How to Manage Cybersecurity Challenges in the Hospitality and Gaming Industry
Overview
Resorts, casinos, and hotels base their brand and public image on the concepts of entertainment, luxury, and escapism. The last thing a patron wants to consider is what is happening with all their data being created, used, and stored each day. All the while, that is a top concern for these companies. Falling into the wrong hands – whether a competitor’s or cyber criminal’s – data such as player gaming behavior, payment card information, loyalty reward programs, building blueprints, marketing strategies can lead to significant damages, including lost business to competitors, fines, reputational damage, and more.
The hospitality and gaming industry faces significant cybersecurity challenges due to the high volume of sensitive data they process each day. The industry is at the unique intersection of hospitality, gaming, food & beverage, real estate, conference centers, spas, sporting events, online gambling, and more, making them more vulnerable than other industries. With that broad market coverage, comes countless valuable data, leading to strict regulations, privacy laws, and oversight. However, adhering to these requirements, while minimizing friction for staff, has been a challenge as there has been a growing number of hotel data breaches over the past decade, affecting multinational corporations to single properties.
Situation & challenge
A world-class resort & casino was facing a challenge in developing a method of securely distributing business-critical documents including financial operating reports, high value customer lists, and vendor contracts. Every day, they manage large amounts of high value data in different regions globally with highly sensitive data regularly flowing between locations.
Protecting this data is top priority, while also making it easy for authorized business leaders to access this critical information with minimal effort. Ensuring workers couldn’t take screenshots, print documents, or forward the reports to others (or their personal accounts) were some driving factors in needing a more robust solution. Previous approaches to lock down data proved ineffective as once a file was shared, there was no ability to modify or recall file permissions, and functionality was limited to still allow screenshots and out-of-band forwarding. At the same time, there was little insight or visibility into where the files are going with a lack of tracking for auditing purposes.
Solution
Using Keyavi, the resort replaced their previous limited-scope technology, now allowing them to meet confidentiality requirements, while offering a simple-to-use solution for executives and business leaders. Keyavi provided a solution that enabled real time policy-based data access control in perpetuity, supported by industry-leading encryption.
By implementing Keyavi’s self-protecting data, the risk of insider threat, where workers may attempt to copy or share the files with others or their own personal accounts, is eliminated. Access is restricted solely to those authorized and within the confines of the policies (such as geolocation and time-window) set by the administrators, allowing the firm to meet requirements dictated by ITAR, EARS, and others.
For additional security and investigations, administrators are now able to leverage existing SIEM and SOAR functionality built into Keyavi-protected data and also integrate the Keyavi chain of custody forensic transactions directly into their existing SIEM/SOAR tool. Admins can view details of every access attempt, whether successful or not, and drill into the forensics of each attempt in these chain of custody logs. When the project is complete, access to the files (including any copies made) can be revoked entirely, satisfying access control and retention requirements.
The firm successfully shifted the paradigm by using Keyavi to infuse security into the data itself, allowing the data to become self-protecting and intelligent, with perpetual security, control, and visibility whenever it went. Selfprotecting data eliminated the complexity associated with legacy protection measures, while allowing for seamless usage by factory floor workers to keep productivity up. As Keyavi’s cutting-edge data protection is being introduced across the industry, gaining that competitive edge and confidence that your data – and your third-party’s – is secure will set you apart and you can focus on your own innovations, productivity, and revenue.