Security Innovation specializes in application security and crypto, two critical components of data protection, and the primary concern for hospitality organizations.

We’ve worked with Planet Fitness, Choice Hotels, Darden Restaurants, and others to identify how their data can be compromised, provide remediation advice, and help build internal software and information security expertise.


IT Infrastructure Attack Simulation

Hospitality organizations rely heavily on 3rd party software applications and COTS hardware, each of which can introduce data risks that are well known to hackers: exploits in known applications, insecure default settings and configurations, poorly implemented crypto, and more.

Security Innovation can help you plug holes before they are exploited by an actual attacker.  Our engineers will conduct perpetual attacks on your IT infrastructure to identify vulnerable areas that an attacker would exploit to gain access to your data or bring your system offline including:

  • High-severity software vulnerabilities
  • Weak or default passwords
  • Misconfigured web and database servers
  • Unknown Internet facing applications or integration code
  • Systems that don’t have proper authentication controls or too high of privileges
  • Insecure communication channels and poorly implemented crypto

The result is a meta threat model of your IT infrastructure that shows all the different areas of data flow, and where you are most vulnerable.  more>>

Information Security Awareness & PCI-DSS eLearning

Most hospitality breaches are the result of a lack of basic best practices for information security like resetting passwords, not clicking on unknown links (phishing), etc.  By educating your staff on how to properly handle sensitive data as a part of their everyday routine, you can significantly reduce the chances of a data breach.

We offer several cost-effective and scalable security awareness eLearning courses, including

Software Security Assessment

Using proprietary attacks and leveraging a threat model to focus on hotspots, our engineers will hunt down elusive vulnerabilities in internally built or 3rd party software – and provide remediation on how to fix or mitigate through compensating controls.  more>>

Security Code Review

Whether you are writing your own applications or integration code, or outsourcing to a partner, we can employ a combination of automated scanning and manual inspections to uncover the most critical and highest number of flaws.  more>>

PCI-DSS Training Readiness

PCI-DSS has several application security-specific requirements, including several application-layer controls. Our expertise in application security and PCI-DSS helps you  meet the requirements and improve your infrastructure to better enable long-term compliance.