Text / Mobile Game That Little Thing Jimmy, Sam
Recently, in exchanges with game manufacturers, the topic of "data security" has appeared frequently.
One of the most typical cases is the leakage of materials and source code. I believe that many teams have also paid tuition fees on similar security issues. For example, executives of some manufacturers mentioned in the exchange that in 21 years, they actually found the private server of their own game on the market, not only did they have no warning beforehand, but they could not determine which link was wrong afterwards.
So on this topic, we met with three vendors to talk about their views on data security, and also wanted to hear the "behind the story". Interestingly, although these three manufacturers have their own tendencies for the needs of "data security": the halberd that pays attention to the security input-output ratio, the vertical game that regards copyright as a factor of life and death, and the super cautious game giants happy and interactive entertainment, they all mention the same set of security solutions.
One of the manufacturers bluntly said that in an internal security exercise, "hackers" had successfully compromised hardware devices, and finally this plan "guarded the last line of defense"...
01
They all became "crab eaters"
The security issues facing the gaming industry are far more complex than you think.
Happy Interactive Entertainment, which has developed many popular games such as "Dragon Valley", "Arcade Three Kingdoms", "RO Ragnarok" and so on, has always attached great importance to the construction of "information security", Zhao Gao, who is the director of information security, is a veteran of the security industry, has long been engaged in information security and operation and maintenance management in the fields of payment, technology, Internet, finance and other fields.
He mentioned in the exchange that although the company has always attached importance to information security, but has not yet established an effective intranet security closed loop, after a series of market research, they found that most of the security solutions on the market need to use the team to invest high costs, in addition to deployment time and hardware investment, and even may affect the working habits and processes of developers, resulting in low development efficiency.
In order to break this dilemma, they began to actively discuss and exchange "security tips" with a number of industry peers, and in the process, the team came across Datatent Technology and DACS-Gaming, and with the recommendation of their peers, they decided to give it a try.
According to Zhao Gao's recollection: "When we first chose this solution, because the number tent was still unknown in the industry, in fact, we did not have much confidence. But after the system was implemented, the effect was beyond his and his team's expectations, "After trying it out, I found that it is more compatible with most development tools, and it can ensure security without affecting development efficiency, and the cost is also reduced a lot." ”
"Not affecting development efficiency", and even "insensible" safety, is the key reason why many manufacturers look at the digital tent and are willing to give it a try. This solution is equivalent to fundamentally abandoning the dual-machine and physical isolation mode, and by building a "secure workspace" on the terminal, it prevents intranet data leakage at the software level.
Happy Interactive Entertainment is the R&D team of "Arcade Three Kingdoms"
In order to verify its security, Happy Entertainment even organized an "attack and defense drill" internally. As a result, the attacker successfully broke through layers of defenses and hacked into the main computer, but still did not bring the source code and materials out of the safe space. "It can be understood that at the level of terminal security, the security space acts as the last firewall," Zhao Gao explains.
Different from Joyful Entertainment, Euphorbia Technology initially looked for a data security protection solution with the mentality of "making up for the dead". Huang Wei, technical director of Tianji, told us that about two years ago, he accidentally discovered that his product had been opened with a "private server", and then realized that the company's data security had been flawed.
Initially, the team chose to reinforce from hardware devices and add traditional strategies such as dual-machine internal and external network isolation. But for game studios that still have revenue as the highest priority, the additional cost of hardware is also a problem. "If the cost of security is higher than the commercial value, it's putting the cart before the horse," Huang said. Finally, on the recommendation of a friend, they also contacted the team with the mentality of giving it a try.
After a period of running-in, from the feedback from employees obtained by Huang Wei, the new security solution "has no learning cost, basically covers daily use scenarios, and is not much different from the original office habits." The almost "senseless" user experience, coupled with the advantages of low operation and maintenance costs and no additional manpower maintenance, all left a deep impression on Huang Wei.
What's more interesting is that both of them mentioned in the exchange that they subsequently took the initiative to become loyal users of Shupeng and even "Amway officials": Happy Interactive Entertainment has gradually been promoted from a single project team to multiple project teams throughout the company; Tianji even proposed this security plan to the well-connected manufacturer "Amway", and the feedback given by the other party was equally positive.
02
The of a thousand miles cannot collapse in the anthill
It is worth mentioning that during the exchange process, the three vendors have successively mentioned the concept of "data assets" to us.
More specifically, elements such as code, art materials, and user data actually play the role of "means of production" in the development process. This data needs to flow fully between production links to extract its value in aiding decision-making and improving development efficiency.
