WORDS FROM UNIGUESTRead the latest postings from our Uniguest team
by Kat Minton | Uniguest | December 2017
The days of hotel business centers catering solely to the business traveler are long gone. While a business center still works to meet the needs of those traveling for work, it is also serving guests traveling for leisure.
In the past 30 months, user activity in Uniguest business centers has grown by 40 percent, serving 85 million users in 2016 alone. In addition to the heavy usage of productivity applications such as Word and Excel, there were more than 1 billion website hits. Business travelers tend to utilize the productivity applications and printing functions more, while leisure travelers tend to visit webmail, social media sites, and travel pages.
With a 35 percent surge in printing, it is no surprise to find that more than 65 percent of travelers deem printing capabilities as a critical amenity to have at a hotel. To accommodate for this need, hotels are adding wireless printers, like cloud printing, to business centers so that guests can print from their own devices and pick up their documents with a secure code when they are ready.
Regardless of the type of traveler you are serving, the resounding need for travelers using a business center is security. Whether logging into personal mail or accessing a highly confidential document, the user should have peace of mind that upon logging off or a period idle activity, the session will be wiped clean and none of their information will be left behind for another user to stumble upon. In addition to the personal security, all kiosks are equipped with content filtering to ensure that guests do not come across any sites that would not be suitable for a public space.
by Jason Meister | Infrastructure Architect, Uniguest | September 2017
Because I come from a history of developing security-conscious enterprise applications, I want to take a few moments to talk about understanding and caring for an application or system’s “secure landscape.”
What I mean by “secure landscape” is that whatever your application, there’s some sort of security that you’re trying to ensure. Whether it’s securing physical access, user privacy, the operating system, or possibly just application integrity – you have some level of responsibility to protect something or someone. Take an inventory of everything your application does and think through possible security-related responsibilities you might have to your users, applications, or systems in general. Everything together makes up your “secure landscape.” Words that might be running through your mind might include: encryption, privacy, spyware, plain-text, credit cards, data persistence, history, communication, handshake, packet sniffing, keylogger, any sort of injection, etc.; the list goes on.
It’s not uncommon to have a secure landscape that spans several dozens of applications housed in several datacenters and individual workstations. The unique challenge that Uniguest has is that on top of the everyday stuff, it also includes more than 20,000 individual workstations running custom-built software on several hardware profiles with several operating systems – all promising a secure experience to the end user. Let’s also call out that the end user in this environment is anyone who sits down at a computer (untrained on these systems) – and in many cases, will use their credit card to do so (as if there weren’t enough responsibility to carry on your shoulders without credit cards). Maybe go back and re-read those last couple of sentences, because yes, I said that untrained users plug in credit card information into a public-space computer running any combination of operating system + hardware and promising the end user a private and secure experience.
Fortunately, Uniguest understands the vast secure landscape and is constantly evaluating systems, applications, and even processes and business rules in order to stay ahead of exposure and threats. We all remember the big ransomware fiasco that swept most of the globe in Spring 2017? Uniguest stayed ahead of it due to focused monitoring and swift preventative patching, resulting in the fleet of 20K+ remaining unscathed. Remember Target’s in-store credit card breach right smack in the middle of holiday shopping season 2013? Well, thanks to hard lessons learned by others (them), the PCI Security Standards Council came out with stricter requirements for merchants accepting credit cards. I can tell you first-hand that Uniguest’s latest platforms and internal processes not only adhere to those requirements, but go above and beyond by enforcing many best practices and findings from the OWASP research and recommendations. Want some good (but dry) reads? – visit https://pcisecuritystandards.org and https://owasp.org.
Having a former-Airforce + cybersecurity expert as your COO tends to keep you on your toes as far as security is concerned – there are no shortcuts or assumptions. Now, not only does Uniguest rely on experience and expertise of in-house resources, but also actively puts systems to the screws with Rook Security. Rook is a third-party, globally-recognized specialist in security assessments, and I was truly impressed by their knowledge and thoroughness in their assessments.
Getting back to the topic at hand: You should always have your secure landscape in mind when building any application or system, and take responsibility to ensure that it is in fact secure. Steal a page from Uniguest’s book and take the opportunity to hire the right resources, learn from the misfortunes of others, think outside the box to partner with outside experts, and strive to build the best and most secure systems in your space.