• Home
  • Feature Stories
  • Gaming Profile
  • New Products
  • Facility Profile
  • E-News
  • Advertise
  • Subscribe
  • Contact Us
You are here >   Clouds in the Forecast: Can Gaming Companies ...
  
 
 
For advertising information, please contact
Richard Swayze
 
 Canadian Gaming Business Spring 2013
 

 

Finance & Investment - Archives
Clouds in the Forecast: Can Gaming Companies Brace for the Storm?
Email
Leave a comment
  
 
 
Faced with a pressing need to reduce IT operational costs, deal with legacy applications, and adapt to new business models and applications while simultaneously managing a talent shortage, Information Technology (IT) departments are facing a “perfect storm.”     

For gaming organizations, the storm is significantly more intense and additional elements should be considered including the highly regulated environment, the impact of grey market gaming providers, and the need to rapidly deliver “games” through new channels to their audiences, such as online gaming.  

This article examines some of the solutions on hand, such as virtualization, cloud computing, and continued or enhanced outsourcing models. It looks at how gaming companies can utilize these to help ensure continued operations and the efficient and effective use of technology both during and after the storm has passed.

 

 

 


Outsourcing 

A well-established practice, outsourcing involves the use of a third party to host, secure, manage, and operate elements of a company’s corporate IT needs, freeing up the organization’s resources to focus on its core business needs. It allows for enhanced access to newer technologies, specialized resources, and robust disaster recovery options. The decision on what not to outsource is unique to each entity and should be carefully considered to help ensure that the resulting benefits outweigh any potential risks. 

  • Pivotal to the success of any outsourcing arrangement is a Master Service Agreement (MSA), which should provide for:
  • Clarity and specificity in terms of the roles and responsibilities of both vendor and purchaser
  • Specific supporting schedules, including service level expectations, costs, and governance (e.g., IT security)
  • The scope of the activities to be undertaken, who is doing them, and articulation of the expected outcomes
  • Mechanisms that allow for periodic audits and for changes to be implemented should services not be consistent with expectations set

As an example of what can go wrong, imagine that your company outsources its new online poker games to an independent organization that implements a software upgrade which then results in a loss of confidential player information. In the event that your MSA does not specifically address remedies for such a loss, your organization could face significant risks well beyond what it can manage.  

Another significant weakness of IT outsourcing agreements tends to be around cost containment. Additional vigilance is required to ensure that there is no “over architecture” of infrastructure or processes that are not specifically provided for in the agreement. Additional costs could also arise if the outsourcing agreement ends and results in changes to the operational processes that your business is reliant upon.  

Virtualization

Virtualization is the use of advanced software and powerful hardware that allows organizations to make more efficient use of IT infrastructure in terms of power usage, capacity, storage, etc. For example, it enables organizations to replace several older servers with one more powerful unit that runs a “virtual” copy of the old one. End users are not aware of the change and virtualization reduces the overall total cost of ownership and maintenance effort. It can be accommodated in-house or in an outsourced environment. 

Many companies use virtualization to minimize downtime and “maintenance windows.” They are able to migrate a virtual machine to a new host system more efficiently. While there are many uses for virtualization, organizations have to examine the impact on IT security when contemplating it. Virtual servers share a common hardware platform, thus making it possible for savvy individuals to compromise the data security. When virtualized servers are managed in-house, the risk can be mitigated by ensuring that virtual machines with highly sensitive data are not co-mingled with machines hosting less secure data.    

This is a particularly salient point in regards to outsourced IT environments. Unless specifically disallowed within the MSA or contract, it is possible that the outsourcer will not only mix data security levels, they may also co-mingle client virtual systems with those of other companies. Take, for example, the outsourced online gaming engine and consider what would happen if the outsourcer put your lottery games on the same server as a competitor’s game. To safeguard your data, you need to know what controls are in place to ensure that your database of client transactions is not mixed with that of others, and that your player’s information is protected from unauthorized access or disclosure.

Cloud Computing

Cloud computing refers to the use of a connected on-demand pool of shared IT elements that includes infrastructure, software, platforms, and services. Cloud computing can be internally or externally delivered and usually also includes the use of virtualized computing. It allows organizations to meet peaks or emerging IT needs without additional capital outlays or time delays related to building the IT element in-house.    

Cloud computing allows users to buy access to IT resources for a set period of time in a cost-effective manner. Similar to the decision to outsourcing, there are several risk elements that should be considered in making the decision to purchase services in the cloud:

Loss of data control. Storage is often done without consideration of data classification or safeguards, and upon termination of service, the data destruction is often left to the provider’s discretion. 

Loss of perimeter security. To accommodate the needs of a larger client, access controls to the cloud infrastructure are not as tightly controlled. There is no ability for individual companies to configure or control access. As a result, in this environment, blocked services can be allowed.

Lack of standards. There are no defined standards on how a cloud provider will operate or safeguard infrastructure and, as such, there is no ability to understand how simple elements like user access, backups, disaster recovery, etc., are being undertaken. 

Lack of governance and accountability. Organizations are not able to implement their normal oversight and risk management framework, and there is less opportunity to assert right-to-audit clauses into this offering.  

Once these risks are properly assessed and steps undertaken to address them, significant benefits can be achieved.

In the end, it comes back to ensuring you understand your risks and mitigation strategies and are undertaking appropriate due diligence before embarking on any major change to a company’s IT resources. For gaming companies, the risk is higher and the afore mentioned solutions each merit a detailed thorough examination and a clear understanding of what can go wrong in each environment in order to help ensure your risks are mitigated.

By Louie Velocci, Vice President, KPMG Forensic Inc./Senior Manager, Advisory Services

  < Back     Copyright © Canadian Gaming Business Magazine. All rights reserved.  



 
Google
-


|   Login