Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

Top 5 Compliance Challenges for Hospitality - #5: No Network Segmentation

In this series, we'll address the top security and compliance challenges faced by hotel brands and properties.

A group of hospitality associations recently identified three key technology issues  that have a direct strategic impact on the hospitality industry. The number one technology issue facing brand and property owners today is compliance with the Payment Card Industry Data Security Standards (PCI DSS).

In light of this, and based on Trustwave's extensive research, hosptiality businesses such as hotels and restaurants face several common challenges when it comes to PCI compliance.

Counting down, challenge #5 is the lack of network segmentation  among individual operators' networks.

Computing and data networks are often flat between corporate and individual operations often with minimal safeguards in between, having grown organically or through acquisition over time. This situation enables an intruder to easily "jump" between specific locations and allows them to more easily move around the network searching for credit card and other sensitive data to exfiltrate.

Think of this like your neighborhood - are there fences between your property and your neighbors'? Or can you easily walk across the yard of everyone in the community? While it might be nice to share a backyard with Bob, you wouldn't want to make it easy for just anyone to walk across your IT "backyard."

What Can Hotels, Restuarants and Other Hospitality Businesses Do?
Businesses in the hospitality industry  should assess their environment. Determine how networks are configured and what system assets and data fall under the PCI risk profile.

By segmenting some network assets and decommissioning old systems, PCI scope may be reduced - which will help reduce both the complexity of PCI and the time it takes to comply. This should be done internally or through engagement with an expert third party.

Hotel and restaurant operators need to build security and compliance into their regular business processes. Not doing so could lead to a security breach that negatively impacts the brand and customer trust, as well as leads to fines and incident clean-up costs.