Award-winning infrastructure and cybersecurity services provider undertakes comprehensive cybersecurity audit and VAPT as part of supplier’s licensing requirements in Pennsylvania
Continent 8 Technologies, the gaming industry’s trusted infrastructure and security partner, was chosen by ODDSworks, an interactive gaming content provider, to undertake a regulatory security compliance audit and vulnerability assessment penetration test (VAPT) in the US state of Pennsylvania.
As a supplier licensed by the Pennsylvania Gaming Control Board (PGCB), ODDSworks was required to undertake and submit for approval a full audit of its cybersecurity provisions. With an existing relationship through hosting across several states including New Jersey and Michigan, the company reached out to Continent 8 to plan and carry out the audit and VAPT so that it could meet its regulatory obligations.
The audit was undertaken by Continent 8’s dedicated cybersecurity division, C8 Secure, and used Vulnerability Assessment and Penetration Testing to examine ODDSworks’ provisions under the requirements set by the PGCB.
The regulator is one of the most stringent in the US when it comes to cybersecurity and expects operators and suppliers to meet standards such as:
- Procuring and implementing IDS/IPS solutions.
- Ensuring that virtual machines are performing online one function.
- All redundant virtual machines operate under a separate hypervisor.
- Procuring anti-virus, malware and ransomware for all virtual machines.
- Implementing vulnerability scanning.
- Implementing a log management solution to ensure audit logs of user activities, exceptions and information security events are stored and available to assist in investigations and access control monitoring.
Operators and suppliers are also required to carry out an annual security audit and VAPT via a third party, and that’s why ODDSworks turned to Continent 8.
Continent 8 brought together a dedicated team of specialists for the efforts, which was completed in less than eight weeks, on time and under budget. It even identified vulnerabilities that were not within the scope of the work being carried out. The audit and VAPT reports were submitted to the PGCB and has been approved by the regulator.
Patrick Gardner, Managing Partner at C8 Secure, a Continent 8 company, said: “Cybersecurity is a hot topic in the online and land-based gaming industry, and ODDSworks are an example of a company that is prioritising cybersecurity.
“Having cybersecurity provisions in place is not only a must when it comes to protecting the organisation, but also when it comes to compliance. Pennsylvania is setting the standard when it comes to protecting the iGaming market.
“The regulatory landscape and requirements across different states can make it incredibly complex for operators and suppliers operating in these markets. Of course, we can assist other operators and suppliers with their cybersecurity audits in Pennsylvania and any other regulated US state.”
Steven De Mar, Executive VP at ODDSworks, added: “At ODDSworks we are taking cybersecurity seriously – the industry is under attack. Continent 8 has done an incredible job at supporting us through our cybersecurity audit in the state of Pennsylvania. We were impressed by the speed at which the audit was planned, undertaken and reported on, as well as its scope and depth.
“We already knew that Continent 8 was at the top of its game having used its hosting solutions in other US states, but its cybersecurity audit for us shows that it really does set the standard for others to follow.”