Pokémon Puts Security and Compliance at the Heart of its Digital Transformation Strategy on AWS

With Sumo Logic, an APN Advanced Technology Partner and AWS Security, Data & Analytics and DevOps Competency Partner

Looking to Bring Technology Development In-House while Rapidly Scaling

Pikachu. Charizard. Mew. To hundreds of millions of kids and adults around the world, these names represent more than characters in a series or game. They represent a beloved pastime and a foundation for real-world adventure. For over 20 years, Pokémon has cemented its role as a staple within children’s entertainment. With the release of Pokémon Go in 2016, Pokémon became a cultural phenomenon that changed the face of interactive gaming.

“Pokémon Go simply exploded,” says John Visneski, director of information security and data protection officer at The Pokémon Company International. “I think we were initially expecting 50 – 100 million downloads of the game. Instead, we saw 800 million downloads. Here we are in 2019, and Pokémon Go is one of the most popular mobile games of all time. With such an explosion came scalability challenges, particularly given our focus on data privacy.”

At the time of Pokémon Go’s release, The Pokémon Company International, responsible for global branding and licensing, licensed the Pokémon Go brand to a third-party developer. As the game continued to reach new adoption heights, the company decided to bring game development in-house and invest in a large-scale digital transformation strategy. The company's overarching vision involved building a massive platform to connect all of its different products.

“We quickly grew from a small team of in-house web developers and IT folks to around 100 individuals,” says Visneski. After coming onboard to start the InfoSec team from scratch, Visneski chose to develop a team and philosophy focused on putting technology and enablement at the core of security and compliance.

“AWS and Sumo Logic have both been wonderful partners for us. We’re able to mitigate risks and solve problems that have an impact across the business.”

- John Visneski, Director of Information Security and Data Protection Officer at The Pokémon Company International


Going Cloud-First and Making InfoSec an Enabling Force

Within many companies, InfoSec’s reputation often veers toward being a 'no' team. Visneski sought to upend this expectation by building a security team and security program within Pokémon to help drive innovation forward. With the company’s widespread use of Amazon Web Services (AWS) for technology and development, Visneski focused on taking an approach to security and privacy that could keep up with developers and offer its unique insights through technology.

“We decided that we wanted to go into every internal requirement meeting and project meeting with the ability to ask what the business objective is and figure out how we can help through our alignment and involvement with the development process. AWS has been central to our ability to make this a reality while we grow and to start planning for scale,” says Visneski.

“We chose to be a cloud-focused security operation because we wanted to stay up-to-speed with the new features AWS releases, the development cycles within our organization, and the rapid pace driven by our DevOps team,” says Visneski. “New technologies, such as serverless infrastructure and containers, introduce change into our overarching ecosystem. That change—as well as the ever-shifting regulatory landscape and compliance requirements—inevitability impacts our risk frameworks and our ability to adapt and overcome new threats. We chose to develop a security platform and program that could dynamically respond to and keep pace with these changes while meeting changing regulatory needs with confidence.”

As the company’s vision for its security program began to take shape, Visneski and the team quickly began looking for tools to empower its approach and form the foundation of its security platform and security operations center (SOC).

Using Sumo Logic as the Foundation for an Agile Security Platform on AWS

Pokémon initially sought a cloud-focused, highly mobile, and highly automated platform or product to serve as the foundation for its security architecture. The company needed a platform that could integrate with a wide range of AWS-native and third-party tooling. Arguably most important for Visneski was identifying a partner with whom his team could collaborate and work closely.

"Building a substantive business relationship between a vendor and us was very important," says Visneski. "If we're going to make a company a foundational part of our security architecture, then we want to be tied close enough that we understand what’s over the horizon, how we can align our roadmap with theirs, and how the solution will fit into our overall ecosystem.”

In Sumo Logic, a cloud-native platform enabling companies to collaborate, develop, operate, and secure applications at scale, Pokémon found its ideal technology and collaboration partner.

“From the beginning, Sumo was very willing to build the type of relationship with us we sought,” says Visneski. “Sumo is cloud-focused in both its business and its technology. Sumo has always been dedicated to helping us move at the speed we need and that our business demands. Technically, Sumo’s cloud focus means it easily integrates with a wide variety of tools and platforms. As the threat landscape changes for us, we can choose new tools to use and have confidence they will integrate with Sumo. If they don’t, then we’ve built a relationship wherein we can call counterparts at Sumo and discuss how we can make it happen.”

Building a Comprehensive SOC and Security Architecture with Sumo and AWS

The backbone of Pokémon’s SOC is a technique called the observe, orient, decide, and act, or OODA loop. The company's goal is to use its tools and platform to reduce the OODA loop and follow a consistent and quick protocol for responding to threats. The company also developed a team and a culture that encourages cross-collaboration and embraces automation to drive an agile DevSecOps operation that empowers the OODA approach.

