Maestro PMS banner
  Cloud-Hosted Hotel PMS Data: Who Holds the Keys and Why it Matters

Answering questions about data stored in the cloud and how hotel & resort operators can curtail uncertainty

What’s in the cloud — and who owns it — anyway? Despite the industry’s reliance on cloud computing, security myths and other concerns swirl among discussions about the technology, sometimes leading operators to mistrust potential technology partners. These rumblings can lead to a storm of operational disruptions, leaving hoteliers feeling rudderless in a marketplace that requires constant adjustment and reaction.

Hoteliers must be able to trust their technology partners, particularly those hosting and protecting their data. Here is a look at three of the most significant questions operators have about their data in the cloud and how they can take steps to curtail uncertainty.

Is Cloud-Hosted Data Secure?

Every security system has its strengths and weaknesses, but there are many ways to assess your hotel’s vulnerability to intrusions. Cloud computing’s flexibility and accessibility across multiple devices, though useful for hotel operations, can create a menagerie of potential exploits. Hoteliers must ensure they have an adequate plan in place to protect their cloud-based infrastructure and then ensure its cloud security settings are properly configured as early as possible. This is an extremely important point for independent hoteliers with a self-host or private cloud strategy, or those who often lack the available staff to monitor these settings frequently. 

Next, operators must take steps to actively prevent internal data from being shared outside of the hotel. This includes adjusting daily activities, such as refusing to share internal links with outside collaborators and efficiently revoking account access for former employees. Management is also encouraged to limit security privileges to specific hotel workers, controlling the number of active accounts capable of being compromised.

Cloud-based systems are also open to cyber-attacks and malware incursions, and there are a wealth of cybersecurity tips operators can follow to avoid or mitigate the likelihood of such an attack. Operators should consult their technology partners to identify the clearest strategy for keeping your property’s digital identity secure. The most significant red flag a hotelier can watch out for in technology is the lack of an adequate security plan or the inability to articulate such a plan. Providers should be able to tell hoteliers where their servers are located geographically, the details of their redundancy and disaster recovery plans, and outline the level of daily maintenance and support hoteliers should anticipate getting.

Whose Data Is It Anyway?

Hoteliers are actively collecting consumer data from equipped property management, global distributions, revenue management, and other systems — but with so many sources all collecting data for the same goal, who does this data actually belong to?

The more pressing question for operators remains, “What rights do I have to my data?” The answer to this question largely depends on a hotel’s contractual agreement with its technology partners. Vendor agreements rarely stipulate ownership of customer or partner data, but this must be clarified contractually so that if the need to extract it in the future is needed, it is an easy task with the vendor’s assistance.. Additionally, vendors typically request access to client or customer data to a certain degree to provide functioning cloud service. This can also extend to data usage agreements, whereby technology partners request the right to access client or customer data to gain insights used to improve their services in both quality and consistency.

Other aspects independent hoteliers must consider as part of a data ownership agreement include an agreement from technology partners to implement security measures in the first place and to commit to protecting data belonging to the property and its guests from access, breach, or loss. As a final component, independent operators are recommended they specify clear language in the agreement regarding how long technology partners must retain customer and guest data and how it is deleted. This enables operators to walk away from a technology partnership without the fear that their data may be compromised later when the relationship no longer exists.

Are there best practices to follow?

Hotels need technology to remain competitive today, and therefore it is imperative to find a technology partner they trust, particularly independent operators. Hoteliers must also try to understand the shared responsibility model, which impacts every aspect of data usage and security today. As a result, hoteliers have responsibility for data security regarding on-property activities, while technology and cloud service partners are responsible for protecting their networks from outside attacks and ensuring everything is working properly. Hoteliers must clearly outline their responsibilities at the outset of an agreement and properly train workers to comply with these requirements.

In fact, training is one of the most important best practices hotels can embrace for improving cloud security protocols. Considering that most incursions are a result of improperly configured or used equipment, operators should train staff to notice anything out of place and what to do to elevate these concerns. Hotels can also adopt automated solutions designed to prompt workers to follow specific policies or refresh their knowledge.

Lastly, hoteliers should conduct a full audit of their potential cloud-based security vulnerabilities, ideally cooperating with their technology partners and an outside firm. This can help locate misconfigured equipment, users with outside access to your data, and other concerns before they become threats. By taking these challenges seriously, hoteliers can protect themselves against data breaches and increase the efficiency of their security systems while gaining access to vital cloud-based operations and management platforms. Protecting your hotel’s data security ultimately improves the staff and guest experience and a hotel’s overall value.

About the Author

Warren Dehan

Warren Dehan is the President of Maestro, the preferred cloud and on-premises PMS solution for independent hotels, luxury resorts, conference centers, vacation rentals, and multi-property groups. Maestro was first to market with a fully integrated Windows PMS and Sales & Catering solution and is continuing that trend with leading edge web and mobile based solutions encompassing all aspects of the operation. Platform and deployment independence present Maestro as an investment that will continue to grow and adapt as innovative technologies emerge.