Home

×
fb twitter linked instagram

Follow Us

WHAT'S THE BUZZ IN HOSPITALITY?

Is Cloud-based PMS Technology Safe?

Jul 06, 2017


The rate at which technology advances is accelerating. It goes beyond mere tool creation. It’s expansion and enhancement of the previous round of tools and capabilities. Is technology’s quickening pace, and the popularity of cloud-based property management solutions (PMSs), a security risk? Does the cloud open up new opportunities for security risk?

Generally speaking, cloud solutions are more secure than traditional systems. The powerful encryptions used by most reputable cloud-based solutions are often more stringent than those found with on-site solutions. While there is a stronger sense of control with data stored on local servers, this on-site physical location does not necessarily equate to better security. Rather than placing focus on the location, focus instead on a well-defined security strategy that enables the organization to work in a manner consistent with its business protocols and reduces security risk.

Ultimately, operators need to choose the best technology for their individual properties. With this in mind, we offer up some general guidance for moving to the cloud.

Cloud PMS Security Guidance:

  • Managing user access is more important than the location of the data. Understand how the data is accessed. Be on the lookout for breach opportunities. Often data breaches occur around vulnerabilities, no matter where the server is located.
  • Take the time to validate the security of cloud providers. Cloud-based data centers should be tested and audited to ensure they meet certain standards adopted by the business and industry (e.g. PCI, HIPPA, COBIT, ITIL, etc.).
  • Consider either hiring in-house technical talent or a third-party to ensure the contract with the cloud provider includes an SLA and indemnification to protect the business, its customers and its investors.
  • Research a provider with a multi-layered security protocol, which provides more failsafe measures that enhance the overall security of the property and its guests.
  • Conduct regular vulnerability testing. Untested systems are unsecured systems.

Cloud PMS Payments Security:

  • Consider a cloud PMS that removes liability from the business by using tokenization for payment processing.
  • The ideal PMS helps secure credit card data whether it’s in transit or at rest. Interfacing with a PCI-validated P2PE (point-to-point encrypted) payment solution is the best way to secure the card information for card-present transactions, thus preventing sensitive card information from entering the PMS. PCI-validated payment processing solutions are critically important because they’re certified by the PCI Council to provide both the maximum level of encryption possible, and to follow the most stringent payment processing requirements. When using a validated P2PE solution, PMS solutions offer more value because they support a reduction in PCI scope and audit costs while safeguarding guest data.
  • PMS solutions that are EMV-certified prevent counterfeit and stolen card transactions by validating the card at point of transaction. And on-line security through a secure PIP or iFrame protects the card data when transmitted from the guest’s browser for their reservation or activity bookings.

Industry Report

Revenue Beyond the Room
The 2024 Global Hospitality Study
Download Study

Upcoming Events

Feb 5 - 9, 2025
CMAA (Club Management Association of America)
Tampa, FL
Register Now

Feb 11 - 13, 2025
Margaritaville GM & Owners Conference
Register Now

Feb 17 - 18, 2025
Native Nations GM Exchange
Carlsbad, CA
Register Now

Feb 20 - 23, 2025
Concord Hospitality
San Diego, CA
Register Now

Feb 24 - 28, 2025
Sage Leadership Festival
Chicago, IL
Register Now