Hospitality Cybersecurity

Enabling Hospitality Cybersecurity Without Impacting Quality of Guest Experience

The hospitality industry comprises a significant portion of global GDP, making it a prime target for attackers. It thus is no surprise that hospitality organizations face unique challenges in the protection of their networks and sensitive data. As organizations increasingly deploy internet-connected devices and services to improve guest experiences, the complexity of protecting the network against cyber threats grows. Loss or degradation of service on the company website, guest wireless network, or other services could result in poor reviews or lost bookings.

Hospitality organizations are also required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Unlike retail providers, who require access to payment card data for only a moment to verify a sale, hospitality organizations must store and protect guests’ information from the time a reservation is made through the end of their visit, which can be weeks or months.

Protecting the Hospitality Industry and Its Guests with the Fortinet Security Fabric

Protecting the Hospitality Industry and Its Guests with the Fortinet Security Fabric

现在读
Hospitality Requires a New Security Approach for Secure, Engaging Guest Experiences

Hospitality Requires a New Security Approach for Secure, Engaging Guest Experiences

现在读
Strategies for Hospitality Organizations that Enable Them to Stay Ahead by Transforming Security

Strategies for Hospitality Organizations that Enable Them to Stay Ahead by Transforming Security

下载

   

Hospitality Overview

See how the Fortinet Security Fabric protects hotels and hotel chains with a comprehensive set of network security technologies that work in concert to enable digital transformation.

立即观看

Key Hospitality Cybersecurity Challenges

web icon vertical reduce costs

Cost Reduction

Hospitality organizations must balance finite security budgets and thin profit margins against risk tolerance. Optimizing IT and cybersecurity costs is necessary to secure the enterprise with limited cybersecurity staff.

web icon vertical visibility

Visibility

Security teams often must deploy isolated point products to plug security holes created by multi-cloud environments and innovations such as check-in kiosks, virtual concierge services, and social Wi-Fi. The resulting security silos impair visibility—and increase risk.

web icon vertical intelligent

Operational Efficiency

Lack of integration between the different security elements and architectural fragmentation also increase operational inefficiencies. Without integration, many security workflows must be managed manually. In addition to delaying threat detection, prevention, and response, architectural silos create redundancies and increased operating expense (OpEx) costs.

web icon vertical customer experience

Customer Experience

Virtual concierge services, social Wi-Fi, on-demand TV services, and add-on services differentiate hotels but also expand the attack surface. Customers’ impressions of the property diminish when a particular service is down due to a security event or when network performance is degraded.

web icon vertical compliance

Compliance Reporting

Hotels often retain their customers’ payment card information for a much longer period than retailers, as hotel rooms are often booked months in advance and charged at the end of the stay. Organizations must be able to demonstrate compliance with PCI DSS, the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other data privacy mandates with regard to the data they store.

Achieving centralized and visibility and control of security operations throughout the headquarters network.

Learn More
Meeting the individual security needs of different hospitality locations with zero-touch provisioning to allow configuration and control without on-site IT personnel.

Learn More
Providing fast, reliable wireless internet access to guests, including integrated threat protection and business insights derived from presence analytics.

Learn More
Delivering reliable and high-speed networking to branch locations while ensuring end-to-end security from the Internet to the switching infrastructure.

Learn More
Leveraging real-time threat intelligence, centralized visibility, and automated threat detection and response to secure the enterprise network.

Learn More
Consolidating and centralizing visibility, configuration, and control of multi-cloud environments to provide dynamic cloud security to hospitality organizations.

