The Internet can be a scary place or so I was told repeatedly during my PC gaming days. It was often difficult to explain to people the draw of an online community or the satisfaction of tackling a challenge with like-minded gamers. The people on the other end of maze of Ethernet cables weren’t real, right? I don’t run into this issue much anymore because the online world has collided with the real world in such a way that it is nearly impossible to separate the two.
When I played UT/Q3A/CS, a person was just an alias attached to a character model, dashing around terrain textures stretched over 3D rendered polygons. I only had to divulge as much information about myself as I wanted. It seems that the platforms that offer this level of anonymity grow fewer and fewer with every release. The gaming experience is richer when a social layer is added to the framework and transactions are easier and more convenient when a gamer can associate a payment instrument with an account, but how has this changed security?
The stakes are higher and some are even calling for a return to more simplistic aliases. Your alias is no longer the only thing that defines you. Instead it is just one attribute in a massive database that is attached to a name, phone number, credit card, address, playing habits, and favorite food. My time as a Management Information Systems student tells me that this shouldn’t be that big of a deal. The sensitive values or identifiers will be encrypted or truncated as they’re written to the database which will be behind a firewall monitored by a network security team who has been given unique sets of credentials to access sensitive resources from machines with secure corporate images. However, my time as an IT developer tells me extra development time is expensive: extra testing requires resources, and security incidents are problems for future John.
One of my co-workers pointed out that game developers do some of the most sophisticated and time-consuming software development on the planet with extremely strict and public project timelines. They build worlds, model forces that scientists have been researching since an apple fell from a tree (physics) and work tirelessly to make the whole experience breathtaking.
Security applications should be a piece of cake given these skill sets but, like other security decisions it’s a risk-reward scenario that is probably modeled like tranched mortgage-backed securities.
I haven’t completed an audit of the internal security practices of the various gaming studios. I just know that their gamers are giving them more information than ever before and expecting it to be protected. Developers should be aware of this because two things are for certain; the breaches will be expensive and televised.