News & Views

What the pokemon go launch can teach you about data risk management

by John Lane - Aug 11, 2016

pokemon-go.jpg

In case you missed it somehow, last month’s launch of Pokémon GO effectively drove the entire world crazy. Even though the planned international roll-out only made it to three countries on launch day, people in countries all around the world were cashing in on the hype regardless – so much so that Niantic Labs are still struggling with the fallout of unexpected server demand a month after release.

But it isn’t just server capacity plaguing the launch of Pokémon GO: over the past month, news sites have been bursting at the seams with stories about the app’s lax privacy policies, malware and safety threats – not only data risks, but real threats to life and limb too. Data security might not be able to stop people plunging over cliffs while chasing down Pokémon, but there’s a lot that the launch can teach you about data risk management. In this blog, we’ll look at some examples.

Overcatering on IT might seem expensive, but that’s nothing compared to undercatering.

When Niantic released Pokémon GO, they must have been expecting it to be successful – the Pokémon TV show, video games, and trading cards all developed a borderline cult following – but, evidently, they weren’t expecting everyone between the ages of 5 and 35 to all be out hunting Pokémon at the same time. Even though Niantic does use Google’s cloud infrastructure, it appears the main offender in the launch fiasco was a lack of forethought into the way this infrastructure could be scaled with increased demand.  Although there’s no official statement from Niantic, Amazon CTO Werner Vogels already Poked fun at the company on Twitter in response to their server outages. As this article points out, a well-managed cloud server solution would make it possible to scale the virtual servers according to demand, meaning no outages, a trouble-free rollout, and fewer angry Pokémails from frustrated fans. No matter the service Niantic settled on, though, the problem here is less about selecting the wrong option and more about how the company managed to underestimate the demand for their product so dramatically in spite of (presumably) millions of Dollars’ worth of testing prior to release.

For a local example, look no further than the Australian census website - since launch, the site has been plagued with ongoing outages that are being blamed on DDoS attacks delpleating website bandwidth as well as the hundreds of thousands of Australians actually trying to complete the census. Once again, the nature of the outage is relatively unimportant - the real question is how these problems managed to make it through extensive planning and testing.

Privacy Policies are important - and it’s not just those paying for your data who will have access to it.

Pokémon GO has also come under fire recently for a number of safety concerns relating to its use of location data and a lax privacy policy. Oliver Stone went as far as labelling the app as “surveillance capitalism”, and described it as a ‘new level of invasion’ that would lead towards totalitarianism in a recent interview. Not only does the app compromise its users’ security by sharing their location data, its privacy policy might also hamper data risk management – according to several articles, the default privacy settings gave the app access to your entire Google account at launch, including email and passwords - though subsequent news indicated this was an unforeseen security flaw that has since been patched out. This is potentially disastrous, to say the least – both in a personal and a professional context, considering the number of adults playing Pokémonmon GO during office hours and using their organisation’s network. This is case in point for a privacy policy being equally important whether you’re providing a children’s game or enterprise-level software.

Bad server management isn’t a threat to data risk management in itself: it’s the consequences that came back to bite Niantic in the Pokéballs.

The Pokémon servers crashing was an annoyance for fans and no doubt put a dent in Niantic’s ROI, but the real damage came as an unexpected result of bad server planning. With the whole world buying into the launch day hype and the app only being available in three countries, Pokéfans in unsupported locations started downloading bootlegged, non-App-Store versions of the app wherever they could find it. But since these files weren’t regulated like they would have been in the Google Play or App Store, many were infected with malware and spyware. Therefore, as an unexpected result, users were exposing their own data, and potentially that of their workplace and colleagues, to massive risk.

If there’s one lesson that can be learned from the Pokémon GO launch, it’s this: be over-prepared. Had Niantec over-catered rather than under-catered (by opting for a scalable, dynamic cloud solution rather than a static one, for example), there may have been some very different articles written about Pokémon GO at this point. If you’d like to stay as prepared as possible for unexpected IT events with Managed Endpoint Security, Managed Backup and Email filtering solutions, then talk to us about how our Managed Endpoint can be used to monitor your systems and utilisation, or about how our Managed Backup will protect your systems and data. Find out more here.

TAKE OUR I.T. HEALTH CHECK