The Dallas-based hotel company had multiple layers of defense to protect its online reservations system when he arrived in late 2004, including Secure Sockets Layer (SSL) encryption. But SSL can be a double-edged sword. "SSL is great for protecting consumers' information, but it can also provide cover for a malicious hacker trying to break into our system," said Ewing.

Accor operates more than 1,200 hotels in North America, including the Motel 6, Red Roof Inns, Novotel and Sofitel chains, and it depends heavily on that SSL system. More than half of Accor's reservations come through the Web.

In addition to an intrusion-prevention system, Accor has a perimeter firewall "as well as normal hardening techniques on the server," Ewing said. And although the hotel chain hadn't had any SSL-related break-ins since Ewing arrived, that did little to reassure him. "Personally, if I was a hacker and there was an IPS in place, I would think the SSL tunnel would be the perfect way to bypass it," he said.

To add a third layer of defense, Accor turned to Foster City, Calif.-based data security firm Imperva Inc. Last month, Accor began using Imperva's SecureSphere database security gateway and Web application firewall to protect its Internet front end -- as well as its back-end databases.

With the Web application firewall, Accor can now peer into SSL-encrypted traffic as it streams in, with "minimal performance cost," Ewing said.