Learn More
Hostpitality Diagram HQ Location WiFi Networking ATP Multi-Cloud
Click on a specific section of the diagram to get more details

Fortinet Differentiators for Hospitality Industry Cybersecurity

web icon vertical high performance

High Performance

FortiGate next-generation firewalls (NGFWs) offer the industry’s lowest latency. The world’s first software-defined wide-area networking (SD-WAN) ASIC enables FortiGate firewalls to provide high-performance security at the WAN edge and throughout the network. Advanced features, such as inspection of secure sockets layer (SSL)/transport layer security (TLS)-encrypted traffic, have minimal impact on network performance in speed or throughput.

web icon vertical visibility

Flexible Integration

The Fortinet Security Fabric provides built-in connectors for a large list of third-party security solutions and supports other devices via an open application programming interface (API) ecosystem. This allows Fortinet to provide an end-to-end integrated security architecture with single-pane-of-glass visibility and configuration management. This helps hospitality organizations to integrate their Internet-of-Things (IoT) security investments across their headquarters and all of their branch locations.

web icon vertical connectivity

Secure Connectivity

Fortinet Secure SD-Branch provides high-performance and secure wired and wireless business and guest networks. FortiGate Secure SD-WAN provides reliable, high-speed connections between hospitality locations and the headquarters network with centralized visibility and control. 

segmentation

Intent-based Segmentation

Fortinet solutions provide built-in support for internal network segmentation. This protects sensitive data from unauthorized use by those already on the network. Segmentation rules can be defined in terms of business and regulatory requirements, helping hospitality organizations achieve compliance with the PCI DDS and other applicable data protection regulations.

threat intelligence

Proactive Threat Intelligence

Fortinet solutions leverage artificial intelligence (AI) and machine learning (ML) capabilities to generate signatures for new threats. These are communicated across the Fortinet Security Fabric, providing real-time protection against zero-day attacks. This information helps to protect point-of-sale (POS) terminals and internet-connected devices from the latest threats.

Headquarters Network Cybersecurity

Many of the services that contribute to a positive customer experience, including building control systems and entertainment options, are administered directly from the organization’s headquarters. This is in addition to typical back-office functions of a large organization and management of payment card and reservation information.

During the booking process, guest payment card information is stored in the hospitality organization’s reservations database. This information is retained from the time of booking until the end of the guest’s stay, which can be months in some cases. This gives cyber criminals a long window to exploit network vulnerabilities and steal sensitive information from what is often a relatively affluent customer base. The threat to hospitality providers is not limited to data theft, however. Ransomware and distributed denial-of-service (DDoS) attacks can cause downtime for hospitality applications, resulting in missed bookings and poor reviews.

Digital innovation drives many hospitality organizations to extend their networks from the corporate data center across multiple public and private clouds. To protect the growing multi-cloud network, they need a comprehensive, integrated security solution. Solutions such as FortiWeb and FortiNAC can secure the organization’s web presence and automatically identify Internet-of-Things (IoT) devices connecting to the network, while FortiAuthenticator simplifies identity management. FortiManager, FortiSIEM, and FortiAnalyzer provide centralized visibility and control to assist the NOC and SOC teams with identification and resolution of network and security events as well as built-in compliance reporting.

Fortinet solutions include several key features that ease the burden of securing networks that span multiple clouds, such as:

  • Native integration with all the major cloud providers
  • Single-pane-of-glass visibility, configuration management, and policy enforcement
  • Analytics solutions that help manage and monitor compliance, increase application availability, and save IT resources

 

FortiSandbox inspects unknown files in a safe location before they are allowed onto the network. Access Control (FortiNAC): Achieve centralized visibility and control over all devices and users in the network. FortiDeceptor deceives, expose, and eliminate attacks originating from internal and external sources before real damage occurs. The FortiWeb web application firewall (WAF), available in several form factors, protects the application layer with in-line, AI-powered threat intelligence. The Fortinet Security Fabric enables an end-to-end, integrated security architecture with seamless integration between Fortinet solutions, as well as third-party tools provided by Fortinet Fabric Partners. FortiSIEM simplifies cybersecurity management for air-gapped systems by providing visibility, correlation, automated response, and remediation in a single, scalable solution. The FortiAuthenticator identity and access management solution and FortiToken tokens grant access to users on a need-to-know basis. FortiInsight user and entity behavior analytics (UEBA) detects behavioral anomalies and noncompliant activity that may represent possible insider threats.
Hospitality Diagram FortiSandbox FortiNAC FortiDeceptor FortiWeb Security Fabric FortiSIEM FortiAuthenticator Insider
Click on a specific section of the diagram to get more details

