Customer Stories / Games
Games24x7 Upgrades Security Posture Across its Gaming Platforms Using AWS
25%
Near-zero
Improved identity and access management system
Overview
The online gaming industry is becoming an increasingly lucrative target for cyber criminals. Between 2021 and 2022, the industry experienced a 167 percent rise in API attacks and was on the receiving end of about 37 percent of all distributed denial of service attacks.
Games24x7 is a leading online gaming company with a portfolio that spans India’s largest rummy platform, RummyCircle, and one of India’s top fantasy sports platform, My11Circle. Specializing in leveraging behavioural science, technology, and artificial intelligence, the company is committed to delivering an exceptional game-playing experience across all platforms while ensuring a secure gaming environment for its 100 million+ user base.
In 2022, Games24x7 began using Amazon Web Services (AWS) to proactively manage security risks and protect its networks and data. With services like Amazon GuardDuty, AWS Control Tower, AWS Config, and AWS IAM Identity Center, Games24x7 has reduced incident rates down to near-zero, improved its attack surface score by 25 percent, and is now building the required data security controls to better align with India’s data protection laws.
Opportunity | Creating a Unified Governance Framework to Minimize Threat
Over the years, the online gaming company has grown its user base to over 100 million, with gameplay volumes peaking for both RummyCircle and My11Circle. Given the high volume, Games24x7 stands out as an attractive target for cyberattacks, and each incident could take days to resolve.
With a commitment to offer a safe gaming environment and protect its users from such attacks, the online gaming company consistently prioritizes refinement of its edge security, improving its cloud governance, as well as identify and rectify misconfigurations and points of vulnerability across the entire network and system.
However, Games24x7 used to operate on a multi-account governance framework with over 30 accounts across different departments. Each department also had its own set of permissions and security policies, which increased the number of potential entry points for attacks. To improve privacy and data protection, the online gaming company first needed a centralized governance framework.
Furthermore, considering the highly sensitive and confidential user data it handles, Games24x7 needed a trusted and integrated solution that was ISO-compliant—specifically the Information Security Standard of ISO 27001.
“Security must be the basis of any business we operate. We want our users to enjoy our games and do transactions with total confidence. With AWS , we are satisfied with how easy it is to scale in a cost-effective way. That is why, when rethinking our security posture, we went straight to AWS for their know-how,” said Rajat Bansal, chief technology officer of Games24x7.
We have a comprehensive roadmap for integrating various security practices. Paired with AWS, we also have a robust, centralized governance framework that minimizes our incident rates to near zero. This is a significant stride towards bolstering our data protection, and we intend to pass the ease of mind to our users."
Kuldeep Tomar
Chief Information Security Officer, Games24x7
Solution | Upgrading Security Posture to Achieve Preemptive Threat Detection
In June 2022, Games24x7 began using AWS and since then, the organization has successfully bolstered its cybersecurity posture, increasing its attack surface score to above the industry average.
To proactively identify and neutralize security threats even before they occur, Games24x7 deploys AWS GuardDuty, a threat detection service, to continuously monitor all AWS accounts and workloads for malicious activities. Games24x7 also uses AWS WAF, a managed security service, to protect its web applications from common exploits and bots. With AWS Security Hub, a cloud security posture management service with integration of market leader Cloud-Native Application Protection Platform (CNAPP) tool, Games24x7 automates security checks, implements continuous monitoring, and conducts early threat detection to minimize security risks.
As misconfigurations can create vulnerabilities that malicious actors can exploit, Games24x7 also uses AWS Config to continually assess, audit, and evaluate the configurations and relationships of its resources on AWS. Since the adoption of these services, Games24x7 has recorded zero successful cybersecurity attacks across its system.
On the governance front, Games24x7 uses AWS Control Tower to set up and govern its secure, multi-account AWS environment. Games24x7 also uses AWS IAM Identity Center to securely manage identities and access across all AWS services and resources. With these services, Games24x7 can control authorizations for access by users and services to critical resources, thus preventing data breach attempts. Games24x7 is using it as a baseline to build Centralise Access Management.
As part of its compliance with applicable data protection laws, Games24x7 is prioritizing data integrity and sovereignty. With AWS maintaining these ISO certifications, Games24x7 can now leverage these policies for its own developments and provide a smooth risk management framework and process. The certification also helps Games24x7 to be prepared for compliance with India’s Digital Personal Data Protection Act 2023, which will come into force in the near future.
Outcome | Building a Repository for Security Logs to Facilitate Automation
Games24x7 plans to use Amazon Security Lake, a fully managed security data lake service, to build a repository for security logs, then leverage generative artificial intelligence to process and analyze said data for security alert automation. The goal is to improve response times and allow security teams to prioritize incidents that require their attention. After conducting a Proof of Concept, Games24x7 began migrating to Amazon Security Lake. The migration was completed in February 2023.
“We have a comprehensive roadmap for integrating various security practices. Paired with AWS, we also have a robust, centralized governance framework that minimizes our incident rates to near zero. This is a significant stride towards bolstering our data protection, and we intend to pass the ease of mind to our users,” said Kuldeep Tomar, Chief Information Security Officer at Games24x7.
About Games24x7
Games24x7 is an India headquartered online gaming company with a portfolio that spans skill games. It was founded by New York University-trained economists Bhavin Pandya and Trivikraman Thampy in 2006. Backed by marquee investors including Tiger Global, The Raine Group, and Malabar Investment Advisors, the company specialises in using behavioural science, technology and artificial intelligence to provide an awesome game-playing experience across all its platforms. Games24x7 operates RummyCircle, the largest online rummy platform in India, and My11Circle, one of the country’s top fantasy sports platforms with offices in Mumbai, Bengaluru and New Delhi.
AWS Services Used
Amazon GuardDuty
GuardDuty combines ML and integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data.
Learn more »
AWS Control Tower
Use AWS Control Tower to set up and operate your multi-account AWS environment with prescriptive controls designed to accelerate your cloud journey.
AWS IAM Identity Center
AWS IAM Identity Center helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications.
Learn more »
AWS Security Hub
Use AWS Security Hub to automate security best practice checks, aggregate security alerts into a single place and format, and understand your overall security posture across all of your AWS accounts.
Learn more »
Get Started
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.