By Prasanna Raghavendra – Sr. Director R&D, JFrog India
India’s gaming market is on an upsurge with 421 million online gamers (2022), expected to reach 442 million by 2023. The sector is expected to grow by 20 percent by FY25 to reach INR 231 billion. The tailwinds powering this growth are availability of cheap smartphones, internet connectivity, affordable mobile data, as well as acceptance of gaming as a means of entertainment. India has the largest fantasy sports market, with a user base of 180 million, and has produced three gaming unicorns so far: Game 24X7, Dream11 and Mobile Premier League.
With advanced technologies such as Artificial Intelligence (AI), Augmented Reality (AR) and Virtual Reality (VR) that will render more immersive and interactive gaming experiences than ever before, gaming in India is on the verge of truly exciting times.
The Gaming Landscape – Dynamic and Challenging
Always online and live service games and ever-increasing player requests for fresh, new content have created an extremely dynamic environment for gaming operators today. Most gaming companies run their game development cycles at least six months to one year ahead of time. Moreover, they are often required to ramp up their resources to cater to increasing gamer traffic or deliver bug fixes. As a result, gaming companies have a continuous development, testing and release mechanism baked into their software development lifecycle. Every new application or software update goes through a staggered, yet very methodical approach to testing, security, and quality assurance before it gets released for mass consumption.
While business dynamics require companies to trend towards shorter and faster software releases, they must have measures in place to ensure the security, traceability, and compliance of software are not compromised at any stage of development.
Maintaining the delicate balance between speed and security in game development: DevSecOps
Developers are constantly striving to gain a competitive advantage by delivering updates and bug fixes at a breakneck pace. To achieve this, many developers heavily rely on open-source software (OSS) libraries and packages to build their software – often comprising 80-90 percent of their software creations. While open-source software offers numerous benefits, it has also become a primary attack vector for threat actors seeking to exploit vulnerabilities in software supply chains.
IT and security leaders are seeking ways to have control and trust of the open-source components downloaded by developers, without slowing down software development pipelines. There is an urgent need to have an immutable single source of truth for which open-source libraries are secure for use, strengthening developers and the software supply chain from its earliest point.
What else can game developers do to integrate security throughout the software development cycle? Here are a few ways:
Automated, end-to-end Secure gaming Development: Streamlining the game development process by automating the build, testing, and deployment of game assets; making the whole process more seamless, and secure.
Breaking Silos: Bringing developers onto a single platform, where there is complete traceability and manageability of what each developer is using to build their application. This ensures that there is no time or effort lost in reinventing the wheel.
Improving Artifact Management: Artifacts – software assets that are connected to or part of a software project, such as images, executables, data models, libraries, etc. – need to be stored and shared with all the developers working on that specific project. DevOps can help improve the artifact management process, while adding in layers of security while scaling up to a multi-site, system configuration requiring collaborative efforts with large, globally distributed teams.
Ensuring the security of open source components: Security incidents such as log4Shell, Spring4Shell, etc., have taught us that what’s safe for use today may not be safe tomorrow when it comes to using public open source libraries. As such, companies need systems in place to help curate and stop the use of faulty components before they ever enter an organisation – and ensure packages comply with established, regularly updated security policies, and are validated against relevant vulnerability databases to ensure their software is secure.
Prioritising vulnerabilities that need fixing: This is one of the most important aspects for any software or app developer – to ensure that the production builds have zero vulnerabilities. With the help of DevOp-centric security solutions, developers can easily build-in vulnerability scanning and license compliance as part of their software pipelines.
With DevOps, it’s always Game On
For today’s gaming companies to deliver truly exceptional customer experiences and not fall behind the competition they need an end-to-end fully automated DevSecOps platform that touches every critical juncture of the gaming development lifecycle. With DevSecOps emerging as one of the most important and integral cogs to getting software to market faster with a beautiful, intuitive user interface and customer experience, all while remaining secure – well, that’s what we call WINNING and say, “Game On!”
