The Need of Customer
and Business Process:
While
making a reservation online, a customer reveals sensitive information such as
credit card and personal details and expects them to remain secure. However,
that is rarely the case because of ‘hacktivism’
or the hacking phenomenon. The person perpetrating it is called the ‘Hacktivist’( hacker+activist), a term that is
used for ‘active hackers’.
The
need of today’s customer is to feel secure and not hesitate while sharing
personal details, such as an email address or a contact or credit card number.
Additionally, it is the business’s duty to
ensure that the information shared remains confidential and is not forwarded to
undesirable sources, though, having said that it is still important that the
customer information is shared with travel agents and other sources for
official purposes, like travel bookings, frequent flyer programmes, law
enforcement agencies, etc.
There is a twofold responsibility on the hospitality industry - A) it is required to protect the guests privacy,
and B) It has to ensure that the hotel’s confidential information such as the financial reports do
not fall into the wrong hands, and are managed
only by the authorized people.
Both
technology and dependency on technology has
increased over the past few years. However, it is to be noted that the
increased dependency also leads to the
increased vulnerability because having everything recorded on a computer or on
cloud based storage systems has both advantages, and disadvantages i.e there is always a probability of the
information falling into the wrong hands.
It is against this backdrop that I
propose to introduce the concept of Domain Name System (DNS). It has been
defined as “The DNS translates Internet domain and host
names to IP addresses. DNS
automatically converts the names we type in our Web browser address bar to the
IP addresses of Web servers hosting those sites.”(Mitchell, 2013)
Why
DNS?
A hotel spends millions of dollars on physical
security of both its guests and its physical infrastructure. However more than
the physical wellbeing of the guests and the infrastructure, it is the intellectual
property or the data pertaining to both the guests and the company/industry
which is most vulnerable. It is a Virtual Achilles’heel as one might say. The security
of the data is also the least thought of
security measures incorporated in the data security systems of the
Multi-Million Dollar Hospitality industry making it vulnerable to security threats
and breaches.
BACKGROUND:
The
Wyndham group of hotels experienced severe legal actions due to the poor
security practices being followed.
According
to Federal Trade Commission (FTC) attackers breached the networks of Wyndham Worldwide
Corporation global hospitability company 3 times in 2 years prior to 2012. This
resulted in the Credit Card information theft of over 6,00,000 Credit card accounts
equalling 10.6 mullion $ in fraudulent credit card charges. FTC was of the opinion
that the absence of the complex user Ids and passwords, firewalls, and network
segmentation between the corporate network and the hotels resulted in the easy availability
of sensitive payment card information. It them went further to say that this
was facilitated with improper software configuration of the hotel chain which resulted
in the theft of hundreds of thousands of consumers payment card account information
to an internet domain registered in Russia. This company according to FTC
breached the Wyndham networks and installed a memory scrapping Malware on
numerous systems to obtain guest names and credit card account numbers. Such
malware exploits Point of Sale systems while remaining undetected.
Another
incident regarding security data breach was noticed earlier this year at The InterContinental Mark Hopkins, San Francisco where in
a few burglars entered the hotel premises and were about to steal a few hard
drives from the sales office. These hard drives included sensitive information
regarding the guests. According to the hotel general Manager Nelum Gunewardane they engaged data security experts to investigate this
incident thoroughly and learned on July 14, 2013 that even though the computer
hard drive was not taken, it is possible that it was accessed while the criminals
were in the office.
It is due to incidences mentioned above that one should make
it a point to invest a little bit when it comes to securing data.
Source:
(Huawei Technologies Co., Ltd., 2011)
Danny
McPherson, vice president and chief security officer for VeriSign a company involved
in DNS security solutions says "People invest tens or even hundreds of
millions of dollars on content distribution infrastructure, data centres, and
other things, and they use a fixed password with their registrar and a $10
domain name." (Lemos, 2013)
With
the recent attacks on the domain registrar reseller, MelbourneIT along with the
Huffington Post and The New York Times. It can be observed that though these
attacks were nothing out of the ordinary, a lot of organizations were still
unprepared. Although websites like Twitter who have already been bitten by this
bug once remained prepared this time and were successfully able to dodge this
bullet by making a tiny investment of just $50.
PROPOSED SOLUTIONS
AIM
– The aim of the proposed solution is to avoid the above situations and to save the
guests, hotel/hotel chains from possible legal threats, the following solution
is proposed.
Additionally,
the main aim behind this technology is to ensure that all data procured through
the customers remains confidential.