SumoLogic1

Diagram: Pokémon’s security stack running on AWS 

AWS, Sumo Logic, and APN Advanced Technology Partner CrowdStrike comprise the core base of the Pokémon security architecture. Through its cloud-native machine data analytics platform and pre-built security and compliance dashboards, Sumo Logic delivers continuous intelligence and a unified source of user data to Pokémon. The company leverages Sumo’s security information and event management (SIEM) solution and its Investigation Workflows solution.

“Using Sumo Logic and AWS tooling, as well as other ISV tools, we can take an automation-first approach for orchestrating activities and embracing the OODA loop mindset,” says Visneski. “These technologies empower our security analysts to home in on actual problems, strategize how we orient ourselves to overcome that problem, and then quickly act on a decision. The tools allow us to move at a pace we wouldn’t be able to move at were we to use other technologies or platforms.”
 

Enabling a Bold Vision while Prioritizing Security and Compliance at Scale

Using AWS and Sumo Logic has allowed Pokémon’s security team to streamline traditionally manual security programs and processes and deliver time and cost savings to the business. For example, the team recently rolled out a new project classification automation program cutting a process that included 11 touchpoints and took 5 – 7 business days down to 2 touchpoints taking about 5 minutes.

“AWS and Sumo Logic have both been wonderful partners for us,” says Visneski. “We’re able to mitigate risks and solve problems that have an impact across the business. Given the time and cost savings we can drive through automation and our cloud-based approach to various initiatives, we’re able to help individuals within Pokémon save time and rededicate themselves to thinking of new ways to deliver products to our customers.”

Vital to the success of Pokémon’s security operations is the foundation built on and with Sumo Logic.

“Sumo Logic positions us very well to be an integrated agent within our technology organization and for the business at large. We onboarded Sumo because we needed something to sit as the core of our modern security operation center. We quickly realized that because it’s so adaptable and easy to integrate with other services and tooling, we can introduce Sumo to other parts of the technology organization, and then other parts of the business as a tool they can use to help them achieve their goals,” says Visneski. “All of this works toward expanding our visibility and strengthening our partnership with teams across the business.”

Up next for the Pokémon InfoSec team is a continued focus on using automation and data analytics capabilities to help individuals within Pokémon meet new business objectives and drive better outcomes.

“Our ability to respond quickly, particularly in the context of security incidents, is paramount to our ability to operate as a business partner,” says Visneski. “We’ve found we are invited to meetings because we focus on helping teams tackle obstacles and figure out ways to conquer business objectives. By taking this approach, we are given visibility into parts of the business we may not have had as much visibility before. And visibility is the name of the game when it comes to security. We want to use the insights we drive to help play a role in empowering the business.”

The team is also working closely with Sumo Logic and AWS to cement its status as a leader in data privacy practices. “The more we can join forces and be good partners in our efforts to deliver to customers the privacy capabilities they deserve, the more we can help each other be successful,” says Visneski.

“When it comes to data privacy practices, we want to be the rising tide that lifts all ships.”

Learn more about how Pokémon is using CrowdStrike, and the relationship built between Pokémon and Sumo Logic.

gt-db-pokemon

Pokémon

The Pokémon Company International, a subsidiary of The Pokémon Company in Japan, manages the property outside of Asia and is responsible for brand management, licensing, marketing, the Pokémon Trading Card Game, the animated TV series, home entertainment, and the official Pokémon website. Pokémon was launched in Japan in 1996, and today is one of the most popular children's entertainment properties in the world.

Summary

Pokémon sought to execute a digital transformation strategy and needed to build a robust security and privacy operations program. Using Sumo Logic on AWS, Pokémon streamlines manual security processes and puts security and privacy at the heart of development.

Challenge

After Pokémon Go exploded in popularity and downloads, the Pokémon Company International team decided to bring development in-house and undergo a digital transformation. The organization needed to build an InfoSec team from scratch and develop a robust security platform and operations center.

Solution

Pokémon initially sought a cloud-focused, highly mobile, and highly automated platform or product to serve as the foundation for its security architecture. In Sumo Logic, Pokémon found its ideal technology and collaboration partner. AWS, Sumo Logic, and APN Advanced Technology Partner CrowdStrike comprise the core base of the Pokémon security architecture.

Benefit

Using AWS and Sumo Logic has allowed Pokémon’s security team to streamline traditionally manual security programs and processes and deliver time and cost savings to the business. For example, the team recently rolled out a new project classification automation program cutting a process that included 11 touchpoints and took 5 – 7 business days down to 2 touchpoints taking about 5 minutes.

About Sumo Logic

Sumo Logic is a secure, cloud-native, Continuous Intelligence Platform for DevSecOps delivering real-time, continuous intelligence from structured, semi-structured, and unstructured data across the entire application lifecycle and stack. More than 2,000 customers around the globe rely on Sumo Logic for the intelligence to build, run, and secure their modern applications and cloud infrastructures. Sumo Logic delivers its platform based on a true, multi-tenant SaaS architecture, enabling digital businesses to thrive in the Intelligence Economy.

Published December 2019