Ready for the launch

A look behind the scenes of global game hosting - part two.

Publish date: July 29, 2019

i3D.net is one of the leading game hosting providers in the world. But how does i3D.net implement the hosting of a new game, install and maintain new servers and keep them secure? With a series of interviews, we will introduce you to this process and the team members that make it happen. This is part two of the series - read part one here.

As a leading game hosting provider we are responsible for protecting the data of game publishers and their players' data. The definition of information security is broad, but in essence it means the protection of data from unauthorized access, use, change, disclosure, and destruction. For this interview we sat down with Michiel van der Donck, Security Officer at i3D.net to talk about his role within i3D.net. 


Security Officer… what does that entail?
MvdD: As Security Officer my main objective is to safeguard our assets and those of our customers. I put effort in safeguarding the Confidentiality, Integrity and Availability of the customers' data. These three aspects are called the CIA triad which form the basis for information security. I am responsible for constantly managing the process of information security within i3D.net and keeping our standards high.

I put effort in safeguarding the Confidentiality, Integrity and Availability of our customers' data.

What can you tell me about the data we are protecting for our customers.
MvdD: Nothing. 

Sorry? That is not the answer I was looking for.
MvdD: Well actually, it is! We privately own our infrastructure, so we have full control over all the data that goes through our servers and network. We monitor the dataflow and protect the servers but we never look into this data. Whether customers are storing a grocery list or a complete game build, our only goal is to make sure the data is protected, handled with care and 24/7 available for our customers. 

How do we assure our customers that their data is safe with us?
MvdD: For our gaming customers it is essential we can guarantee secure processing of their data as well as their players' data. To protect our customers data, there are three important factors which have to be managed perfectly within i3D.net. 

  1. Technical: The technical security aspect of our data centers, servers and worldwide network. 
  2. Organizational: The management of information security within the organization, risk estimation, budgeting and prioritization.
  3. Employees: Making all employees aware of the risks regarding information security and the processes in place to help safeguard our customers' data. 

Of course we can say everything is managed perfectly but to put ourselves to the test and give our customers extra peace of mind about the protection of their data, we are officially ISO 27001 certified!

ISO 27001….?
MvdD: ISO 27001 is the international standard which aims to setup an Information Security Management System (ISMS). The standard is published by the independent non-governmental Organization for Standardization (ISO).

For i3D.net it is important to provide assurance about the management of information security and data processing to all its customers. Being ISO 27001 certified means the processes at i3D.net regarding information security are managed and that policies and procedures have been implemented. 

Next to that, this certificate shows that i3D.net is able to identify information security risks, apply these implications and additionally apply systemized controls to the system in order to limit any damage.
(Read more about ISO 27001 in this news item)

Being ISO 27001 certified means the processes at i3D.net regarding information security are managed and that policies and procedures have been implemented.

What are the security measures taken to protect our customers data?
MvdD: It all starts with protecting the servers. We privately own two data centers, in Rotterdam, the Netherlands and Heerlen, the Netherlands. The data center in Rotterdam is the biggest and covers 3500 square meters. The security measures taken there are amongst others;

  • Identification verification before entering the data center 
  • 24/7 security monitoring 
  • Camera Security 
  • Fingerprint scanners 
  • Lockable rack space
  • Extensive fire and cooling measures 

Worldwide we are present in a total of 33 data centers spread over 6 continents. Before we engage into a partnership with a data center, we check if all security measures are up to our standards. One of the requirements is that the data center should be ISO 27001 certified.

To make sure our servers are protected and run smoothly all over the world, we have a dedicated team of Technical Operations Engineers. They monitor our servers daily and fly to all our locations on a regular basis to check if all security measures are in check.

Worldwide we are present in 33 data centers spread over 6 continents. Before we engage into a partnership with a data center, we check if all security measurements are up to our standards.

So, then we covered the data centers. What about the worldwide network?
MvdD: Our Network Operations Center (NOC) manages and monitors our worldwide network 24/7. One of the many challenges is coping with high volume DDoS attacks, 24/7, from all over the world, which can cause high latency, outages, and unavailable game servers, a game publishers' worst nightmare! To protect our network against DDoS attacks the team implemented our own Global Low-latency Anti-DDoS solution (GLAD).

Do you notice that data security is becoming an increasingly important subject?
MvdD: Certainly, in recent years I have seen an increase in awareness about the importance of handling data with care. Almost daily there are reports in the news about data breaches and data being unavailable. The handling of personal data in particular has been in the news a lot, due to the introduction of the GDPR regulations. 

Can you tell me more about GDPR and what this means for our customers? 
MvdD: GDPR stands for General Data Protection Regulation and is the most important change in data privacy regulations in over 15 years. GDPR contains rules about how to process personal data and most importantly these rules apply to all companies processing personal data of EU citizens. 

For example, within Ubisoft, i3D.net operates as an autonomous managed hosting provider for all publishers. Because of the GDPR regulations we cannot only guarantee the confidentiality of our customer’s data, we are also bound to do so by law, meaning data of any kind is not shared or accessible for third parties. Not even for our colleagues at Ubisoft.  

Within Ubisoft i3D.net operates as an autonomous managed hosting provider for all publishers.

If you can give one tip about information security, what would it be? 
MvdD: As a company, your information security can be in good order and you can apply strict policies and procedures. But also pay attention to the companies in your supply chain. Do they take as much care as you with regards to information security and are they handling your data correctly. A weak link within your supply chain can be a risk for your own company!


About Michiel van der Donck
Michiel graduated at The Hague University of Applied Sciences and has a Bachelor of Science in Information Security Management. He started his career at Smartdc, i3D.net’s privately owned datacenter in Rotterdam and Heerlen, The Netherlands as Security Officer. Since February 2018 Michiel is Security Officer at i3D.net as well as Smartdc. Within i3D.net and Smartdc Michiel is the general point of contact for staff and customers in the field of security, privacy, and compliance. 
 

To stay up to date, follow i3D.net on our social channels: LinkedIn, InstagramTwitter and Facebook