Continent 8 Technologies’ Regional Sales Directors, Jerad Swimmer and Jamie Garcia, and Principal Solutions Architect, Anthony Engel, recently attended the TribalNet 2024 Conference and Tradeshow.
At the booth, they were showcasing Continent 8’s multi-layered cybersecurity solutions designed to support tribal casinos and their cybersecurity programs.
Jamie Garcia and Jerad Swimmer at TribalNet 2024
Here, Jerad, Jamie and Tony share their key takeaways from the show.
Jamie Garcia (JG): Following the Oklahoma Indian Gaming Association (OIGA) 2024 event, we experienced yet another exceptionally organized and well-attended conference. It’s always a pleasure to reconnect with familiar faces, industry experts and organizational leaders, while also exploring opportunities on how we can shape, power and protect the industry together.
Jerad Swimmer (JS): Absolutely, Jamie! TribalNet was indeed a remarkable event. As one of our primary tribal-focused conferences, and a show I’ve proudly attended for many years, it provides an excellent platform for us to engage directly with new and existing customers and decision-makers who are dedicated to protecting their tribal casinos, enterprises, corporations and government organizations.
JG: Cybersecurity was a central theme at OIGA 2024, and it was front and center in most of our discussions at TribalNet as well. Artificial intelligence (AI) was a particularly prominent topic, with many attendees eager to learn about the latest trends and best practices in AI and machine learning (ML) technologies, especially in their roles for both cyber protection and cyber threats.
Tony Engel (TE): Jamie raises an excellent point about the dual nature of AI as both a tool and a threat. Cybersecurity firms are using AI to help identify risky behaviors, automate mitigation steps and assist analysts in efficient data queries. Conversely, cybercriminals are also exploiting AI and ML capabilities to launch cyber attacks – and at scale! Building robust cybersecurity programs to counter AI-driven threats can be challenging but partnering with managed security service providers (MSSPs) equipped with 24x7x365 Security Operations Centers (SOCs) and up-to-date AI, ML and threat intelligence tools and platforms is an effective strategy to combat these sophisticated threats.
JS: In addition to AI, another key focus at the event was Vulnerability Assessment & Penetration Testing (VAPT), with numerous TribalNet attendees inquiring about VAPT approaches and solutions for their organizations.
For VAPT, we advise choosing a service that can identify vulnerabilities across your entire organization, including infrastructure, networks, applications and cloud environments. A comprehensive end-to-end assessment allows you to isolate and prioritize security investments for maximum risk reduction. We also suggest regularly scheduled VAPTs to ensure a proactive and continuous evaluation and enhancement of your cyber attack surface area.
Anthony Engel and Jerad Swimmer at TribalNet 2024.
JS: As cyber threats evolve, so must our cybersecurity strategies. AI and ML will remain pivotal in cybersecurity platforms, enabling the most innovative solutions to keep the most sophisticated AI-driven threats at bay.
We also foresee the tribal gaming community continuing to expand and enhance their cybersecurity measures. We are committed to strengthening our relationships with key tribal decision makers to ensure we provide the necessary safeguards for their cyber ecosystems.
And finally, we wanted to thank all the TribalNet attendees who visited the Continent 8 booth to share their cybersecurity insights, experiences and perspectives. For those interested in continuing the discussion in person, we invite you to visit us at the Global Gaming Expo 2024 in Booth 4235 to learn more about how we can support your cybersecurity initiatives. I’m really looking forward to the event.
Book a meeting at G2E 2024: https://lp.continent8.com/g2e-vegas-2024
Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.
Also, be sure to watch the latest episode in our Tribal Talks: Cybersecurity Unlocked podcast series. In this episode, Jerad Swimmer talks with Anthony Engel about cybersecurity challenges in the age of modern AI as cyber threats become increasingly sophisticated.
On May 2, 2024, the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance (MF) issued Ordinance No. 722 (link here in Portuguese). This set of regulations outlines the essential technical and cybersecurity criteria that iGaming and online sports betting operators must adhere to within six months of obtaining their gaming licenses.
In her blog series, Luana Monje, Sales Executive at Continent 8 Technologies, examines the latest infrastructure, cloud, cybersecurity and regulatory developments for the newly regulated Brazilian iGaming and online sports betting market. In her first blog, Luana explored the Ordinance 722’s penetration testing requirement, and in this blog, she investigates the recovery and backup system, business continuity and disaster recovery plan and firewall protection requirements in full detail.
