Gaming can be a great escape from reality. Players can pretend to be superheroes, supervillains, giant, shape-shifting robots, or defenders of the universe. Whatever role they decide to play, their avatars can become nearly invincible. Unfortunately, the same is not true of their devices and the games themselves. Real-life villains are constantly popping up with new threats to the security of gaming platforms.
“Almost no company would state they have the best security environment ever,” says Maurice Ko, VP of Engineering at Kabam, a leading mobile game developer. “There are always hackers who can find ways to make problems.”
Rather than focus on security, Kabam, a world leader in developing entertaining, immersive mobile games, would prefer to perfect the art of game design to entertain millions of players around the globe. Their games have raised the bar for mobile gaming, with high-quality graphics, next-generation technology, and revolutionary gameplay, and their profile as a target for hackers has also risen. That makes security essential. Kabam is dedicated to bringing their same focus to safeguarding games and players.
Kabam has been running on Google Cloud since 2017. Kabam only worked internally to protect their games and gamers from security threats until recently. By 2021, Kabam wanted to have a neutral third party evaluate their overall security to ensure they followed best practices.
“Security is a domain where we always want to have different points of view and opinions from multiple third parties,” says Maurice. “Over the years, Kabam has followed the best practices of many external vendors. They all seem to make sense, and we haven’t had any major incidents to date. But security is one of those moving targets where someone is always finding unique ways to break into your computing resources.”
Kabam needed a fresh perspective on their secure use of Google Cloud products for peace of mind. Had they been following the best best practices? If not, which best practices should they be observing? “Kabam needs to get a different opinion about whether we’re actually using Google Cloud correctly and with the highest level of safeguards,” says Maurice.
To obtain additional security expertise, Google Cloud recommended that Kabam engage SADA, a five-time Google Cloud Reseller Partner of the Year, to conduct a Cloud Security Assessment.
“Security is a wide-open topic, which is one of the reasons we wanted to conduct a security assessment with SADA,” says Maurice. “SADA’s Cloud Security Assessment presents an opportunity to have another type of evaluation to ensure we’re as close to foolproof as possible with our Google Cloud implementation.”
SADA proceeded to assess Kabam’s environment based on their knowledge of its Google Cloud foundations, starting with an automated Google Cloud Security Posture Review. After that, the SADA team, including a Senior Cloud Security Engineer and a Project Manager, evaluated Kabam’s existing configurations and platform controls to reduce risk and confront common threats.
We wanted to use SADA to do another round of investigation because SADA works with Google Cloud closely and they understand Google Cloud infrastructure quite well. From the customer point of view, SADA made it a very low effort process because they were so well prepared. We just made the high-level ask for what we wanted, and SADA and Google Cloud worked out all the details of the project.Maurice Ko | VP of Engineering at Kabam
As a result of working with SADA, Kabam has obtained an unbiased, third-party opinion as to their current cloud security capability. Across ten domains of security, SADA assessed Kabam’s strategy, documented the results and associated recommendations, and shared the final written report with the company. “SADA worked closely with Kabam stakeholders to understand our Google Cloud infrastructure and security configurations and capabilities and provided us with best practice recommendations,” says Maurice.
Now, Kabam can use the report as a roadmap for how to mature their security model on Google Cloud and in conjunction with SADA, develop an action plan to address the findings and any gaps.
SADA serves as the voice of authority as to whether our Google Cloud implementation has been set up correctly. The whole point of the assessment was for SADA to walk through all our infrastructure as a way of validating Kabam’s security. Their report was exhaustive and gave us a good baseline on our security and where we stand compared to the rest of the software industry.Maurice Ko | VP of Engineering at Kabam
Beyond the cloud security assessment, Kabam received two action items that immediately improved their security. Based on the recommendations of SADA’s review, Kabam became aware of separate port and network segmentation vulnerabilities that they were prepared to remediate quickly.
“The port and network segmentation issues were low-hanging fruit that we’ve moved forward to fix very quickly,” says Maurice. “The SADA team was quite knowledgeable, helpful, and provided really good recommendations about our current tech stack around security.”
Overall, by conducting a comprehensive security assessment of their Google Cloud environment, SADA helped Kabam:
- Validate ten vital domains of cybersecurity
- Target two critical security issues for fast remediation
- Baseline their security against the overall software industry
- Plan their roadmap for future security configurations