November 5-7, 2019: ICT & Logistics
Behind the scenes of global game hosting and security
What is the role of a Security Officer?
Michiel van der Donck: My main objective as a Security Officer is to safeguard the assets of our customers. I focus on the so-called CIA triad, which form the basis for information security. CIA stands for Confidentiality, Integrity and Availability of customers’ data. It is my responsibility to constantly manage the process of data security within Smartdc and i3D.net in order to make sure we keep our standards high.
I put effort in safeguarding the Confidentiality, Integrity and Availability of our client’s data.
What can you tell me about the data protection of customers?
Michiel van der Donck: Nothing…
Michiel van der Donck: That’s right, I can’t say anything! Both i3D.net and Smartdc are actively involved in monitoring and protecting the data of customers. Since i3D.net privately owns the network, they have full control over all the data that goes through the network and over our servers. But i3D.net will never look into the data of the customers. The main focus is on protecting all the data on the network, and to make sure the data is protected, handled with care and always available for the customers. The same goes for Smartdc, we will never look into the data that is on the servers.
At Smartdc we have all different kinds of customers in the data center, so we are responsible for protecting a wide variety of different content; ranging from triple A videogames to the vacation photos an employee has on his company laptop.
How can we guarantee our customers that their data is safe within Smartdc?
Michiel van der Donck: We have to assure all our customers that we protect their data. In order to make sure we can safeguard the data on our servers, we take a variety of security measures. These are the three major elements we keep in mind:
First of all, we have the technical security aspect we have to keep in mind. This entails the physical protection of our data centers. By means of our physical security design, we ensure that we only limit authorized access to the colocation space. For this we have applied several security layers, each of which is provided with both organizational and electronic security measures. This entails for example the automated security systems, entrance security and camera security.
Second, there is the organizational aspect. This aspect focuses on protocols about protecting data, and how this knowledge is implemented within the organization. Security of the stored and processed information within Smartdc has a leading role within its overall operational management. To show that we safeguard policies and procedures regarding the information security processes of Smartdc, we are ISO 27001 and NEN 7510 certified.
And the third aspect; employees. They have to be aware of the protocols, and how to deal with data protection.
Michiel van der Donck: ISO 27001 is the international standard for setting up an Information Security Management Systems (ISMS). This standard is published by the independent non-governmental Organization for Standardization (ISO). Being ISO 27001 certified means the processes at Smartdc regarding information security are managed and that policies and procedures have been implemented. Most important about the ISMS is that we have included all our internal as well as external processes. All measures taken so far in order to assure a safe and trustworthy storage and processing of data, led to the ISO 27001 and NEN 7510 certification of both Smartdc data centers.
For both Smartdc as i3D.net it is important to grant affirmation about the security of data processing to all customers.
Being ISO 27001 certified means that policies and procedures implemented at i3D.net regarding information security processes are managed on the highest level.
Can you give examples of security measures that are taken to protect the data of customers in our data centers?
Michiel van der Donck: For this we have applied several security layers, each of which is provided with both organizational and electronic security measures. The first layer is the physical security layer in order to protect the servers within the data center. Smartdc has two data centers, in Heerlen and Rotterdam. The data center in Rotterdam is the biggest and covers 3500 square meters. The security measurements taken there are amongst others;
- 24/7 security monitoring
- ID check
- Electronic security systems (like camera security)
- Biometric access
- Lockable rack space
- Extensive fire and cooling measures
Read more about security within Smartdc.
We briefly talked about global game hosting. This does not only include the servers in a data center but also the network of i3D.net. So, what about the worldwide network?
Michiel van der Donck: i3D.net has a Network Operations Center (NOC) that manages and monitors the network 24/7. They face a variety of challenges, one of those challenges is coping with high volume DDoS attacks from all over the world. A DDoS attack causes high latency and unavailable game servers, this is a game publishers’ worst nightmare! To protect the network against DDoS attacks the team keeps developing new tools to protect the network. Recently, the NOC team implemented a Global Low-latency Anti-DDoS solution (GLAD).
Online privacy and the protection of personal data have recently been much discussed topics. How does this affect your job?
Michiel van der Donck: We have seen several instances on the news about companies that had to deal with data leaks. Over the past years, people became more aware about their online privacy. Especially, the processing of personal data has recently been much discussed due to the introduction of the new GDPR.
What is the GDPR and what this means for our customers?
Michiel van der Donck: GDPR stands for General Data Protection Regulation. When processing data, we comply with the requirements laid down in the GDPR.
That means, among other things, that we:
- clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
- limit our collection of personal data to only the personal data that are necessary for legitimate purposes;
- first ask for explicit consent to process personal data in cases where consent is required;
- take appropriate measures to protect personal data, including the requirements of parties who process personal data on our behalf;
- respect right to access, correct, supplement, modify, block, delete and transfer personal data on request.
About Michiel van der Donck
Michiel graduated at The Hague University of Applied Sciences and has a Bachelor of Science in Information Security Management. He started his career at Smartdc as Security Officer. Since February 2018, Michiel is Security Officer at i3D.net as well as Smartdc. Within i3D.net and Smartdc Michiel is the general point of contact for staff and customers in the field of security, privacy, and compliance.