Ordinance 722, Annex IV, section 15 – Recovery: In the event of a catastrophic failure where the betting system, or any component or platform, cannot be reset in any other way, it must be possible to restore the system from the last backup point and fully recover it.
Ordinance 722, Annex IV, section 17 – Business continuity and disaster recovery plan: A business continuity policy and disaster recovery plan must be adopted to recover betting operations if the production environment of the betting system or any of its platforms becomes inoperable.
In the regulations outlined for iGaming and online sports betting in Brazil, robust recovery and business continuity mechanisms must be in place to ensure that, should a catastrophic failure occur, the operator or supplier can restore the betting system and fully recover from the last backup point.
Ordinance 722’s recovery section explains that such backups must encompass not only the recorded information but also extend to include location-specific details such as security configurations and user accounts. Furthermore, current system encryption keys and a comprehensive record of system parameters – whether modifications, reconfigurations, additions, merges, deletions, adjustments or changes to parameters – need to be meticulously maintained.
Meanwhile, Ordinance 722’s business continuity and disaster recovery section recommends that the plan comprise data storage methodologies to minimise losses, document the recovery procedures and provide a comprehensive recovery guide. Moreover, it should propose the process for resuming administrative operations post-recovery, tailored to the system’s operational context.
The Continent 8 solution: Our multi-pronged services approach offers operators and suppliers the optimal path to backup and business continuity in the event of an incident or disaster.
Ordinance 722, Annex IV, section 31 – Firewall: All communications, including remote access, must pass through at least one approved application-level firewall.
An effective firewall serves as the guardian of the network, meticulously scrutinising all incoming and outgoing communications to thwart unauthorised access and potential threats. Ordinance 722’s firewall communication suggests that the firewall be placed at the juncture of different security domains, ensuring that no alternative network path exists that could circumvent the firewall. Only essential applications related to the firewall’s operation are permitted to reside on the device, and access is restricted to a limited number of user accounts, primarily network or system administrators. These firewalls should analyse all incoming and outgoing communications, ensuring that only traffic from trusted network sources is permitted. Furthermore, stringent access controls, backed by the latest encryption protocols, safeguard remote interactions with the gaming platform.
The Continent 8 solution: Our Firewall service includes customisable IDS/IPS capabilities. When combined with our managed Security Operations Centre (SOC) service, IDS/IPS events are enriched with specific threat intelligence and ingested into our Security Incident and Event Management (SIEM) platform. Our SOC analysts can then deliver powerful insights into a customer’s current threat state and perimeter activities, providing detection, prevention and responses to known and emerging threats.
Recovery and business continuity plans, along with firewall protection, provide an excellent starting point for iGaming and online sports betting operators and suppliers launching operations in Brazil’s regulated gaming market. For end-to-end protection, we recommend operators and suppliers adopt a holistic risk mitigation approach. A complete, 360-degree defense strategy includes:
By referencing the SPA and MF’s Ordinance 722 policies and partnering with an experienced and trusted solutions provider like Continent 8, operators and suppliers can deploy multi-defense, multi-layer cybersecurity protection strategies for their iGaming and online sports betting platform. This approach enables them to comply with Brazil’s latest technical and cybersecurity regulations while demonstrating their commitment to providing secure and trustworthy gaming environments and experiences.
Continent 8 Technologies, the trusted managed hosting, connectivity, cloud and cybersecurity partner to the global iGaming and online sports betting industry for over 25 years, is live in every major regulated Latin American (LATAM) jurisdiction, including Brazil.
Operating out of the LATAM region since 2020, we offer operators and suppliers access to state-of-the-art data centres, connectivity to a global private network featuring 100+ locations across four continents and best-in-class managed and professional services to support the most demanding iGaming and online sports betting requirements.
Discover why Continent 8 is the go-to infrastructure and cybersecurity provider for leading LATAM operators and suppliers such as Betcris, Boldt, Bplay and Vibra Gaming, and learn how we ensure the seamless implementation of compliant and secure infrastructures so that your Brazilian gaming operations are live from day one.
For more information on how Continent 8 can support your organisation’s regulatory and cybersecurity requirements, visit www.continent8.com/br or contact Luana at luana.monje@continent8.com.
A 2 de maio de 2024, a Secretaria de Prémios e Apostas (SPA) e o Ministério das Finanças (MF) emitiram a Portaria n.º 722 (link aqui). Este conjunto de regulamentos define os critérios técnicos e de cibersegurança essenciais que os operadores de iGaming e de apostas esportivas online devem cumprir no prazo de seis meses após a obtenção das suas licenças de jogo.
