Not long ago, when Henry Harteveldt tried to book a room at a Sheraton hotel in Salt Lake City, the company's website told him that the property was full. But when Harteveldt called the hotel directly, he got a reservation immediately.
Harteveldt's experience highlights one of the key challenges for CIOs in the hotel industry: Hotels are increasingly dependent on IT but bedeviled by a mishmash of aging systems that don't work well together.
Focus On: Hotels
|Top Business Challenge:
Integrating disparate IT systems, complying with new credit card security regulations and upgrading in-room technology
Cost; franchised operations have inconsistent IT across hotels with the same brand name.
Regulations will force some security upgrades; catch-up elsewhere is ongoing.
"Hotels are still struggling with cruddy property management and central reservation systems," says Harteveldt, a travel analyst at Cambridge, Mass.-based Forrester Research Inc. CIOs, Harteveldt says, "have to manage too many disparate systems." In addition to tracking rooms, hotel systems track other points of sale, such as restaurants and catering. "The demands for technology are so great, and generally hotels don't spend more than 4% of revenue on IT," Harteveldt says.
The hospitality industry is recovering from years of sliding revenue caused by 9/11 and a sluggish economy, notes a recent report by Frost & Sullivan, a New York-based consulting firm. Hotel occupancy rates have surged, and the hospitality industry is expected to spend $4 billion on telecom services in 2005 -- spending that Frost & Sullivan predicts will grow 3% annually over the next several years.
Yet the resurgence of travel will weigh heavily on hotels' already overtaxed IT systems. Forrester, for example, estimates that the number of Americans who book travel online will increase from 30 million in 2005 to 46.4 million by 2009. So while online travel revenue will grow from $53 billion to almost $111 billion, demands on technology will grow much faster than IT investments.
The Challenge of Integration
The hotel industry in particular needs to make major investments. A single hotel, for instance, might use anywhere from 30 to 70 systems designed for other businesses, notes Douglas C. Rice, executive director of Hotel Technology Next Generation (HTNG), a nonprofit based in Chicago.
"Technologically, the hotel industry is in the mid-'80s," says Rice. And HTNG's mission is to bring the industry into the future. The organization is working to develop the industry's first open standards-based architecture guidelines.
Interoperability, Rice says, is the biggest hurdle to delivering consistent customer service. "As a guest ... it's 10 systems that ought to know about you, and the interfaces are manual," adds Rice. "The most common interface is RS232. You can't even buy PCs with those ports anymore."
Andrew Furrer, director of IT at $400-million Kimpton Hotels & Restaurants in San Francisco, echoes those concerns. "Interfaces are the biggest headache," he says. "All these systems have to talk to one another."
Kimpton is in the middle of a five-year plan to centralize its IT structure, which already includes property management, reservations and other functions. New systems for business intelligence, catering and check-in are on the way as well. "We need to integrate," Furrer says. "That's what every hotel operator is trying to do."
In many ways, the hotel technology landscape reflects the industry's complexity and fragmentation. Large corporations may own several brands, but 75% of hotel properties are franchises, which are independently operated, while the property is likely to be owned by a third party. As a result, there's little standardization even within hotels that share the same name.
"Hotels are much more complex than the airline industry, which is not a model of simplicity," adds Harteveldt. "American Airlines has to deal with one central reservation system. InterContinental Hotels Group has to deal with multiple property management systems and different central reservation systems. The hotel owner at the Holiday Inn at the airport at Tulsa is setting his or her own prices."
And if all this weren't daunting enough, hotel CIOs also have to deal with new credit card data protection regulations. The Cardholder Information Security Program (CISP) took effect in 2005, establishing different compliance deadlines depending on the volume of credit card transactions a company must process. In addition, there's the Payment Card Industry (PCI) Data Security Standard. Developed by Visa and MasterCard, the PCI regulation mandates that retailers maintain firewalls, encryption and other security measures and involves fines of up to $500,000 per incident when a noncompliant merchant's data is compromised. There's also a $100,000 fine for the failure to report information loss.
The Added Burden of Compliance
Both regulations will take a toll on hotel IT. "It will be a very expensive hit to IT budgets," says Chris Hartmann, managing director of HVS Technology Strategies, a hospitality consulting firm in Mountain Lakes, N.J. "It's not a business where people are refreshing their technology."
"The regulations put stringent standards on the security you have to maintain: physical, encryption. It's quite extensive," says Rice. "Point of sale, property management, reservation -- there's probably 10 to 20 systems in a hotel enterprise that might have credit card information, in many cases unencrypted."
Companies processing more than 20,000 transactions per year will be required to scan their networks each quarter and conduct annual compliance audits. Analysts say big companies are spending millions on compliance, but midmarket CIOs will have to find the resources wherever they can.
And as Charles Livingston, vice president of technology at Exclusive Resorts in Denver, says: "A CIO always has to take the approach that 'I'm not compliant; prove to me I am.' The difficulty is making sure all the i's are dotted and t's are crossed."
Brian Garavuso, CIO at $110-million Hilton Grand Vacations Co. in Orlando, Fla., says his organization should be compliant by the end of 2005 but that many of his colleagues need more time. "A lot of companies haven't gotten there," he says. Smaller companies must comply by 2006.
Rice thinks that many midmarket CIOs are poorly prepared for compliance. "Do hotels pay huge fines or stop accepting credit cards?" says Rice. "Hotels live on credit cards. Many CIOs don't have a clue that this is going to happen."
These CIOs may have been distracted by pressure to upgrade in-room technology, although Hartmann reiterates that the industry has lagged. "In-room technology hasn't changed much in 25 years," he says. "Few hotels have picked up on HDTV. Channel selection is limited, audio quality is lacking, broadband is sluggish, and forget about using an iPod. "The hotel room should really be leading the home," Hartmann says, "but with technology it's not."
If the industry really wants to reap the business dividends of IT, it must invest in the right technology, which means bringing both the back office and the guest room into the 21st century. There are no quick and cheap fixes, says Forrester's Harteveldt. "Making investments in technology that really matters and auditing what works are the fixes. This is clearly a business challenge."
Michael Ybarra is a contributing writer for SearchCIO-Midmarket.com. To comment on this story, email [email protected].