Why casinos need to revisit data encryption
For every payout in which a slot machine empties tens of thousands of dollars or for every high roller who wins a seven-figure amount of money playing blackjack or craps, the statistics still overwhelmingly favor casinos. In return, gaming properties proffer glitz, complimentary meals and drinks, and near-constant (by staff) issuance of formalities toward customers. All of it is part of the atmosphere, with a casino for every type of gambler and table for every gambling sophisticate.
The showmanship aside, casinos are latter-day financial institutions; they hold, transfer and transmit billions of dollars. The irony, however, is that there is a massive chasm between the security casinos use to guard against cheaters and the technology they have to fight against a growing threat: hackers and cyber thieves.
This divide becomes even more stark and inexplicable when you consider the otherwise impressive professionals the gaming industry attracts—men and women with extensive training in various quantitative specialties, physicists, mathematicians and economists among them—who do a very good job at transforming this business into a calculable science.
Their efforts to lure and retain visitors, ranging from caravans of day-trippers en route to Atlantic City to so-called “whales” who receive five-star service, is a specialty unto itself.
As for the physical safeguards to discreetly police this financial amusement park, the house protects its investment in many ways. Of greater concern is how the house does not protect its exponentially more valuable investment of money, digitized and warehoused below the surface in a self-contained server farm or some other seemingly state-of-the-art facility with its own respective points of distraction. (Disguised by the false veneer of “security,” thanks to assorted flashing lights and miles of interwoven, multicolored cables.)
In this environment, casinos continue to rely on a frayed form of encryption, which is neither unbreakable nor capable of repelling sustained attacks by very enterprising thieves. I write these words from experience, where in my role as founder of Impervio E-IRM System (Enhanced Information Rights Management), I work with casinos to guard against these threats.
Therefore some context is necessary in regards to what encryption is and is not.
The encryption model that governs the gaming industry, which is the same “solution” that plagues so many other businesses, is akin to a digital Maginot Line. From a distance, all the metaphorical trenches, parapets and machine gun nests, and mines and spools of barbed wire; in addition to the permanent encampment of troops in front of and behind this presumptive deterrent, a “wall of peace” running the length of a country’s entire western border; like the physical corollary described at the beginning of this piece, all this overkill (pun intended) is a distraction.
There are so many holes and patches on top of patches, on top of so many fissures and spaces that, what passes for encryption today is, to be frank, a joke. What should take a hacker 3,000 years to crack is, in reality, a safeguard that will just as soon collapse in less than 1,000 minutes.
In contrast, casinos can set a security precedent for themselves, which other industries can, and should, follow. This mandate would simultaneously thwart even the most ambitious hackers, while sending a message of unmistakable clarity, delivered with absolute certainty: “Try all you want, but you shall never gain access to our data.”
With the right encryption, casino owners can run their businesses as financial institutions. They can do so with the protection any such organization needs and deserves to receive.
That guarantee is an assurance, which the facts confirm, enabling me to confidently welcome you to the new era of encryption.