When it comes to advancements in cloud computing, hoteliers remain unsure about the benefits and the risks. We speak to Anthony Lee, partner at Fladgate LLP, to find out exactly what hoteliers need to know about this new technology.
Hotel-industry.co.uk: How is the hotel industry currently using cloud computing?
Lee: In broad terms, cloud computing means using remote computers (as opposed to local machines) to host software and store data which can then be accessed over the internet or other data network (i.e. the “cloud”).
From a front of house perspective, the hotel industry is already using cloud computing and has been doing so for some time. For example, the GDS systems (such as Galileo and Amadeus) which agents use to reserve rooms have been around for many years, and the prevalence of online room booking services and emergence of web-based reservation systems are all forms of cloud computing in this sector.
From a back office perspective, cloud computing is already making considerable inroads into the hospitality sector with the availability of web-based systems ranging from stock control and recipe management through to HR, payroll and financial management. A good example would be Fourth Hospitality’s fnb manager which, amongst other things, provides a cloud based stock control system.
Hotel-industry.co.uk: What new security risks does this technology present? Is it truly secure?
Lee: Irrespective of where IT infrastructure is located, there are security risks which need to be taken into account.
A key consideration is that a data centre which is being used for cloud based services may well be holding data relating to multiple organisations which makes it a natural target for a hack attack.
That said, any data centre worth its salt will ensure that it has in place state-of-the-art technologies and robust processes to protect itself against security threats and hack attacks.
As to whether or not any environment can ever be regarded as truly secure, this is a relative term. For example, you can never rule out the possibility of malicious code being developed which is able to penetrate a firewall. Similarly, you cannot rule out the possibility of, say, a rogue employee selling sensitive data to the highest bidder.
At the end of the day, all you can do is ensure that sensible precautions are taken.
Hotel-industry.co.uk: What are the legal pitfalls for hoteliers using cloud computing?
Lee: There are, admittedly, some risks which hoteliers need to think about in relation to cloud computing.
With privacy laws, security is of particular concern where personal data is involved. This is relevant to hoteliers as many of their customers will be people rather than business. If a hotelier transfers customer data to a cloud provider, the hotelier is responsible for ensuring, amongst other things, that the provider keeps the data safe and that it only handles the data in accordance with the hotelier’s instructions.
The consequences of customer data being lost or stolen due to inadequate security (for example, because of a well publicised hack attack) are obvious.
In addition to being satisfied that the cloud provider has a good track record, a good quality solution and that it uses secure facilities, the arrangements should be underpinned by a sensible contact.
Understanding the small print is essential. You do not want to agree to terms and conditions under which the provider offers no assurances as to the quality of the service, can change those terms and conditions and can suspend or terminate the service at will. Unfortunately, such terms and conditions are not uncommon in the cloud space.
My recommendation would be that hoteliers should select a provider which is prepared to agree to reasonable contractual terms and service levels which provide the hotelier with the assurances it needs, not least of all in relation to data security.
Hotel-industry.co.uk: Hoteliers operate in a global marketplace and transfer confidential data from one jurisdiction to another … is this problematic in your opinion?
Lee: Exporting personal data (such as customer data) is problematic if the data is to be exported to a country which does not have privacy laws in place which are as strong as in the United Kingdom and Europe. The USA is an example.
There are processes and systems which can be put in place to deal with these concerns although it should be borne in mind that if data is stored in the USA, state agencies can get hold of it without a court order under the auspices of the Patriot Act. Food for thought?
Hotel-industry.co.uk: How do you see the use of cloud computing evolving in the coming years?
Lee: Cloud services, such as Hotmail, Dropbox and Amazon’s Cloud Drive have already attracted consumers in huge numbers.
Principally because of the cost savings which can be achieved (i.e. access to significant computing power without having to buy expensive kit), it is now seen by the business world as providing a real alternative to the way in which IT has traditionally been used. The use of cloud computing by the business world is accelerating. The global cloud computing market is predicted to be worth $150 billion by 2014.
Hotel-industry.co.uk: What can hoteliers that use cloud computing do to better protect their data/business?
As mentioned above, in addition to being satisfied that the cloud provider has a good solution, a good track record and only uses facilities which cut the mustard from a security perspective, it is essential that the arrangements are underpinned by a sensible contract and meaningful service levels.
Unfortunately, many of the standard suppliers’ terms and conditions which are knocking around in the cloud computing market, are overtly supply-biased and offer the users little or no protection. Hoteliers would, therefore, be well advised to select a provider which is prepared to agree to reasonable contractual terms and robust service levels.
So long as the risks are contained, there is much to be gained from moving to the cloud. If you select the right partner, you can certainly have your cloud and eat it.