In other words, vendors need to solve not only the single point problem of data asset leakage, but also the safe and efficient flow of data assets throughout the development process. The reality is that every terminal used by employees may become a source of leakage, and physical solutions such as dual-machine isolation require high costs; Overly strong security measures can also harm the employee experience and sense of belonging; Even if the interior is wrapped in an "iron bucket", there is still the possibility of leakage from a third party...
There are six major data streams involved in game development
Happy Entertainment has faced similar problems. During the epidemic, they had a large-scale product for overseas that needed to be launched in a short period of time, but working from home made traditional solutions such as physical isolation of dual machines lose the basis for implementation. How to maximize developer efficiency while ensuring security became a huge challenge for the security team at that time.
Zhao Gao said frankly that in the environment at that time, as long as the internal information could not be accurately opened and traced, "the data flow process could not be guaranteed absolute security."
In this context, DACS-Gaming actually gives a new idea, moving the offline isolation scheme to the online to establish a "safe space" for data assets. More importantly, because this solution clarifies the storage and transmission of data in producers, planning, art, programs, operation and maintenance, external flow, etc., it also allows the data security risks of the game industry to be solved at the level throughout the development process.
A concrete example is that many manufacturers with "just needs" for remote work have become beneficiaries of this solution, and DeNA's China subsidiary Longyou Network is one of them. Ji Zhaohe, director of long-term security, introduced to us that as a multinational R&D team of IP products such as "Slam Dunk" and "Sea King: Set Sail", if there is material leakage during the data transfer process, copyright issues will have a huge impact on the company's business, which is also a major pain point that has plagued them for a long time.
Although it has tried security solutions such as VDI and DLP, Zongyou still believes that "these solutions are too cost-effective for us to meet the needs well." So after many inquiries, they finally took the initiative to contact the several tent team.
In Ji Zhaohe's words, "The biggest benefit of DACS-Gaming for us is that it supports remote work while ensuring code security." Since the flow of data and materials to the outside of the "safe space" needs to be submitted for approval, if necessary, a layer of "dark watermark" can be attached to the document to quickly trace the source to the specific path and the disseminator, which makes the transmission process more transparent and kept within a safe and controllable range.
Especially under the mainstream "product-effect integration" distribution method at this stage, the distribution team often has in-depth contact with the core content of the product in the early stage of research and development. Compared with traditional solutions, DACS-Gaming has almost no interference to partners, and can achieve effective security deterrence without affecting the efficiency of information transmission.
"The most feared thing in safety work is that the of a thousand miles will collapse in the anthill", Ji Zhaohe mentioned to us, "After the entire development project team is connected to this plan, we can also help the product release smoothly with more confidence." It is not limited by time and geography, ensuring the safety of the circulation process, allowing the team to firmly hold data assets in hand... When a security solution can solve these pain points, it is not difficult to understand why this set of DACS-Gaming is regarded by many manufacturers as the "optimal solution" for data security.
03
Winning the "protracted war" under the expectation of the industry
As we interacted with the three teams, we became more and more aware that the need for "security" has gradually evolved from the "tool" level to the "awareness" level. The improvement of security awareness has made the demand for security solutions of game enterprises constantly updated and iterated, which is also an important factor for the doubling of data tents in the past year and continuous iteration.
To some extent, many game companies that use digital tent products have been at the forefront of the industry in terms of security. But just like every general-purpose solution, if it wants to evolve into a true industry-specific edition, it must be inseparable from the process of steelmaking. Ji Zhaohe, who traveled, clearly mentioned in the exchange that they have actually been looking at the evolution of several tent products in this year.
DACS-Gaming is applied to cross-organization and cross-departmental collaboration scenarios
"In the process of use, we found that DACS products are actually constantly updated, and after a period of running-in use, the maturity of this product is also increasing, and the product can indeed better meet our needs." And the technical support of the data tent is indeed more powerful, for the problems encountered in use, can respond quickly, to solve, we are currently less worried about data security, and we are confident to use DACS products more deeply. ”
From the occasional lag when it was first deployed, to the realization of basically no feeling, and quickly added new features such as point-to-point joint debugging, mobile terminal co-debugging, and dark watermarking of art assets. The landing of demand and the continuous realization of new functions have allowed manufacturers to see that although security is a "protracted battle", DACS-Gaming does provide a new security paradigm and choice for the industry.
In the past, when it came to "data security", many game development teams still felt far away, but with the development of the game industry in recent years, this problem is now on the surface. If you and your team have also paid "tuition" in data security, or have any views on the current situation and development of data security, welcome to discuss in the comment area.
PS. The first "Game Safety Construction" technical salon will be held in Shanghai on May 24, interested friends are welcome to register through the "poster QR code" or "read the original text".