The rate at which technology advances is accelerating. It goes beyond mere tool creation. It’s expansion and enhancement of the previous round of tools and capabilities. Is technology’s quickening pace, and the popularity of cloud-based property management solutions (PMSs), a security risk? Does the cloud open up new opportunities for security risk?
Generally speaking, cloud solutions are more secure than traditional systems. The powerful encryptions used by most reputable cloud-based solutions are often more stringent than those found with on-site solutions. While there is a stronger sense of control with data stored on local servers, this on-site physical location does not necessarily equate to better security. Rather than placing focus on the location, focus instead on a well-defined security strategy that enables the organization to work in a manner consistent with its business protocols and reduces security risk.
Ultimately, operators need to choose the best technology for their individual properties. With this in mind, we offer up some general guidance for moving to the cloud.
Cloud PMS Security Guidance:
- Managing user access is more important than the location of the data. Understand how the data is accessed. Be on the lookout for breach opportunities. Often data breaches occur around vulnerabilities, no matter where the server is located.
- Take the time to validate the security of cloud providers. Cloud-based data centers should be tested and audited to ensure they meet certain standards adopted by the business and industry (e.g. PCI, HIPPA, COBIT, ITIL, etc.).
- Consider either hiring in-house technical talent or a third-party to ensure the contract with the cloud provider includes an SLA and indemnification to protect the business, its customers and its investors.
- Research a provider with a multi-layered security protocol, which provides more failsafe measures that enhance the overall security of the property and its guests.
- Conduct regular vulnerability testing. Untested systems are unsecured systems.
Cloud PMS Payments Security:
- Consider a cloud PMS that removes liability from the business by using tokenization for payment processing.
- The ideal PMS helps secure credit card data whether it’s in transit or at rest. Interfacing with a PCI-validated P2PE (point-to-point encrypted) payment solution is the best way to secure the card information for card-present transactions, thus preventing sensitive card information from entering the PMS. PCI-validated payment processing solutions are critically important because they’re certified by the PCI Council to provide both the maximum level of encryption possible, and to follow the most stringent payment processing requirements. When using a validated P2PE solution, PMS solutions offer more value because they support a reduction in PCI scope and audit costs while safeguarding guest data.
- PMS solutions that are EMV-certified prevent counterfeit and stolen card transactions by validating the card at point of transaction. And on-line security through a secure PIP or iFrame protects the card data when transmitted from the guest’s browser for their reservation or activity bookings.