Shadow IT - An Interview with Timo E. Kettern
HITEC Amsterdam Perspectives
Timo E. Kettern is the IT Director at Lapithus Hotel Management and a respected professional in his field. In anticipation of HITEC Amsterdam which will take place next year in March in Amsterdam, we spoke with him about shadow IT activities, technology, and devices that fall outside the traditional IT funding.
The central question is whether shadow IT like unapproved software, apps, and devices need to be managed by the IT department of the organization, considering that many of these tools may raise serious security challenges, leaving the business exposed to all kinds of attacks. Because each business is different and shadow IT evolves, should the IT department create a particular branch to manage such tools? How can IT not stifle innovation but still exercise required security and fiscal governance in the organization?
Kettern addressed some of the issues with his response, beginning with the increase of compliance and legal requirements and what hurdles hospitality pros need to overcome to get the job done, and ending with an emphasis on balance.
"It remains a matter of fact that in the last years more and more compliance and legal requirements came into effect. As all main business processes in the hospitality industry are technology enabled, what easier than to put the required compliance standards into the IT systems and processes? So far so good, you would think.
But these controls and processes make it more time-consuming and cumbersome for an associate to get their job done. For example, in some jurisdictions, we are required to capture certain private details of the guest and store them in our PMS. The data fields in the PMS then become mandatory for input. What then happens during a busy check-in is that anything will be inserted in the date fields by the associate just to finish registration process as quickly as possible. You can't really blame them for trying to serve the arriving guest as quickly and efficiently as possible. So, on we have a regulatory requirement that is translated into an IT process that results in Data-Müll.
As another example, hotels cannot send/receive credit card data in unencrypted emails. As IT responsible people in the hotel industry, we apply all sorts of technology to make sure non-plain text credit card number can be sent or received using the corporate email. But nothing stops the creative reservations team to set-up a webmail account with any free email provider and to use that to receive credit-card information from the guest. So who is to blame here? The institutions that create these rules? The corporate IT Team for doing their best to keep the company compliant and therefore out of trouble? Or the associates in the hotel who only want to get their job done efficiently?"
"In my opinion, every organization has to find the right balance between compliance and risk of conducting the business – and, of course, that will vary greatly depended on the ownership of the hotel (group)."
Planning for HITEC Amsterdam is in full swing with guidance from an advisory council representing eight European countries. The council is chaired by Carson Booth, CHTP and vice-chaired by Derek Wood. For the latest news, follow HFTP/HITEC on HITEC Bytes, PineappleSearch, Facebook, LinkedIn, Twitter (@HFTP) and Instagram (HFTP_HITEC). For more information about HITEC Amsterdam, contact the HFTP Meetings & Special Events Department at [email protected], +1 (512) 249-5333.