Hospitality Location Cybersecurity

A hotel or restaurant property is the visible face of the organization to outsiders, customers, and cyber criminals alike. Because 65% of the hospitality industry’s security breaches originate with point-of-sale (POS) systems, providing a positive customer experience requires securing these devices and keeping all of the location’s systems running smoothly.

Beyond POS systems, hospitality organizations often deploy a wide range of Wi-Fi-connected devices designed to improve the quality of a guest’s stay. A Fortinet Secure SD-Branch solution can provide these devices with the strong, consistent connection necessary to ensure guest satisfaction. It also provides secure isolation of business and guest networks and unified access control to protect these Internet-of-Things (IoT) devices from attack.

The hospitality location may not be the attacker’s end goal. Some attackers may breach the location’s network and use this foothold to move laterally until they reach headquarters. FortiGate Secure SD-WAN provides hospitality organizations with a robust, integrated, and automated approach to achieving the visibility and centralized configuration and security management needed across their distributed branch network.

Fortinet solutions provide key features for securing a hospitality location network, such as:

  • Business and guest wireless networks with high availability and individualized security
  • Robust and high-speed connections to the headquarters network and cloud resources
  • Protection of payment card information between POS terminals and the headquarters network
  • Access control for IoT devices deployed on business wireless networks

 

Manage security inspection to the client. Offer secure guest wireless with website redirection, captive portal, URL filtering, and more. Detect rogue APs. Administer full security inspection down to the switch port with FortiLink technology. Manage every physical port centrally and securely. Inspect all hotel POS data to eliminate intrusions and achieve PCI compliance. Plus, full SD-WAN functionality. Access Control (FortiNAC): Achieve centralized visibility and control over all devices and users in the network. Maximize efficiency while maintaining the security with our wireless LAN solution. Plus, with FortiVoice and FortiPhone phone systems you can get easy-to-use phone and a phone system with enterprise-class features for optimal employee and customer experience.
Learn more about: FortiAP, FortiLink and FortiVoice.
With consolidated security and networking, your network and Wi-Fi access are secure, plus PCI-DSS and other compliance requirements are covered.
Learn more about: FortiGate.
Engage with customers and influence on-site purchase behaviors with FortiPresence. With FortiCameras you can see everything: doors, POS terminals, public areas--whatever you need to keep an eye on. FortiRecorder captures the images for easy monitoring, storage, and retrieval. FortiAnalyzer provides analytics-powered security and log management capabilities to inform strategy, facilitate security automation, and simplify compliance reporting.
Hospitality Diagram Wireless Switching Security FortiNAC GuestZone ComplianceZone SiteOperationsZone Analytics
Click on a specific section of the diagram to get more details

Secure Guest Wi-Fi

Quality Wi-Fi service is commonly cited as a primary feature sought by hotel guests. Whether travelers are visiting a location for business or pleasure, they often access the hotel’s guest Wi-Fi network without a second thought. While their primary interest is often the speed and reliability of their internet connection, security should also be a major concern. A compromised Wi-Fi network can allow cyber criminals to steal a wide range of valuable data, including everything from financial and credit card data to user passwords.

Public Wi-Fi networks are a common target for hackers because they are relatively easy to penetrate. Getting Wi-Fi right regarding both performance and security is no longer optional in the hospitality industry. Deploying FortiAP allows hotels to offer guests a highly reliable Wi-Fi experience with the ability to run multiple side-by-side guest and business SSIDs isolated and secured by FortiGate. FortiGate also allows full traffic inspection to protect hotel guests without sacrificing performance.

