POSTINGS FROM THE TEAMRead the latest postings from our Uniguest team
When you run your business day in and day out, it can be difficult to see small imperfections in your operation. One of the critical areas that can go unchecked at times is the maintenance of your company’s security posture. The evaluation of your company’s security posture could be conducted internally, but if performed by a third-party vendor, the risks and vulnerabilities that may exist can be identified from a more objective point of view and potentially addressed faster and more appropriately.
Why Perform Third Party Security Evaluation
If you have designed your systems and networks, it can be challenging to be truly objective when reviewing your designs and implementations for gaps and weaknesses. Cyber security may also be an additional duty for folks at your company rather than a core competency staffed with cyber security experts. Companies that perform third-party security evaluations are typically manned with cyber security experts who have research departments identifying new cyber security weaknesses who perform security testing on many different organizations given them perspective and insight on best practices. To get a full view of weaknesses and effectiveness of controls requires nuanced insight from seeing previously what works and does not work. This is what they do all day, every day. They will also have no subconscious bias as to the pros and cons of previous decisions made by the company.
Security evaluations should evaluate the people, processes, technology, data, and vendors that build out a company’s security posture. They should ensure your corporate systems are safe from outside intrusion and your guest-facing technology is properly secured. Each of these areas requires an investment of time and focus to thoroughly understanding when challenged can it stand up to the latest hacking techniques.
Internal security testing and validations should continue based on a comprehensive security policy and program. However, these also benefit from a third party security evaluation to validate the internal controls are working and are regularly updated to meet the needs of the business and the security level of the systems.
References should be verified for any third party security testing company to ensure they have the necessary skill set, depth, and breadth to properly vet a security program. Given the pace of technology change in today’s age with cloud computer, mobile computing, middleware integrations, and more, not to mention the lightning speed of malware development and hacking techniques, testing companies must show that they are keeping pace with today’s technology and today’s challenges.
How Often Should You Test and What Should be Tested
Initial testing of a network or system should be performed prior to release into production. This results in a strong baseline to work against. Then frequent testing should occur either annually or during any type of major change, whichever is more frequent. This ensures changes do not negatively impact the environment and also ensures regular testing for new types of hacking techniques and zero-day vulnerabilities.
As mentioned above, testing should cover the full security program including people, process, technology, data, and vendors. People in security roles (physical or digital) must be competent performing security duties. This is as broad as background checks and physical access limitation to database security and effective logging. There are so many potential attack vectors available to nefarious actors who want to negatively impact a company. Processes must be executed consistently and in line with policy so changes do not introduce new security gaps or vulnerabilities. Technology and data must be secured at the level of the sensitivity of the data. Lastly, vendors who play a role in a company’s technology portfolio must be held to the same standards of the rest of the company security program.
After testing is completed, gaps must be either remediated, accepted (if the fix action is larger than the potential impact), or offloaded through insurance or other means. Critical gaps must be corrected before a system is allowed to be released into production, and if already in production, must be corrected with urgency. Follow-on testing should then validate the vulnerabilities were sufficiently remediated.
When your company has performed a third party security test and has corrected (and validated) the remediations identified, the overall security posture of the company will be greatly advanced. Creating a safe environment for your customers to enjoy is always the top priority – physically or virtually. The third-party security evaluations are done as a way of keeping the company accountable, correcting mistakes or new challenges, and having proof that you are being a good steward of cyber security.
Jason Meister, Senior Manager, Information Technology & Security
NASHVILLE, Tenn., July 17, 2019 /PRNewswire/ — Uniguest, a leading global technology and managed services provider, announces the addition of Kevin Reiners as the vice president of operations. Reiners is a high energy, fiscally conscious, and goal-driven business executive that approaches each new business challenge with an intrinsic skill for innovation and is highly focused on partnering with clients for successful deployments and ongoing support. With more than 20 years of experience, Reiners knows how to leverage technology to drive results for leading organizations in hospitality and healthcare industries – including CIO-level experience with Gaylord Entertainment and Marriott International / Gaylord Hotels.
During the Marriott acquisition of Gaylord Hotels, Reiners served as a key executive technology leader, ensuring seamless implementation and successful migration on all guest-facing operations that led to zero guest-facing impact. As the Gaylord Hotels technology leader within Marriott Americas, Reiners successfully drove new and increased revenue through new technology offerings, guest engagement, and superior customer service.
“Originally a customer of Uniguest at Gaylord Entertainment and Marriott International, I was very familiar with the product lines offered by Uniguest, or so I thought,” Reiners said. “After leaving Marriott, I was hired as a consultant to evaluate the operations and technology offerings at Uniguest and quickly realized that Uniguest is much more than I remembered – from the top down it is an expanding company with new innovative technology offerings. I was excited with the direction and the opportunity, not to mention the daily innovation that was happening across the product portfolio and how Uniguest views customer service. With an NPS score north of +75, I knew this was the right home for me. Uniguest is the partner I was looking for as a hospitality executive and they understand how to drive guest engagement.”
Uniguest manages and supports more than 35,000 public-facing devices and 100,000 digital signs across 100 countries, serving the hospitality, community living, retail business, education, and corporate industries. Its innovative suite of fully managed and supported solutions includes interactive kiosks, digital signage, fitness technology, meeting space technology, purposed tablets, business centers, mobile printing, and personalized printing. Uniguest is based in Nashville with offices in Reading, U.K.; Oakmont, Pa.; and Portsmouth, N.H.