Em sua série de blogs, Luana Monje, Executiva de Vendas da Continent 8 Technologies, examina os mais recentes desenvolvimentos de infraestrutura, nuvem, cibersegurança e regulamentação para o recém-regulamentado mercado brasileiro de iGaming e apostas esportivas online. Em seu primeiro blog, Luana explorou o requisito de teste de penetração da Portaria 722, e neste blog, ela investiga o sistema de recuperação e backup, continuidade de negócios e plano de recuperação de desastres e requisitos de proteção de firewall em detalhes completos.
Portaria 722, Anexo IV, secção 15 – Recuperação: Na eventualidade de uma falha catastrófica em que o sistema de apostas, ou qualquer componente ou plataforma, não possa ser reposto de outra forma, deve ser possível restaurar o sistema a partir do último ponto de cópia de segurança e recuperá-lo totalmente.
Portaria 722, Anexo IV, secção 17 – Plano de continuidade das actividades e de recuperação de desastres: Uma política de continuidade de negócios e um plano de recuperação de desastres devem ser adotados para recuperar as operações de apostas se o ambiente de produção do sistema de apostas ou qualquer uma de suas plataformas se tornar inoperante.
Nos regulamentos delineados para o iGaming e as apostas esportivas no Brasil, devem existir mecanismos robustos de recuperação e continuidade do negócio para garantir que, em caso de falha catastrófica, o operador ou fornecedor possa restaurar o sistema de apostas e recuperar totalmente a partir do último ponto de backup.
A secção de recuperação do Decreto 722 explica que essas cópias de segurança devem incluir não só as informações registadas, mas também pormenores específicos do local, como as configurações de segurança e as contas de utilizador. Além disso, as chaves de encriptação actuais do sistema e um registo exaustivo dos parâmetros do sistema – quer se trate de modificações, reconfigurações, adições, fusões, eliminações, ajustamentos ou alterações de parâmetros – devem ser meticulosamente mantidos.
Entretanto, a secção relativa à continuidade das actividades e à recuperação de desastres da Portaria 722 recomenda que o plano inclua metodologias de armazenamento de dados para minimizar as perdas, documente os procedimentos de recuperação e forneça um guia de recuperação abrangente. Além disso, deve propor o processo de retoma das operações administrativas após a recuperação, adaptado ao contexto operacional do sistema.
A solução Continent8: A nossa abordagem de serviços multifacetados oferece aos operadores e fornecedores o caminho ideal para a recuperação e continuidade do negócio no caso de um incidente ou desastre.
(O webinar está disponível em inglês e espanhol)
Portaria 722, Anexo IV, secção 31 – Firewall: Todas as comunicações, incluindo o acesso remoto, devem passar pelo menos por uma firewall aprovada a nível da aplicação.
Uma firewall eficaz actua como guardiã da rede, analisando meticulosamente todas as comunicações de entrada e saída para impedir o acesso não autorizado e potenciais ameaças. A comunicação da firewall do Decreto 722 sugere que a firewall seja colocada na junção de diferentes domínios de segurança, garantindo que não exista nenhum caminho de rede alternativo que possa contornar a firewall. Apenas as aplicações essenciais relacionadas com o funcionamento da firewall são autorizadas a residir no dispositivo e o acesso é restringido a um número limitado de contas de utilizador, principalmente administradores de rede ou de sistemas. Estas firewalls devem analisar todas as comunicações de entrada e saída, garantindo que só é permitido o tráfego proveniente de fontes de rede fiáveis. Além disso, controlos de acesso rigorosos, apoiados pelos mais recentes protocolos de encriptação, protegem as interações remotas com a plataforma de jogo.
A solução Continent8: O nosso serviço de Firewall inclui capacidades IDS/IPS personalizáveis. Quando combinados com o nosso serviço gerido do Centro de Operações de Segurança (SOC), os eventos IDS/IPS são enriquecidos com informações específicas sobre ameaças e ingeridos na nossa plataforma de gestão de incidentes e eventos de segurança (SIEM). Os nossos analistas do SOC podem então fornecer informações poderosas sobre o estado atual das ameaças e as actividades de perímetro de um cliente, fornecendo deteção, prevenção e respostas a ameaças conhecidas e emergentes.
