While Playtech is a technology company with gaming at its core, it takes no chances with its security strategy. That’s a challenge because the company has developed and acquired a number of technology platforms, all of which need to be rationalised in its security brief. And its customers – household name online gaming platforms with reputations to protect – need it to look after their best interests.
The task of keeping a lid on the company’s systems and data is head of information security Daniel Liber. Liber, who like many Israeli technologists got his start through the country’s military service programme, joined Playtech three years ago and climbed to his current role. “It’s a great school for security management positions,” he says. “You learn so much from so many talented and experienced people.”
Things have changed dramatically over the course of Liber’s career. He reminisces about the development of the internet from the dot com bubble of the early 00s to now, pondering the milestones – smartphones, the internet of things – that have marked the technological transformation in the interim.
Rise of the personal device
Personal devices, Liber thinks, have been maligned in security circles. Yes, they offer an increased attack surface and personal details are more likely to be compromised, but at the same time Joe Public’s attitude to privacy has changed. “Privacy doesn't make most of end users worry. People today give away information relatively easily. You can see it on social media. When you lost your credit cards, that used to be a big issue. Now you just cancel it and everything is okay.”
Transparency is top of Liber’s list when it comes to management. “It’s important. Everybody should feel as if they have an understanding of what’s going on from the top level down to the person doing the hands-on engineering. When there’s a shared strategy and objective to the company, everybody should feel as if they’re part of it.”
The second thing on his list is saying yes (even conditionally) and the third is sticking to facts and numbers. “There are a lot of hunches and gut feelings in security,” admits Liber, “which is okay and sometimes important. But eventually, when you need to make a decision, it should be balanced between having the full view of information and taking an educated decision.”
Hunches are okay then? “Sometimes there is a lot of focus on the characteristic technicalities of the vulnerability, rather than the context,” he says. “So it looks scientific but there is information missing. Where the vulnerability is and how it could be used and how difficult it is is information that could be used to determine the overall vulnerability impact.”
What is security transformation?
This holistic view informs what Liber calls ‘security transformation’ as an arm of digital transformation. It sits at the intersection of technological frontiers and the needs of users, customers and employees. And it is particularly important at a time of change.
“The hottest topic at the moment is working from home,” LIber says. “It is obviously about getting companies’ and users' IT needs to align in a new working model, but more than that, it is about changing attitudes.
“Teams had a limited transformation state of mind. Now they know that every couple of years they will have to ask the question: what’s next? Some were already doing that because of previous security challenges – the shift to the cloud, for instance – so to some extent we were pretty ready to have a smooth transition into working from home.”
Another pillar of Liber’s security transformation is orchestration. “There are so many technologies we need to cover, so the orchestration of tools and visibility across different technology stacks is extremely critical right now, especially for incident response and security operations teams.
“Doing proper mapping is very important, and then you have the question of how you tie these things together. You might buy several tools from the same vendor or different tools from different vendors, but you need to find a balance of managing them which supports your company’s needs. You have to balance your priorities.
“Eventually the idea is to try to narrow down this stuff as much as possible, into a single dashboard or as few places as possible – just for the sanity of your analysts – and it’s becoming harder as more and more tools are added.”
Complexity versus unification
At Playtech, the company has moved into a hybrid environment of on-premise and cloud infrastructure, and pushed to consolidate “small islands” of technology services into a more unified platform. It’s been a boon from a security perspective, particularly as the pandemic has forced more users to work from home.
The problem, as Liber sees it, is one of employees using their personal devices for work. A possible solution, he thinks, might be to “somehow containerise part of your personal computer”. This approach allows employees to use their personal devices as they wish while companies can be assured that security isn’t compromised.
Security transformation isn’t a task to be taken on single handed and Liber is particularly impressed by Playtech’s partnership with Trend Micro. Unusually, perhaps, the seed of the relationship was hyper geographic: the two firms both had small offices in the same building.
“They gave us a lot of attention,” Liber recalls. “They sat down with us during the proof of concept and we gave them some feedback and we got immediate responses. They were amazing with how they helped us to shape the implementation of their Deep Security products based on our environment and needs.
“Having a good relationship with the vendor is important for several reasons, firstly that when you implement a product or service you will bump into some kind of issue or question, and the feeling of getting good service or customer support is always nicer than when it doesn’t happen. But it’s also about being able to look forward to the upcoming years in terms of security transformation. Sharing the road map early allows you to predict and better plan your work.
“I also think it’s important to keep it light, which might sound silly but negotiations and discussions can be quite dry, so sometimes the personal touch can really help the procurement and commercial processes.”