With rising demand for contactless and “low-touch” interactions, hoteliers are seeking out vendors that provide tools such as mobile apps for check-in and check-out, chatbots, and facial recognition.
But before making any selection, it’s crucial to keep one thing top of mind: security.
Integrating with third-party vendors creates potential points of vulnerability that could expose hoteliers to cybersecurity hacks and data breaches. And in a new world of compliance – including General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA) – violations can lead to costly fines. According to a recent ZDnet article, 160,000 data breaches have occurred since GDPR took effect.
The single-most important thing a hotel can do to mitigate cyber risk, according to hoteltechreport, is to be diligent in technology vendor selection. Proper vetting requires asking questions such as:
Oracle develops database application software and hardware in the cloud with a security-first design. With a clear, committed cloud security strategy and ongoing investment in development and management, Oracle runs enterprise clouds with millions of global business users every day for companies of all sizes.
To help hoteliers who are increasingly subscribing to cloud software, Oracle has published a list of top considerations to help reduce security risk. To review them in their entirety, click here. The following excerpt highlights the key points:
Provider viability: Is your cloud applications provider viable? How long have they been developing cloud security and data compliance services for their customers? What is the cloud provider’s rate of investment in protecting data and building compliance tools for every aspect of business?
Secure data isolation: Does your cloud provider use multitenant database technology to easily extend applications/databases faster and more securely manage and relocate your data; (i.e. for growth expansion into other countries with data residency/regulations requirements?) Are they able to provide multi-tenant capabilities while securely separating your data?
Global unified access controls: Can you easily and consistently control access across all your cloud applications? Or do you have silos of cloud applications scattered around, being accessed all across your company?
Compliance & GDPR: Now, with GDPR and CCPA – many organizations are finding it even harder to meet ever-changing data privacy requirements for their organizations. In addition, many industries require industry-specific data privacy controls such as PCI, HIPAA, etc. Does your cloud provider have strategies and controls in place to help support you in meeting changing regulatory requirements?
Global cloud operations: Many organizations worldwide have data location requirements – where their business data needs to be within certain country or regional boundaries. This can be a challenge if your cloud provider doesn’t have a worldwide presence with data centers in those regions. Does your cloud provider operate enterprise-grade cloud data centers around the world?
Embracing technology innovation will play a pivotal role on the road to recovery. Select your vendors carefully and don’t let security issues derail you.