Games24x7 Upgrades Security Posture Across its Gaming Platforms Using AWS

Over the years, the online gaming company has grown its user base to over 100 million, with gameplay volumes peaking for both RummyCircle and My11Circle. Given the high volume, Games24x7 stands out as an attractive target for cyberattacks, and each incident could take days to resolve.

With a commitment to offer a safe gaming environment and protect its users from such attacks, the online gaming company consistently prioritizes refinement of its edge security, improving its cloud governance, as well as identify and rectify misconfigurations and points of vulnerability across the entire network and system.

However, Games24x7 used to operate on a multi-account governance framework with over 30 accounts across different departments. Each department also had its own set of permissions and security policies, which increased the number of potential entry points for attacks. To improve privacy and data protection, the online gaming company first needed a centralized governance framework.

Furthermore, considering the highly sensitive and confidential user data it handles, Games24x7 needed a trusted and integrated solution that was ISO-compliant—specifically the Information Security Standard of ISO 27001.

“Security must be the basis of any business we operate. We want our users to enjoy our games and do transactions with total confidence. With  AWS , we are satisfied with how easy it is to scale in a cost-effective way. That is why, when rethinking our security posture, we went straight to AWS for their know-how,” said Rajat Bansal, chief technology officer of Games24x7.

In June 2022, Games24x7 began using AWS and  since then, the organization has successfully bolstered its cybersecurity posture, increasing its attack surface score to above the industry average.

To proactively identify and neutralize security threats even before they occur, Games24x7 deploys AWS GuardDuty, a threat detection service, to continuously monitor all AWS accounts and workloads for malicious activities. Games24x7 also uses AWS WAF, a managed security service, to protect its web applications from common exploits and bots. With AWS Security Hub, a cloud security posture management service with integration of market leader Cloud-Native Application Protection Platform (CNAPP) tool, Games24x7 automates security checks, implements continuous monitoring, and conducts early threat detection to minimize security risks.

As misconfigurations can create vulnerabilities that malicious actors can exploit, Games24x7 also uses AWS Config to continually assess, audit, and evaluate the configurations and relationships of its resources on AWS. Since the adoption of these services, Games24x7 has recorded zero successful cybersecurity attacks across its system.

On the governance front, Games24x7 uses AWS Control Tower to set up and govern its secure, multi-account AWS environment. Games24x7 also uses AWS IAM Identity Center to securely manage identities and access across all AWS services and resources. With these services, Games24x7 can control authorizations for access by users and services to critical resources, thus preventing data breach attempts. Games24x7 is using it as a baseline to build Centralise Access Management.

As part of its compliance with applicable data protection laws, Games24x7 is prioritizing data integrity and sovereignty. With AWS maintaining these ISO certifications, Games24x7 can now leverage these policies for its own developments and provide a smooth risk management framework and process. The certification also helps Games24x7 to be prepared for compliance with India’s Digital Personal Data Protection Act 2023, which will come into force in the near future.