge: First of all, we should look at the specific challenges the hospitality sector might have with regards to data, and data that it might acquire; not just about its own employees and staff, but about customers and suppliers.
So, looking at customers first, a client of a hotel or restaurant or whatever, there are different types of data that you might acquire. There will be identity information, a passport or identity card, something that will allow a person to identify themselves as having booked a room, for example.
Then there’s going to be payment information, and there could be specific types of health information – dietary information or accessibility requirements, for example. You can see that this type of data has a value with regard to security, so the confidentiality and integrity of the data must be maintained at all times.
The confidentiality and integrity of the data must be maintained at all times
Mathieu Gorge, VigiTrust
Then a hospitality organisation might be using a range of suppliers, some of which will need to access specific data. So you have to consider how to manage information that suppliers may gain access to.
Finally, most of the hospitality industry, especially hotels, will use a property management system that might be linked to additional services that the hotel might offer, such as access to wireless internet that might be free if you are a customer with a loyalty card.
So, you can see that the amount and different type of data that a typical hotel will actually deal with is, by nature, big data, so how they collect and classify that data is something that all security people, IT people and compliance people need to be aware of.
Adshead: What implications for data storage and backup flow from these?
Gorge: The hospitality industry, given the nature of the services that it offers, needs to make sure that it classifies the information and data it holds about its customers in such a way that the lines of business that need to have access to it can do so securely and at the right time.
So, let me put that in perspective. In a hotel you will have additional services, like the rooms that people stay in, but also a bar, spa, restaurant, car valet service, car parking, and so each line of business may need access to payment information, but also to where the customer might be from or whether they are part of a loyalty scheme.
So, in terms of how that data is classified and secured, for hotels in particular as well as large chains of restaurants, there are specific challenges in how big data is structured. That’s why we talk about big data in hospitality; it’s all about managing unstructured data, making sure the right lines of business have access to it at the right time.
One of the key challenges with storage for the hospitality industry has to deal with compliance with the Data Protection Act, and particularly compliance with the likes of PCI-DSS. That’s because most of the business relies on the fact that customers will be using credit cards to book in advance and pay when they leave the hotel, but also use that as an identification system when they move from one line of business within the hotel to another.
It’s always the same issue of striking the balance between operational improvements and security
Mathieu Gorge, VigiTrust
So, it’s very important that any type of payment data that needs to be stored is stored in compliance with PCI-DSS and that at if any given time the hospitality [organisation] needs to get some identification, like a passport or identity card, this is kept according to the requirements of the Data Protection Act.
Unfortunately, given the current economic climate, some hotels are not dedicating enough time or people to look after making sure that data is stored properly and access restricted on a need-to-know basis.
So, it’s always the same issue [of striking] the balance between operational improvements and security.
Having said that, the specific challenges with regard to data storage and data security in the hospitality industry shouldn’t be underestimated. There is some good guidance from the Hospitality Networking Group, for example, and a number of LinkedIn groups for the hospitality sector. I’d highly recommend people joined those groups so they can educate themselves to make sure their data is stored properly.