And the Walls of Marriott Crumble Like Jericho

Network Virtualization

If you can remember the dim and distant past of late 2014, I wrote about Marriott’s blocking of personal MiFis, positing that its reasons for doing so did not really hold water. Now, fast-forward to January 14, and it seems my rant was more powerful than I thought:

Marriott International Will Not Block Wi-Fi Devices

January 14, 2015 – Marriott International listens to its customers, and we will not block guests from using their personal Wi-Fi devices at any of our managed hotels. Marriott remains committed to protecting the security of Wi-Fi access in meeting and conference areas at our hotels. We will continue to look to the FCC to clarify appropriate security measures network operators can take to protect customer data, and will continue to work with the industry and others to find appropriate market solutions that do not involve the blocking of Wi-Fi devices.

It must be noted, however, that Marriott has not completely thrown in the towel on this matter, as it will still “continue to look to the FCC to clarify appropriate security measures network operators can take to protect customer data.”

So, Marriott: Close, but no cigar. I find myself torn on this issue. I can understand Marriott’s position regarding overlapping Wi-Fi channels that block paying customers’ service, but the fact remains that one of the reasons people use their own MiFis when they travel is because of the punitive cost of hotel Internet access. Currently, Marriott charges an average of $19 per night for in-room access. This comes to just under $80 for a normal Monday through Friday business stay at a hotel, and for substandard connection speeds at that. For the same cost per month, a person could get a pretty decent 4G plan.

Marriott and the other major hotel chains would be better off lowering connectivity cost and increasing capacity and security. This alone would reduce “unauthorized” use of wireless devices in their hotels.

Hotel wireless is also seen as an unsafe and public network, much like a coffee shop. It is considered a risky place to work, which is another reason people use 4G and MiFi devices. If hotel security would improve, and that fact were properly advertised, then perhaps the extra cost would be acceptable; however, without this, why pay more for less functionality than we get through our existing cell phone and other technologies?

Whether using MiFis, cellular, or hotel wireless (wired), we as travelers must apply our own security, as the hotels will not. Here are some security steps we all can take when traveling until the hotels improve:

  • Do not log in directly to any website unless you are sure of your encryption. You want to verify any SSL certificate you use. When I travel, for instance, I use the hotel wireless via a VPN to a well-known location in my own data center, and from there I access secure sites. This is the outside-in approach to using virtual desktops.
  • Pre-share any certificates you will be using for your VPN and other critical sites.
  • Have situational awareness: in other words, know who is around you when you do type in passwords.
  • Use multiple factors of authentication when logging in to critical sites.

Any of these will improve overall security when you use hotel wireless and the like. If you do not know what one of these is or how to implement it, please ask your security team. They will know and are willing to share this information.

Even so, Marriott and the other hotel chains should lower costs as well as increase capacity and security so that the average consumer feels safe. Then, there would be a lot less need to use MiFis.

Posted in SDDC & Hybrid Cloud, SecurityTagged , ,