Compliancy for the Gaming Industry
What was the problem/objective?
This company had a lot of online games that were forgotten with the tide of the times. The studios that developed the games had moved on. No-one how to support and maintain these games. Yet these games and sites being still available online meant that they could potentially be a pathway to the company’s internal assets.
What was the solution?
Conducted a thorough scan of the entire perimeter and discovered quite a few sites that had security vulnerabilities and could be exploited as an entry point into the company’s internal network. Went about methodically finding security holes, remediating the vulnerabilities, analyzing traffic logs, and closing down inactive sites.
What are some of the other benefits?
The external attack surface was reduced significantly and the company was able to save unnecessary resources being consumed by these inactive sites.
What was the problem/objective?
Each studio worked in its own silo and the company lacked a centralized architecture framework. They also didn’t follow a consistent secure SDLC process for developing and testing games.
What was the solution?
Created a centralized security architecture framework for managing identity and backend resources and gradually migrated each studio to these centralized platforms. Conducted threat modeling, static code analysis, and penetration testing before the games were deployed to production.
What are some of the other benefits?
A standardized and consistent architecture helped improve security and maintenance efforts. Going through a secure SDLC process helped identify security weaknesses early on in the process.