With all of these potential security threats, how does the gaming industry ensure gaming code, data, and sensitive information are not compromised?
Taking back control
Game development, quality assurance (QA), and the collection of customer data requires dedicated security resources. Looking for bugs is a necessary step, but not the only one. A company must make sure the moving parts work and interact together properly from a security perspective. Most security weaknesses, no matter what the operating system, are often found in the game’s architecture.
How can architectural flaws be overcome from the inside out? Most
game development companies have a security team assigned to identify the vulnerability of a game, including risk assessment. Many gaming organizations are making the move to the next level by building an internal team dedicated to penetration testing (pentest). The key to pentest success is in the approach. Knowing what skills, tools, and how often to test will ensure a clearly defined and successful process is in place.
Pentests are a form of QA that look for flaws in network architecture and design, as well as human behaviour, all in an effort to evaluate the security of a system or network. This is done by simulating an attack from outsiders (people who do not have authorized access) and insiders (people who do), and an active analysis of the game and its vulnerabilities that could result from poor or improper system configuration, including flaws found in its hardware and software.
Many organizations have a legal obligation to conduct penetration tests at least once a year, and often by an external party. Pentests conducted by a third party bring extensive knowledge of platforms and tests that your team may not know of or be capable of executing.
It’s important to get the perspective of a variety of external penetration testers. The more gaming gurus you have assigned to QA means an increased likelihood of uncovering the unexpected, and ultimately creating a safer and more secure gaming environment for your customers.
Louie Velocci is a Partner and Lesley Luk is a Senior Manager with KPMG’s Gaming Practice.