It
is therefore proposed that a Domain Name
System be religiously incorporated in the basic security of any hotel
network
What is Domain name
System or DNS?
DOMAIN NAME SYSTEM:
Also known as
the ‘Yellow Pages of the Internet’ is highly relied on for directing the
internet traffic along with many other large private Internet Protocol (IP)
networks. It helps in maintain a distributed database of addresses and network
names along with providing with methods to remotely query the database for
computers.
DNS and its relation to the World Wide Web
All public Web
sites run on servers connected to the Internet with public IP addresses.
The Web servers at xyz.com, for example, have addresses like 123.456.789.80.
Although people can type the IP address into their Web browser to visit sites,
being able to use proper names like http://www.xyz.com/ seems much more easy
and convenient to use and remember.
The Internet utilizes DNS as a worldwide name
resolution service for public Web sites. When someone types a site's name into
their browser, DNS looks up the corresponding IP address for that site, the
data required to make the desired network connections between Web browsers and
Web servers. (Mitchell, 2013)
How do the hotels and
hotel chains benefit from it?
Before
any hotel chain can take the maximum benefit out of this simple yet extremely
effective technology it should have fulfilled the following pre-conditions.
PRE-REQUIREMENTS:
For
being able to use this technology the client should have a registered DNS, upgraded
network systems and a cloud storage
facility for its data, so that the security bug is able to work and the
information that is being accessed on the network is visible to the administrator
of the server.
But
before I proceed further I would like to introduce cloud storage( which is a
part of cloud computing) to the
uninitiated. The core idea behind the
concept of cloud computing is ‘Anytime, Anywhere’. One can easily access any piece
of information sitting anywhere with this technology which enables users to
store endless amount of information on a virtual storage system at a minimal
cost.
‘Cloud’ in computer language can be explained a set of storage,
interfaces, services, networks and hardware that are brought together to
provide all the aspects of computing. The
reason why this technology is being used along with this concept is because of
four essential reasons, the flexibility to increase or decrease your storage
limit as per use, the cost involved since you only have to pay for the amount
of services used, the application programming interfaces (API) and the
authority given to the user to customize the storage as per his own wishes.
It is also used since it helps in
eliminating many of the traditional constraints that exist in the computing environment
such as time, space, cost and power.
As we can observe the very strengths of cloud computing becomes its
weakness in the hands of the hacktivists. These people can therefore access the
data even a remote site many kilometres away from the actual hotel site and
hack into confidential data via malwares. (Hurwitz and Bloor et al., 2013)
As
was observed in the above example of Wyndham, The New York Times and The
Huffington Post among many others, a hacktivist generally goes for the most
vulnerable spot because A) Ease of accessibility and B) Quick Getaway which are
usually the Point of Sale systems (P.O.S systems), reservation systems,
ordering systems, etc. Hence the solution to data theft at these points of
vulnerability is to secure them with an agile software like the proposed ‘Secure
Bug’, which would enable the organization to track the access to the DNS
records. By doing so, the attack surface is thus minimized in the active
infrastructure. Since, there are only a few points of contact, only the
required people are authorized to access the information and if there is
somebody other than the authorized authority trying to breach into the secure
system, an alarm will thus be sent off to and the file trying to be accessed
would thus become corrupt. However, having said that, an encrypted version of
the file would be saved on a cloud back-up, ensuring that there is no loss of
data.
What makes this concept
innovative?
The
reason behind this concept being innovative is the fact that data security is
an industries top most priority, and for an industry such as the hospitality
industry which is primarily based on confidentiality and dealing with sensitive
customer information. Living in a world where everything from your room key to
ordering food from a tablet that is attached to your table at the restaurant is
based on technology makes every bit of information shared or saved on your
device vulnerable. Though high security measures are taken to ensure that no
information is obtained through illegal means by installing anti-viruses,
keeping alphanumeric passwords, using bio-metric passlocks, etc. it is still
considered wise to keep on upgrading the pre-existing technology and bridging
in even the minor loop holes in order to provide a safe and hacker free system.
DEFECIENCIES:
One
of the only deficiencies of this technology would be the fact that there are
hackers out there who might be able to breach into the cloud storage and obtain
the information even after such strict security measures being taken.
Referencing:
Hemmington, N.
(2007). From service to experience: Understanding and defining the hospitality
business. The Service
Industries Journal, 27(6),
747-755.
Huawei Technologies
Co., Ltd. 2011. Huawei One Net Hotel Chain Network Solution. (report).
