Current Gaming Security Topics (part 4, Hosting Security)

There are some great hosting company’s for online gaming. Some of them take care of everything from the engine to the payment processor to the delivery systems. They are the one stop shop for a publisher to get their game on the internet quickly and efficiently. I have yet to hear of one being hacked. That being said, most publishers are still only authenticate using a standard username and static password.

As we see the adoption of more advanced security in online games we start to forget that it’s not just our users that we need to protect. Developers generally use usernames and passwords to access their VPN’s, as do most of these hosting facilities. So it’s not that far a leap to getting our publishers to use devices to login and perform actions with the hosting providers. Some already have this option available, some are still weighing the benefits.

When I started with VASCO our major market was/is banking. In the US, banking means corporate banking, retail banking is still a little ways off. Most banks utilize application providers for their banking systems (such as Wire Transfers, or Bill Pay, or Payroll, etc.). For our US team it was a natural fit to have the application providers utilize us for their customers, the banks. We see a lot of synergies between these application providers and the online gaming hosting providers.

The major hurdles have been:

  1. Cost
  2. Interest

     
     

Cost is always a major hurdle when implementing security. Security is basically seen as, “if I implement it I will probably save money, but I’m not sure how much money”. So generally as a cost saving mechanism. Retail gaming has proven that money can be made off marketing on the devices, but generally hosted games do not have the unique market following that the big names do. The cost savings in a space that really doesn’t seem to have been hacked yet seems more like insurance than security. There are many cost models that will work here, but if we start to see problems in this part of the market, I expect that security will simply be implemented regardless of the costs.

That brings us to the second major hurdle, interest. There doesn’t appear to be many publishers asking for additional security. I think this is because of 2 things, one the publishers haven’t been hacked, and two they aren’t aware that hackers could be waiting to pounce on them. I’ve spoken to many of the hosting providers out there and I’ve heard from just about each of them that they are only asked once in a great while if they have additional security for the players. It appears that the publishers are more interested in protecting their users than protecting themselves. This is great news for the online gaming users, but a potential pitfall for the publishers.

I read a bunch of my fellow security bloggers out there and they appear to be seeing the same trends. It’s interesting to think that hackers just haven’t made the jump to these platforms yet. They apparently don’t read the same blogs I do.

As I am at E3 this week I will continue to build a list of hosting providers that are using advanced security for their publishers and/or gamers and then I’ll come back and see if I can make a quick list.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: