OpenKey: Leading the Way with Secure Mobile Keyless Hotel Access – Case Study

The hospitality industry is constantly evolving to meet growing guest expectations. For industry leaders, seeking innovations and anticipating consumer trends that enhance guest experiences is an essential practice. Now, more than ever — with the coming wave of disruptive technologies — taking steps to improve guest experience is essential to business longevity.

OpenKey, a company delivering mobile key technology, aims to improve guest experience by making keyless room access both seamless and commonplace. Hotel guests no longer need physical plastic keys for room access; the mobile application enables them to receive directions to the property, inform the hotel of their pending arrival, access WiFi codes, and, more importantly, avoid the line at the front desk for efficient check-in or check-out.

Founded in 2014, OpenKey’s technology is already in use in dozens of countries across the globe and is becoming the de facto industry standard for universal mobile key in hotels. But, as with any technology, customer confidence in security is essential in the earlier stages of adoption. The 2018 Trustwave Global Security Report lists the hospitality industry as one of the top five industries subjected to network breaches each year. Due to the use of complex, often splintered systems from multiple vendors to fulfill multiple functions, a lack of system connectivity provides points of network entry for threat actors to steal data or launch other attacks. In the case of mobile key technology, compromising a guest’s identity or the application itself could also lead to an attacker gaining unauthorized access to a room — all of which make security paramount for OpenKey as it grows.

“Security is at the forefront of everything we do,” explains Chris Hickingbottom, vice president of engineering at OpenKey. “It is a fundamental part of our core process.”

Striking the balance between usability and security is critical for OpenKey. That means using an approach that users are familiar with, such as two-step verification on the frontend, while implementing security best practices behind the scenes to protect its cloud-hosted environment. It was essential to have a cybersecurity service provider that could provide the monitoring and protection needed at a reasonable growth cost projection.

Hickingbottom knew of Armor’s reputation for ensuring HIPAA and PCI compliance from previous work in the healthcare industry, and he further vetted Armor as a solution for OpenKey’s specific secure hosting needs. Backed by high-performance infrastructure, built-in security controls, and Armor’s security operations center (SOC), Armor Anywhere provides OpenKey top-level protection for its most sensitive data.

“We are getting 24-hour surveillance of our servers and benefitting from the knowledge Armor has about attacker tactics,” says Hickingbottom. “Armor does an excellent job of monitoring and responding to threats, and they have a dashboard where I can see all the necessary details myself.

Prior to Armor, OpenKey used a public cloud provider but as OpenKey continued to grow, the provider’s load-based pricing was not economically feasible.

“The cost of having our own team that is monitoring our application servers 24/7/365 is significantly more substantial than what Armor provides at their price point, and we have the added benefits of Armor’s zero-trust architecture, cybersecurity professionals, and an operating system hardened according to industry and proprietary best practices”, he adds.

Armor’s approach to customer service and the smoothness of the onboarding process allowed the company to stand out to OpenKey when compared with other vendors.

The speed of the onboarding process was a surprise for Hickingbottom, who, calling the process seamless, stated that “within two weeks, we moved from three years of OpenKey being with a public cloud provider, to being with Armor.” Also noting the efficiency was a direct result of capabilities within the Armor interface that negated the need to do more work on their application servers independently.

Looking to the future, OpenKey hopes to expand its relationship with Armor as it builds awareness of its technology throughout the hospitality industry.

“Education is a big part of what we do,” says Brian Shedd, vice president of sales and marketing at OpenKey. “When a technology is not commonplace, there is always a level of concern among consumers, and many of those fears come back to security. Our relationship will only grow wider and deeper because OpenKey will be on the frontlines of answering those questions within the hospitality industry.”