Security & Privacy – Why compromise?

Prompted by the inevitable increased interest in the protection of user data caused by the GDPR enforcement, over the last few weeks we have been sent a few “generic” system security assessment forms, where we are asked to specify the standard of WiFi encryption delivered or recommended.

That’s actually a tricky one to answer, given what the primary purpose of the service typically is. Most of our clients engage with us to deliver a guest WiFi experience – a “hotspot”. So why compromise on security and privacy?

In simple terms, we are asked to provide many untrusted devices (we have no control of what’s on the user device or even what device it is) with access to a fundamentally unsecured network (the internet), but to do so securely and with user privacy as a priority, yet with the least effort on the part of a guest!

Traditionally, this means deploying a WiFi SSID, without encryption so that any device can connect without challenge, then restricting access using an https-encrypted portal page, asking for minimal details and after validation allow unrestricted internet access for a certain period of time.

There are of course levels of security that are deployed over the wireless and wired infrastructure to help protect the end user and their data whilst it crosses the part of the network we have control over, such as client isolation and network segmentation. Beyond this, the guest must then determine their own appetite for risk, and employ their own security controls, such as using a VPN and using endpoint protection apps (anti-malware, antivirus, and such like).

So that’s how it’s been pretty much from the beginning of hotspot deployment, but what’s interesting is that we are now deploying enhancements to the above to further increase security and protect user privacy. Much like in Formula 1 where innovation and developments drip-feed down into the motor industry mass market, we see these enhancements being adopted on a broader scale.

Guest internet access requirements within the Hospitality sector are evolving, with users now expecting to be able to cast their own content onto displays within their own room or apartment, or during a conference or event within a hotel. This requirement only increases when considering longer term guests and customers within the Private Residential space.

More and more often, we are deploying solutions whereby non-technical venue managers can create secured “private” networks on the fly, allowing conference and event organisers to utilise functionality such as 802.1x to deploy and then secure networks for individuals or groups of individuals.

The guest themselves can now choose to upgrade to an in-room Personal Area Network (PAN) that creates that “Hotel Home Experience“, where they can then securely allow communications between multiple trusted devices, streaming or casting media, and interacting with IoT devices, such as SmartTVs and room control systems.

In this age of “internet everywhere”, end users may well have accepted the risk given the likelihood of a compromise, but why should we feel the need to compromise the security and privacy of guests?

Driven by a desire to protect the user and to provide solution, we don’t think there is, especially as it’s now been elevated as the principle of “privacy by design and by default”!

 

Comments are closed.