Guest Wi-Fi affords the opportunity to gain valuable insights from presence analytics, enabling organizations to build an even more robust guest experience. The deep packet inspection (DPI) performed by FortiGate provides hospitality locations with insight into their guests’ browsing. Combined with FortiPresence, this can allow the organization to offer personalized real-time offers to boost the customer experience.

FortiAP provides these key features to guest networks that offer both guest protection and management insight:

  • Centrally managed network traffic security inspection
  • Website redirection
  • Captive portal with social media integration
  • URL filtering
  • Rogue access point detection

 

FortiSwitch offers a broad portfolio of secure, simple, and scalable Ethernet switches ideal for Secure SD-Branch and applications from the desktop to data center. FortiNAC provides network visibility, enabling network administrators to see everything connected to the network, as well as the ability to control those devices and users using dynamic, automated responses. FortiAnalyzer provides analytics-powered security and log management capabilities to inform strategy, facilitate security automation, and simplify compliance reporting.
Hospitality Diagram FortiSwitch FortiNAC Analytics
Click on a specific section of the diagram to get more details

Hospitality Branch Networking

Hospitality organizations often have multiple locations, and the networking needs of those locations can vary greatly. A luxury hotel in a major city may use a wide variety of Internet-of-Things (IoT) devices to provide personalized service and improve customer experience. A budget hotel’s network presence, on the other hand, may mainly consist of the check-in computer and a guest Wi-Fi network.

Every location in the hospitality organization’s network may make frequent use of cloud-based services for operations and customer service. Since even minor delays can have a negative impact on customer satisfaction and may result in lost bookings, networking between hotel locations and the headquarters network must have minimal latency.

Software-defined wide-area networking (SD-WAN) solutions offer faster performance at a better total cost of ownership (TCO) than other options for WAN connectivity. FortiGate Secure SD-WAN provides a market-leading blend of application-based quality of service and security to hospitality networks. FortiGate Secure SD-WAN has a TCO 8x better than competitive offerings and can be deployed in under six minutes, as verified by NSS Labs, a leading third-party testing laboratory.

FortiGate Secure SD-WAN has the lowest TCO in the industry and delivers:

  • Automatic recognition and optimal routing of over 5,000 applications
  • Application database updates from FortiGuard Labs
  • Complete threat protection, including firewall, antivirus, intrusion prevention system (IPS), and application control
  • High-throughput secure sockets layer (SSL)/transport layer security (TLS) inspection with minimal performance degradation, ensuring that organizations do not sacrifice throughput for Layer 7 threat protection
  • Web filtering to enforce internet security without requiring a separate secure web gateway (SWG) device
  • Highly scalable and high-throughput overlay VPN tunnels that provide an encrypted connection for confidential traffic

 

Converge security and network access by providing integrated security to branch locations. Consolidation of branch services provides network-edge and device-edge protection.
Hospitality Diagram SD Branch
Click on a specific section of the diagram to get more details

Advanced Threat Protection

Between the large number of internet-connected devices deployed at hotel locations and their multi-cloud infrastructure, hospitality networks present a broad attack surface. This, combined with their relatively affluent client base, makes them a target for cyber criminals. As cyberattacks are increasingly automated and move at machine speed, every second counts when it comes to threat response. Fortinet provides a multilayer security solution driven by real-time threat intelligence.

FortiGuard Labs uses artificial intelligence (AI) to perform rapid threat analysis and classification, transforming raw data into actionable intelligence. The underlying AI and machine learning (ML) write signatures for newly discovered malware samples, which are then automatically distributed to other security solutions on the network via the Fortinet Security Fabric.

Zero-day threats are addressed by FortiSandbox, which analyzes potential malware in a safe, isolated environment before allowing it to reach the network. The secure sockets layer (SSL)/transport layer security (TLS) inspection functionality of the FortiGate next-generation firewall (NGFW) ensures that the 60% of malware traveling in encrypted traffic does not slip through without detection.

