How GiG provides its partners with top-notch security
Gaming Innovation Group (GiG) Director of Information Security, Diane Abela, has come forward to speak on why information security should not be neglected, and should be represented at all levels of business operations. She has also shown how the company provides partners with the best security measures in order to ensure their safety.
In February, GiG proved its dedication to providing top-grade excellent security as it obtained the ISO 27001 certification for two of its products. The director stated that this certification was evidence of the successful approach that the company provides for information security.
“ISO 27001 is a bit different to what usual audits are in that it is not a ‘point in time’ kind of audit. Usually, most auditors come in and assess your security controls – i.e. what it is that you are doing to protect your data at that point in time. There is then a report and certification based on the results. However, ISO 27001 goes a step above and beyond in that it assesses your underlying processes and approaches to security. I would say that it exemplifies a state of mind. It takes into consideration whether you are continuously assessing your controls, not just at that point in time but also in the near future.”
Aside from these front-end products, the company also received certification (ISO 27001) for GiG Data and its main platform product. Abela further explained why this is extremely vital to the company and said:
“The reason why the framework behind the ISO 27001 standards is important and why we went for this type of certification is because a continuous reflection of your controls is fundamental. Risk is constantly being introduced in our organisation – whether it’s because you’ve changed your business processes or you’ve decided that as a gaming company you’re going to enter a new market, or even if it’s because a bad actor comes up with new malware. So, security measures that work today might not work tomorrow. That is why it’s so important that you are continuously measuring whether your controls are still mitigating your risk. ISO 27001 certifies that you are doing just that. ”
Safety is of utmost importance to GiG and its partners, no matter what business operations it concerns. Abela further mentioned that information security is a portion of GiG’s prime concerns, and that it goes through all the main processes, ranging from daily activities to training operations. In order to make sure that customers are making use of the measures, the company works with them to develop new products through the experience of many different teams.
“If we were to add a new feature to our product such as a new regulatory requirement that our clients need. It’s not just the compliance and tech teams which are involved in creating this feature. It’s also the security team.
We’re there from the start to make sure that when this feature is designed, it has security in mind from the start rather than leaving it until later. New kinds of vulnerabilities are being introduced on a daily basis. To combat this, we are constantly testing our products to make sure they are not susceptible to these kinds of threats.”
What this means is that safety and security makes up a large portion of GiG’s preaching. However, many challenges can come up to the surface once the main focus is on one specific problem that an operator is dealing with, and that usually tends to be caused by gaming firms who attempt to bring the land-based scene online.
Abela went on to say:
“The way I see it, it is part of an operator’s responsibility to also secure that player experience. It comes down to the operator to ensure that when a player is providing them with their identification data, that that data is secure.
Operators need to make sure that the player experience is secure. This entails quite a lot of work and investment to ensure that you have the controls in place to secure and monitor the player experience. GiG is a great partner for our operators because when making use of our products and services, we do a lot of this for them. We have a team monitoring for threats and attacks, so that if a security attack occurs we capture it as early as possible, to have a little impact as possible.”
She also said that security should be a part of every company’s main priority and strategy. This can greatly enhance a company’s security abilities and make sure everything is safe once they create new products.
She concluded her statement with:
“Invest in information security – don’t treat security as a tech issue. You can have the most secure tech in the world, but if your processes are not secured and your employees are not trained in security then there is no point in having that ultra-secure technology. Security needs to be present in every tier of your business.”