Mod.io

Mod.io streamlines cybersecurity management and refocuses on new feature development with Cloudflare

Founded in 2018, mod.io provides a white-label service that enables game developers to enhance user engagement by incorporating user-generated content and mods into their PC, console, or VR games. In just a few years, the company has grown tremendously. Today, mod.io supports 160 games on their platform, which generate around one billion API requests per month.

As the customer base has grown, the mod.io team has ramped up security for their own platform and all the games they support. “The quality and quantity of games coming onboard is accelerating,” says Greg Macsok, head of cloud and IT at mod.io. “We need to make sure that not only are those games always playable and online, but also that they’re protected with good, solid cybersecurity.”

The mod.io team relies on Cloudflare for critical cybersecurity services. “We turned on Cloudflare capabilities very early on,” says Macsok. “That’s evolved over the years now to almost 20 Cloudflare products and services, from load balancing and Zero Trust capabilities to Cloudflare Workers. We’ve brought on each product to help us improve performance or security in a specific area.”

Securing access to critical resources

Though mod.io began in Australia, the company’s workforce has expanded to Europe and the United States. To help ensure all employees can access resources quickly and securely with their laptops, mod.io uses Cloudflare Access — Cloudflare’s Zero Trust Network Access service.

“Cloudflare Access allows us to provide secure access to our testing and development environments from anywhere,” says Macsok. “It also enables us to use third-party endpoint protection tools to ensure those laptops are secure. Once we know the devices are secure, users can reach out to the Internet and to our network.”

Protecting the network while reducing infrastructure strain

Mod.io began using the rate limiting functionality of the Cloudflare Web Application Firewall (WAF) to protect the network from malicious requests. “We know we’re sending only legitimate traffic and requests to our origin servers,” says Macsok.

Rate limiting also reduces the load on backend servers. “When you’re talking about a billion API requests per month, tracking individual users and API keys can require serious resources,” says Macsok. “Now we can do that work at the edge, which takes a significant amount of load and compute off our backend systems.”

Streamlining security management

The Cloudflare platform makes it easy for the mod.io team to manage numerous security capabilities without in-depth technical expertise. “The Cloudflare dashboard abstracts the technical knowledge away from the end user,” says Macsok. “When I want to configure a new firewall rule, I don’t need to know a programming language.”

The team can employ rich capabilities without excessive time, effort, or cost. “It takes away the complexity of us building complicated rate limiting systems in our infrastructure,” says Macsok. “That helps us avoid cost and allows us to build our product faster.”

Refocusing on product development and speeding time to market

The ease of using Cloudflare for security enables mod.io team members to concentrate on building new products. “By using Cloudflare services, we’re saving between 60 and 70% of the effort we would normally spend on cybersecurity,” says Macsok. “That allows us to focus on product development. We’re delivering new features to customers faster — and then moving onto the next customer request.”

Improving content delivery while avoiding egress fees

Mod.io has been capitalizing on the robust performance of Cloudflare’s content delivery network (CDN) for some time. More recently, the company started using Cloudflare Workers to support content delivery. Workers enables the team to localize assets and website text for global users. “We can make sure a German user receives German assets,” says Macsok.

The company also moved their object storage to Cloudflare R2 to improve the economics of storing assets in the cloud. “We’ve been able to cut out the egress costs associated with pulling assets from a third-party cloud provider,” says Macsok. “We now have much more predictable spending.”

Looking ahead to a secure future with Cloudflare

As the mod.io team plans for the future, they are exploring ways to protect external cloud environments while further simplifying their security stack. They have no doubt that continuing their work with Cloudflare will be the best way forward.

“We’ve had a very successful relationship with Cloudflare. In almost 20 years, we’ve never had a security breach,” says Macsok. “We have a security-first philosophy internally. So, we plan to work extremely hard with Cloudflare to make sure our excellent track record continues.”