Customer Story

Choice Hotels taps Veza for Securing Data in Its Evolving Multi-Cloud Environment

Industry
Hospitality
Organization Size
2,000 employees
Headquarters
Rockville, MD

Leveraging the Power of Authorization for Data Governance & Compliance

Choice Hotels International is one of the largest hotel franchisors, currently operating more than 7,000 establishments worldwide, ranging from upscale hotels to extended-stay lodges. With 570,000 rooms in some 40 countries,
the company collects massive amounts of data of both customers and franchisees, which it relies on to ensure smooth business operations and
“get heads into beds.”

Data is essential for tracking reservations and ensuring that guests end up in the right room at the right time. And the secure flow of data through payment systems, whether for guests or franchisees, is mission critical. “Data is our lifeblood. It’s the key to understanding the marketplace and our customers,” says Steven Cihak, Senior Director, Cloud Platform & Site Reliability.

Veza at Choice Hotels

With so much data and so many financial transactions traversing the globe, cybersecurity is a high priority. The company handles lots of personal information (PII) and payment data (PCI) that needs to be managed and protected, and there are data privacy rules like the General Data Protection Regulation (GDPR) that it needs to comply with for its European properties. And as a publicly traded company, Sarbanes–Oxley (SOX) compliance is another concern. “Ransomware is also a high priority, because if a hacker manages to get into an admin’s account with elevated permissions and encrypt our reservation data, our business is dead in the water,” notes Jason Simpson, VP of Engineering. Managing and securing vast data resources and complying with financial regulations and corporate governance mandates is a major challenge — one that grew exponentially as Choice Hotels moved its operations to the cloud.

Data is essential for tracking reservations and ensuring that guests end up in the right room at the right time. And the secure flow of data through payment systems, whether for guests or franchisees, is mission critical. Data is our lifeblood. It’s the key to understanding the marketplace and our customers.
Stephen Cihak | Senior Director, Cloud Platform & Site Reliability

Building a multi-cloud enterprise from the ground up

The company’s journey to the cloud began in 2016, first by migrating to AWS to rebuild its central reservation system in a microservice architecture. “We were among the first to rebuild legacy systems from the 80’s and 90’s in a cloud-native way,” says Cihak. Ever since, they’ve gone all in on cloud and now use services and tools from different providers.

Getting the right data to the right people and the right applications

The adoption of Okta helped integrate applications to a centralized user directory, authenticate users to corporate LDAP/AD, and leverage existing groups and roles. But they still had problems authorizing access to resources while reusing legacy permission models without modifying them for the cloud. Managing fine-grained access controls became quite complex. There was a lot of cleanup to do regarding specific permissions to the ever-growing number of data stores in the cloud. The company had to create new roles and policies as cloud migration progressed and they moved into a microservice architecture. “User and entitlement management now extends across multiple systems. Because we’re so spread out, it was tricky to manage and hard to know who had access to what. Veza lets us understand it in a simple way. The first time we plugged Veza in, we knew we really needed it,” says Cihak.

Key Integrations

Managing all enterprise identities
Microservices, Databases, Cloud IAM
Infrastructure

Veza: A critical tool for data governance and compliance

Upon implementing Veza’s cloud-based data security platform, security teams were able to quickly identify challenges in Choice’s environment. They found orphaned users and groups and policies that weren’t attached to any entities.
In short, lots of things to clean up. When policy violations are discovered, Veza helps accelerate remediation by automatically sending alerts to ServiceNow, thus giving Choice’s security teams a heads-up regarding what needs to be fixed.

What’s next?

“Our partnership with Veza has been fantastic. We’re very confident that not only are we going to get a lot out of the product, but we’re also going to help Veza set the direction for integrations they can add to make it easier to secure our cloud,” says Simpson. As for Choice Hotels, they’re looking to extend Veza to more teams and get to applications like SharePoint and eventually go deep into every database they have. “This is one of the most exciting tools I’ve ever seen, and I’ve been at it for 30 years. Out of the box, Veza has given us the ability to identify and fix aspects of our InfoSec environment that we didn’t have before,” concluded Harris.

This is one of the most exciting tools I’ve ever seen, and I’ve been at it for 30 years. Out of the box, Veza has given us the ability to identify and fix aspects of our InfoSec environment that we didn’t have before.
Chris Harris | Platform Engineering Manager
About Choice Hotels
Choice Hotels International (NYSE: CHH) is one of the largest and most successful lodging franchisors in the world. Choice currently franchises more than 7,000 hotels, representing nearly 570,000 rooms, in more than 40 countries and territories. Ranging from limited service to full-service hotels in the upscale, midscale, extended-stay and economy segments, Choice-branded properties provide business and leisure travelers with a range of high-quality, high-value lodging options throughout the United States and internationally. For more information on Choice Hotels, visit the company’s website: www.choicehotels.com.

Try Veza at your organization

Challenges

  • A modern cloud architecture using legacy access control models

Benefits

  • Secured and optimized fine-grained controls in AWS IAM
  • Quick detection of changes to support compliance efforts and enhanced audit readiness

Key Features

  • Authorization Graph
  • Search
  • Insights
  • Violations
  • User Access Reviews, Privileged Access Reviews

Get started with Veza 

Sign up for a free trial or schedule a demo.