FortiDeceptor and FortiInsight are designed to detect potential threats that have gained access to an organization’s internal network. FortiDeceptor lures attackers into revealing themselves before they can cause damage, and FortiInsight protects against insider threats by continually monitoring users and endpoints for noncompliant, suspicious, or anomalous behavior that suggests compromise.

Advanced cyberattacks require equally advanced defenses:

  • Automated analysis of potentially unknown threats
  • Malware signature generated based on AI and ML
  • Rapid dispersal of threat intelligence between security devices
  • Multilayer defenses to detect and remediate successful intrusion

 

FortiSandbox inspects unknown files in a safe location before they are allowed onto the network. FortiMail delivers consistently top-rated protection from common and advanced threats while integrating robust data protection capabilities for on-premise and cloud-based mail solutions. FortiNAC provides network visibility, enabling network administrators to see everything connected to the network, as well as the ability to control those devices and users using dynamic, automated responses. FortiDeceptor complements an organization’s existing breach protection strategy by deceiving, exposing, and eliminating attacks originating from internal and external sources before real damage occurs. FortiIsolator accesses content and files from the web in a remote container and then renders risk-free content to users.
Hospitality Diagram FortiSandbox FortiMail FortiNAC FortiDeceptor FortiIsolator
Click on a specific section of the diagram to get more details

Dynamic Cybersecurity for Multi-cloud Environments

Hospitality organizations are increasingly turning to the cloud to meet their business needs. Private and public clouds offer organizations greater agility, faster time to market, and lower costs, so most businesses have adopted a multi-cloud strategy. As booking systems migrate to the cloud, hospitality organizations require methods for securing their cloud infrastructure in order to protect guest data from compromise.

Cloud service providers (CSPs) provide their customers with built-in security solutions, so many cloud users individually configure their security for each cloud. This results in silos that impair visibility across the network and increase the difficulty of defining and enforcing consistent security policies in all network environments. A dynamic cloud security approach enables retailers to collapse the silos between different cloud deployments as well as on-premises infrastructure. The Fortinet Security Fabric includes built-in integration with all major cloud offerings. This allows for centralized visibility and management of an organization’s entire network infrastructure, which enables comprehensive protection despite cybersecurity skills shortages.

Dynamic cloud security must also allow organizations to protect web applications as well as web application programming interfaces (APIs). The FortiWeb web application firewall (WAF) protects cloud-based critical web resources from advanced persistent threats based upon threat intelligence provided by FortiGuard labs. It also simplifies Payment Card Industry Data Security Standard (PCI DSS) compliance for DevOps teams operating in cloud environments.

Additionally, many hospitality organizations have moved to cloud-based booking and email systems. FortiMail provides a secure email gateway to protect on-premises email systems and incremental security for cloud-based email, such as an organization’s Microsoft Office 365 deployment. Using secure software-defined wide-area networks (SD-WAN), hospitality organizations can provide branch locations with rapid access to cloud resources without sacrificing security.

Fortinet solutions provide security features built for the cloud, including:

  • Native integration with major cloud providers
  • Centralized visibility and management across cloud providers
  • Virtual or Infrastructure-as-a-Service (IaaS) security solutions
  • Secure SD-WAN to provide direct, secure access to cloud resources from branch locations
  • Cloud-based web and email protection solutions
  • Access to real-time threat intelligence via the Fortinet Security Fabric

 

FortiGate VM and SaaS offerings perform inspection of traffic entering and leaving the cloud, including SSL/TLS encrypted traffic. FortiCASB manages access to valuable cloud applications and data across multi-cloud deployments. FortiWeb web application firewall secures cloud-based resources and DevOps environments by protecting against known and unknown threats, including sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, and DDoS attacks. FortiMail protects against common threats in cloud-based and on-premises email systems. FortiCWP evaluates and monitors cloud configurations, pinpoints misconfigurations, and analyzes traffic across cloud resources.
Hospitality Diagram FortiGate FortiCASB FortiWeb FortiMail FortiCWP
Click on a specific section of the diagram to get more details