The gaming industry is a huge commercial market, but as Infosecurity has previously explored, it is also, by its very nature, rife with information security risks, challenges and implications.
Percona is an organization that has worked directly with gaming companies such as Big Fish Games and MathsCircle to help them secure their open source deployments. As such, the company is uniquely positioned to provide key insight into and advice about the cybersecurity landscape within the modern gaming sector.
As part of it’s Security by Sector content series, Infosecurity recently spoke to Percona’s chief experience officer Matt Yonkovit to learn more.
What pressures are gaming companies under when it comes to cybersecurity?
The biggest challenge is the risk that a breach would pose. Too many companies, in general, have been hit by incidents due to poor database security and operations, so this area needs a lot of work. There are good best practices, like data encryption and role-based access control, but they are often ignored or missed due to a lack of skills.
What security challenges are specific to the gaming sector?
The real-time element of gaming is a big issue as it puts the emphasis across a team on scaling up and down. This can make it harder for teams to address security concerns. Gaming companies are highly sensitive to performance and outage issues. Their users are passionate and vocal when they can’t access a game when and how they want to. Missing user expectations can doom the reputation of a game.
The other element here is that the gaming sector covers a huge variety of companies, from international giants through to smaller firms that address niche markets. Each of these companies will have the same problems – keeping customer data secure, available and performant – but the smaller ones may find it harder to get the right skills in place. Bringing in consulting expertise around open source databases can help those smaller firms achieve their goals.
What lessons must gaming companies learn about their cybersecurity strategies?
The number of breach stories out there today should mean that everyone is aware of the issues that exist around security. There’s no excuse for not thinking about these issues and putting plans in place to keep your infrastructure protected.
Being prepared around security is just essential these days. If you don’t have contingency plans in place, then you are at risk.
Are there any security lessons that companies in other markets can learn from the gaming industry?
I think there are two key lessons to be learned. First, gaming firms have to do a good job of balancing their services and keeping them running. Maintaining performance while keeping data secure is a good example of where security and IT teams can work together effectively.
The second is around DevOps and data management. There are a lot of DevOps teams across the industry that have been developed specifically to support the need to release games faster and provide what customers want, and this is really obvious in the gaming sector. If you don’t have the right pipeline of new content or launches taking place, then you will lose customers. However, ensuring the pipeline works while keeping it secure and well managed, that’s the bigger challenge. The gaming industry is uniquely positioned to confront and respond to this challenge. Where gaming firms get this right is a good example that other companies can learn from.