Hotel News
BITAC® Events!
Owners Event Nov. 04, 2018 More Info 2 Supplier Spots Left
Independent Dec. 12, 2018 More Info 2 Supplier Spots Left
Building Your Hospitality Business
  Are you a member? Log In  or  Sign Up
Senior Living News
Send a summary and link to this article
To Email
Your Name
Your Email
Bot Test
To pass the Bot Test, please type the white text that you see in the gray box. This helps us prevent spammers from abusing the system.
Print Printable Version

EXCLUSIVE: Reducing the Security Risks of Mobile Apps

Friday, February 03, 2012
bookmark this
Bookmark to: Digg Bookmark to: Del.icio.us Bookmark to: Facebook
Bookmark to: Yahoo Bookmark to: Google Bookmark to: Twitter
We are on Twitter

In the hospitality industry, a first wave of mobile apps has made it more convenient to search, compare and reserve hotel stays quickly from anywhere. Many of these apps are no more sophisticated than reformatting travel-oriented websites that have existed for years, but they are now optimized for use on devices such as smartphones or tablet PCs. Something genuinely new is also emerging: apps that combine global positioning data with new functionality, creating more guest options during a hotel stay, opening new channels of communication with hotel staff and with businesses near hotels, or simply making the checkout process more flexible and convenient.

The upside to these new applications is the potential to win new customers and increase the loyalty or affinity of existing ones. However, mobile apps first will have to overcome many of the same security challenges that we found with previous technologies, as well as concerns unique to this portable, fast-moving computing medium. Organizations that move early to harness the power of mobile apps will find most risks can be mitigated by a combination of programming discipline, solid network engineering and careful communication.

Best Practices for Reducing Risks
New frontiers of application development are always emerging, and though mobile apps present some unique challenges, there are also some well-established best practices that apply. Most notable is a design process that incorporates security concerns from the moment the application development project starts. Below are some of the effective tactics and industry standard-based approaches companies in several industries are using to reduce the risk of data breaches that arise from mobile applications. Hospitality firms may want to look for application vendors who use some or all of them:

Secure software development life cycle (SDLC) – Organizations should work with developers or agencies that can show examples of how to follow industry-recognized security practices, including an SDLC that plans for secure outcomes from the outset. That is, they build security into the product in the development phases rather than “bolting it on” after the coding is done.

Multifactor authentication – Sometimes called two-factor authentication, this is a multifactored, multilayered technique to improve the odds that the person who is trying to get into an application is actually who he or she says. An example often used in this industry is when a user performing a transaction via a computer simultaneously has his or her identity authenticated via text or telephone call.

Mobile secure content and threat management – A framework of defenses for enterprise users that is specifically put in place for mobile applications. This approach includes mobile threat management, mobile information protection and a mobile virtual private network.

Strong encryption – No encryption method is foolproof, but some encryption is almost always better than none when it comes to securing data passing over public networks.

Tokenization of key identifiers – Truncating a user’s credit card number or substituting a token in its place is one way merchants can securely authenticate a customer without having to store sensitive card data.

Secure servers – A comprehensive risk assessment includes examining security measures surrounding an organization’s mobile application server. Building an airtight application does little good if the back door to the application data is not as secure.

Proactive customer communication – Nothing disarms suspicion like candor, so define data security policies clearly and make them easy for guests to find. Educate desk staff to provide informative answers when guests have questions. Create a crisis communications plan that anticipates worst-case scenarios, but then strive to make sure it is never needed.

Risk Management’s Contribution to Customer Affinity
There is great promise for the ways that new technologies and applications can add convenience, savings and enjoyment to your guests’ lives. Companies that not only can supply but also take credit for those improvements stand to make lasting gains in the marketplace. Careful hospitality organizations will find a way to deliver on this promise for the future without sacrificing the security of their digital assets – and those of their guests – in order to get there.

Cal Slemp is Managing Director, Global Leader of Security and Privacy Solutions at Protiviti, Inc.

Feedback Messaging & Feedback
We welcome your opinion! Log In to send feedback.
Already a member?
Log In
Not yet registered?
Sign Up
Need More Information?
  RSS Feed
RSS Feed
Contact Us
Mobile Version