The Power of Security
Hospitality Technology , March 2006
by Vicki Powers
Network security breaches continue to threaten customer confidence, productivity, corporate image, and companies’ bottom lines. Just take a look at the numbers—attacks on computers and servers have triggered $17 billion in economic damage in the U.S. alone, according to CIO magazine.
Hospitality companies experience the same concerns. A recent survey of hospitality professionals by Cihan Cobanoglu, assistant professor of HRIM at University of Delaware, found that 20 percent of respondents said their computer networks had been attacked within the previous 12 months. Independent hackers were responsible for 57.1 percent of the attacks, but disgruntled employees were behind 21.4 percent.
All of this translates to restaurants and hotels increasingly ensuring that network security issues, be they virus, intrusion, even spam protection, are right in the network solution.
Since his arrival as CIO at Church’s Chicken in fall 2005, Alan Stukalsky made network changes during his first task on the job. The most difficult aspect of network security, he says, is keeping up with constant change, which is especially daunting in the restaurant industry. Each of Church’s 285 corporate-owned restaurants shares a network, and keeping them secure is a hefty challenge.
To manage security, Church’s worked with Netifice Communications (www.netifice .com) at the end of 2005 to upgrade its network and build a private virtual private network (VPN) to connect its restaurants and provide them direct access to their vendors. Stukalsky says this ensures the restaurants are safe and protected and not working through the Internet. The network security roll out is expected to be complete by March of this year.
“We’re able to manage from a single source, which is the Netifice portal,” Stukalsky explains. “It provides multiple benefits on a security side and makes our job easier from a management perspective.”
Behind the scenes, Church’s runs monitoring software for virus updates, spyware, and spam that keep things on the network running smoothly. To be a step ahead of the latest security concerns, Stukalsky emphasizes the importance of tracking on almost an hourly basis, rather than daily, based on the prevalence of viruses. The turnaround has to be so fast to ensure the network remains secure.
Previously Church’s maintained some restaurants on a private network while others were on the Internet. Once the upgrade is complete, the focus will then shift to rolling out “credit card over IP” in place of its credit over dial up to provide faster transactions for customers, encrypted information and integration into its POS.
Securing the guest
The environment of a hotel and casino presents its own network security concerns. With thousands of casino guests and hotel rooms, protecting information such as credit card data, social security numbers, and driver licenses is a top priority.
Las Vegas’ Riviera Hotel & Casino uses a comprehensive network security solution from NFR (www.nfr.com) to detect and defend against malicious network activity. This allows Tim Wilbur, Riviera’s enterprise security administrator, to accurately answer questions regarding its network status.
“NFR’s security system is important for a hotel/casino because we have a customer base trusting us with a myriad of personal information,” Wilbur says. “The consolidation feature allows me to monitor trends that I normally wouldn’t be able to identify by reading raw data alone.”
The NFR Security Sentivist security system monitors, detects, and analyzes traffic going through the network and blocks suspicious activities. Real security threats are identified in real time and acted on immediately.
“The challenge in our environment is allowing legitimate workflow to progress while denying attacks without burying the process in layers of authentication and security,” Wilbur says.
The solution allows Wilbur to immediately identify source addresses, the method used to attack, what triggered the event, and prevent the attack from penetrating the network. The greatest benefit of the security system, he says, is identifying and monitoring traffic as it occurs and remediating as necessary. “I can identify and report on any network activity that occurs and show quantifiable results,” Wilbur says.
A real solution
Real Mex Restaurants—the largest, casual Mexican dining restaurant company featuring brands such as El Torito, Chevys, and Acapulco—wrestles with the network security challenges of cost, versus security, versus performance. Its past technology connecting restaurants via dial-up proved a maintenance nightmare. Today it relies on GoRemote’s (www.goremote.com) Branch Office solution with a virtual private network. Information is encrypted and conversations occur behind the VPN tunnel and never to the outside world.
“The benefit of this system is the balance between cost and performance,” says John Koontz, vice president of information technology at Real Mex. “It’s an extremely low cost solution for something that would cost six or eight times higher with another technology. Security is one of those services we count on and is provided by them.”
Employees can pick up e-mails and place vendor orders through the secure network. With full time connection, the organization automates quite a bit. One of the biggest improvements, according to Koontz is credit card authorization. What used to take 30 seconds now takes about one second. When you’re dealing with guest credit card information, security ramps up in a whole new level. With statistics and advanced notice, GoRemote knows about potential security threats before Real Mex through its proactive reporting.
“It’s one thing to have our data compromised. It’s another to have guest credit card information compromised,” Koontz says. “It becomes the highest priority for us.”