igamingnext photo
Continent 8 Technologies is an award-winning infrastructure provider that has become the go-to partner of choice for operators and suppliers making a move in regulated US states.

It now provides its services to more than 85% of operators on the EGR US Power Rankings for 2023. The company has taken a bold first-to-market approach in the US and offers its solutions and services in 30 states and counting.

We sat down with David Brace at Continent 8 to learn more about the infrastructure challenges organisations are facing and how businesses can ensure they are resilient to the rising threat level posed by a significant increase in cyber attacks in recent months.

David will be attending NEXT Summit New York 2024, and will be participating in a panel titled ‘iGaming is booming – A sure catnip for cybercriminals!’.

NEXT.io: Regulation continues to be a hot topic in the North American market, but what conversations are being had from an infrastructure perspective?

DB: States looking to legalise and regulate online sports betting and casino for the first time have a lot to consider when it comes to their frameworks, but infrastructure should always be seen as a key pillar.

It provides the foundation on which operators and suppliers build their businesses and deliver their experiences and solutions while ensuring their systems, networks and data are protected to the highest standards.

Each state takes a different approach – some are stringent in their infrastructure requirements; others are a little more relaxed.

A lot of the conversations we have are about where data centres should be located (in state or outside of state) and the cybersecurity provisions that companies should have in place to protect against the rise in attacks we are seeing across the industry.

This is more important than ever before, and it is positive to see some states take a proactive approach to cybersecurity – but there is more other regulators can do to better protect players in-state.

NEXT.io: How do requirements differ from state to state and what impact does this have on operators and suppliers when launching into new markets?

DB: It means that organisations can’t have an infrastructure blueprint which they roll out across all US states, and this can add complexity and increase costs.

The most prevalent requirement is for data centres to be located within state borders but even then, there are differences from market to market.

Take Ohio, for example, operators and suppliers are free to partner with a cloud provider of their choosing, so long as that provider is located in the state.

In Arizona, however, all service providers must secure a licence from the regulator, and this limits the number of cloud providers available.

This is why we have taken an aggressive first-to-market approach, obtaining the required licenses in states, so that we can support our customers in all regulated US states from day one.

NEXT.io: What role are you playing in terms of helping regulators establish frameworks when it comes to infrastructure?

DB: We have more than 25 years of experience in providing infrastructure in highly regulated markets and we are always willing to share this experience with state gaming regulators and policymakers.

We have a unique understanding of how regulation impacts infrastructure and vice versa, and ultimately the requirements that work best for all stakeholders.

Again, this is why we have taken a first-to-market approach to the US so that we can work with regulators on their frameworks and ensure that our solutions are fully compliant from day one.

This in turn allows our customers to be ready as soon as the market goes live.

NEXT.io: A major part of infrastructure is security. What does the current landscape look like and where are the greatest threats coming from?

DB: The global online gambling industry is one of the most attacked and in recent months the number of attacks being launched against suppliers and operators has been on the rise.

The sophistication of these attacks is unprecedented, too. This means that businesses are now operating against a landscape of when a cyber attack will happen and not if.

DDoS attacks are especially prevalent, but we are also seeing an increase in the number of phishing attacks and credential stuffing.

Then there is human error, one of the greatest risks an organisation faces when it comes to cybersecurity. According to a Google survey, 65% of people admit to reusing old passwords while 52% use the same passwords for multiple accounts, applications and log-ins.

In the same survey, 34% of respondents admitted to sharing their passwords with co-workers.

As you can see, operators and suppliers are fighting fires on many fronts and that’s why they must take a multi-layered approach to cybersecurity.

This ensures they have more than one level of protection in place for each threat they face.

NEXT.io: What can operators and suppliers do to mitigate these threats and ensure resilience?

DB: By taking a multi-layered approach to cybersecurity and ensuring that there are effective cyber policies and processes in place. This needs to be combined with regular staff training, too.

Ultimately, buy-in is required from the board down as every single member of the organisation has a part to play.

So, what does a multi-layered approach entail? It means putting in place solutions for DDoS, WAAP, SIEM/SOC and EDR/MDR, underpinned by the policies and training just mentioned.

We have a dedicated division, C8 Secure, that has been helping organisations protect their systems, networks and data for many years, combining cutting-edge solutions and a team of specialists to ensure operators and suppliers are fully prepared to take the fight to the cyber criminals looking to bring down their businesses.  

NEXT.io: Is cybersecurity a regulatory requirement in most states? In those that it is, what additional steps must operators and suppliers take?

DB: Requirements differ from state to state, but cybersecurity infrastructure is required in the vast majority of regulated markets in the US and indeed the wider world.

One of the most stringent US states is Pennsylvania where the Gaming Control Board requires all operators and suppliers to undertake and submit for approval a full audit of their cybersecurity provisions. 

This is a significant task and something that Continent 8 alongside our cybersecurity division, C8 Secure, has been supporting our customers in doing. We have even had suppliers such as ODDSworks come to us specifically for audit support.

Not all states require this, but organisations looking to ensure resilience at all times should regularly audit their cybersecurity set-up to ensure that it is effective at protecting the business from the threats it faces.

Visit the Continent 8 Technologies team at Stand 7 during NEXT Summit New York, where the company will be showcasing its multi-layered cybersecurity solutions. The infrastructure provider will also be making an exciting announcement at the event, unveiling a brand new compliance product tailored to the regulated US sports betting and iGaming market.


David is the principal of innovation & technology at Continent 8 Technologies, the leading global service provider specialising in high availability, real-time transactional services for regulated markets.

He is a technologist at heart with a deep understanding of the cloud and security landscape; he is focused on helping customers to shape engineering, platform, and security priorities for their jurisdiction expansions. David has been in the technology space for 25 years, working as an architect in several different fields including insurance, private banking, healthcare and law enforcement.

Similar posts