On October 21, Justin Cosnett, Head of Solution Architecture for Continent 8 Technologies, was interviewed by iNTERGAMINGi editor Matt Chambers about the security, connectivity, and compliance issues affecting gaming operators across emerging markets.
INTERGAMINGi: Could you describe Continent 8’s offering?
JC: We connect, manage and secure igaming critical infrastructure for operators and software providers to meet regulatory, availability and ‘global’ reach requirements. Example solutions would be: global internet access, cloud, hosting, DDoS (Distributed Denial of Service) mitigation. Continent 8 is particularly well-known in the igaming market, but our core services have changed and adapted and matured along with our customers and their operating environments over our 20-plus year lifetime. In addition, we have expanded into other markets such as government, fintech and most recently esports.
How have your solutions evolved over the past 12 months?
I’d have to state first that evolution is significantly different in different jurisdictions or regions for igaming. In Europe for example, regulatory changes have meant we have implemented approved cloud-enabled solutions to the market. More stringent requirements have been loosened, where appropriate or suitable, and some have been able to take advantage of this for technical efficiency. Others prefer to remain consolidated in a single on-premise hub location. This leads to interaction with our customers around solution design based not only on today’s activities, but on where this evolution might go tomorrow.
In others, for example in the United States, we have grown our hosting footprint and state by state connectivity, as well as created our Atlantic City hub, to meet the differing regulatory environment of our customers. It’s been a significant and rapid acceleration in our locations and network, led by an emerging regulatory landscape, a challenge which continues as each further state launches.
Latin America is an area where we are looking to expand further. This is again due to significant activity in the region from a regulatory perspective. Continent 8 will always be a partner which tries to meet these expansionary challenges for our existing or potentially new igaming customers.
What are the major challenges right now within data security for operators?
In general, growth of newly regulated markets across the world brings complexity and sometimes specific data storage, transfer and protection requirements. Maturity of existing markets tends to lead to a strengthening of requirements. The main challenge for any operator is ‘keeping up’ from a compliance perspective, whilst also allowing teams to utilise data which can be a valuable analytical or actionable toolset.
Operators at the leading edge of data mining and analytics techniques; trying to create a superior or more efficient customer experience, are having to store, export and manipulate significant datasets between hosted, cloud and hybrid infrastructures in different countries or even continents. Simultaneously ensuring the right data is kept in the right place with the right level of encryption or anonymisation, destroying data not needed, and maintaining data which is needed for the right period of time.
Similarly, what are the issues affecting operators (in terms of reliability, connectivity, security and compliance) in relation to expanded activity within emerging markets?
Reliability and connectivity in the European regulatory jurisdictions have improved significantly from where it was a few years ago. This is in part as a result of significant investment by certain suppliers to meet the market demand, so I understand the focus on emerging markets, where this may not as yet have taken place. However, it’s worth noting that this stability can lead to development and innovation in an operator’s product which then isn’t capable in less reliable and connected markets.
Also, many operators are expanding into emerging markets from a European base or as part of a partnership between a local provider and a European one, thus having an influence even in emerging market expanded activity.
In developing or emerging markets such as Latin America and Africa, challenges faced in the past, such as latency between customer and technology, or connection reliability, is going to test operators which are more sensitive in their application design and delivery. Those operators which have faced and dealt with such challenges before, need to ensure they still meet them, whereas new entrants may need to swiftly adapt or innovate.
In the United States, the legislative interpretations of the Wire Act; has meant that some operators are targeting application access ‘in-state’ to similar ‘in-state’ infrastructure – a different challenge to the European model, where ‘out of jurisdiction’ access to different countries at the greatest speed and reliability was sought, so an almost opposite model. Therefore, whilst connectivity and service reliability are well developed, it’s a different operating environment to consider when designing infrastructure deployments.
Good compliance and security of data tend to go hand in hand, and whilst you may have a difference in regional compliance requirements, the best operators will have a holistic best practice approach within the legislative parameters. Changes in data protection regulations, particularly in Europe, clearly incentivise a business to ensure no data loss or breach. Whilst ultimately operators will ensure the security of their data from an encryption and access perspective, Continent 8 can assist in areas such as DDoS mitigation – as DDoS attacks can often be undertaken as cover for a data exfiltration attempts whilst network and security teams are distracted.
How do you see security threats evolving in future years and what strategies can be put in place by companies like yours in order to combat new threats?
At Continent 8, our security experience has been predominantly in DDoS mitigation – understandable given our customers exist in a highly targeted environment. We are therefore seeking to expand that offering to provide greater application level protection for our customers with web application firewalling (WAF) and Layer 7 network protection methods. We have seen a growth in this requirement in Asia in particular, where we may be able to bring a market focused capability.
In terms of advice and strategies, we have always recommended a reduced surface area approach to our customers. That is, using private connectivity which isn’t via public IP address space, and therefore unable to be attacked (as it isn’t exposed to the internet). We have seen and expect a growth in such deployments to offer a reduced attack surface, as well as enabling customers to monitor, manage and maintain service availability. We have ambitions to create an igaming cloud of privately connected 828 providers globally and expect to be releasing and launching products and services in the next year to enable this, potentially bringing content providers, payment providers, operators, and potentially data providers within a private network.
We have seen an increase in size, complexity and vector of DDoS attacks more generally, which will require a more customer-led or ‘tuned’ protection regime. We will have to keep up to the challenges with additional resource expertise, availability and engagement; along with the entire security industry.
No defence is or will be perfect and a focus needs to be on how companies react and deal with an issue. There is less viability in ‘off the shelf’ protections being suitable, and operators will need to ensure they have their own preparedness or ability to react and work with security vendors to maintain protection or service availability.”