Os planos de recuperação e continuidade do negócio, juntamente com a proteção da firewall, constituem um excelente ponto de partida para os operadores e fornecedores de iGaming e de apostas esportivas online que iniciam operações no mercado de jogo regulamentado do Brasil. Para uma proteção de ponta a ponta, recomendamos que os operadores e fornecedores adoptem uma abordagem holística de mitigação de riscos. Uma estratégia de defesa completa e de 360 graus inclui (ligações de produtos em inglês):
Ao fazer referência às políticas da SPA e da Portaria 722 do MF e fazer parceria com um provedor de soluções experiente e confiável como a Continent8, operadores e fornecedores podem implantar estratégias de proteção de segurança cibernética multi-defesa e multi-camadas para sua plataforma de apostas esportivas iGaming e online. Essa abordagem permite que eles cumpram as mais recentes regulamentações técnicas e de segurança cibernética do Brasil, ao mesmo tempo em que demonstram seu compromisso em fornecer ambientes e experiências de jogos seguros e confiáveis.
A Continent 8 Technologies, parceira confiável de hospedagem gerenciada, conetividade, nuvem e cibersegurança para a indústria global de iGaming e apostas esportivas online há mais de 25 anos, está ao vivo em todas as principais jurisdições regulamentadas da América Latina (LATAM), incluindo o Brasil.
Operando fora da região da LATAM desde 2020, oferecemos aos operadores e fornecedores acesso a data centers de última geração, conetividade a uma rede privada global com mais de 100 locais em quatro continentes e os melhores serviços gerenciados e profissionais da categoria para suportar os requisitos mais exigentes de iGaming e apostas esportivas online.
Descubra por que a Continent8 é o provedor de infraestrutura e segurança cibernética para os principais operadores e fornecedores da LATAM, como Betcris, Boldt, Bplay e Vibra Gaming, e saiba como garantimos a implementação perfeita de infraestruturas compatíveis e seguras para que suas operações de jogos brasileiros estejam ao vivo desde o primeiro dia.
Para obter mais informações sobre como a Continent8 pode apoiar os requisitos regulatórios e de segurança cibernética da sua organização, visite www.continent8.com/br ou contactar Luana em luana.monje@continent8.com.
The iGaming and online sports betting industry is facing unprecedented cyber attacks as it seeks to protect business operations, safeguard personal data and uphold public trust.
On April 14, 2024, Gaming Laboratories International (GLI) released the first gaming information security standard, “ GLI Gaming Security Framework Module 1 (GLI-GSF-1): Gaming Information Security (GIS) Common Controls Audit“, and on July 30, re-released the module for public comment.
It’s important that operators and suppliers understand what this means. Therefore, in this blog, we will explore the released framework, how a cybersecurity framework can assist the iGaming industry and its role within the online gaming industry.
The GLI-GSF-1 is the first cybersecurity framework explicitly tailored for the gaming industry. It was developed to address the sector’s unique security challenges by providing a set of controls to safeguard critical system components, transaction processing, and sensitive data.
This framework provides common controls for auditing a gaming organisation’s Gaming Information Security Management System (GISMS). The structured framework ensures that gaming operations can function securely, similar to eCommerce operations, within safe and stable environments.
GISMS protects sensitive data and systems within a Gaming Production Environment (GPE). It addresses evolving threats and compliance requirements by maintaining policies, controls, risk management and continuous improvement.
Industry experts highlight recent attacks on major casino and hospitality businesses as a wake-up call for the industry to enhance cybersecurity in the iGaming industry. Two of the more high-profile cases involved MGM Resorts International and Caesars Entertainment:
“Cyber attacks have become the new normal in the iGaming and online sports betting industry,” said Patrick Gardner, VP & CSO at C8 Secure, a Continent 8 Technologies company. “The persistent and escalating occurrence of security breaches highlights the urgent requirement for organisations to effectively manage cyber incidents. Unfortunately, many organisations are ill-prepared for such situations, emphasising the need for an industry-specific cybersecurity framework approach.”
Cybersecurity frameworks are not a new concept. The financial sector, with its mature cybersecurity practices, can offer valuable insights for the iGaming industry.
For instance, the Payment Card Industry Data Security Standard (PCI DSS) cybersecurity framework is designed to create a secure environment and protect card transactions against data theft and fraud. Compliance with PCI DSS is, in fact, mandatory for any company that processes credit card information, regardless of industry. The latest PCI DSS v4.0 standard emphasises Web Application Firewalls (WAF) for securing online platforms, which is critical for iGaming sites handling sensitive user data.
Another cybersecurity framework is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). This cybersecurity framework, used in the financial sector but also across a wide range of business verticals, is developed based on industry standards and best practices to help organisations manage critical infrastructure cybersecurity risks. It consists of five core functions – identify, protect, detect, respond and recover – and offers guidance for developing organisational profiles.
The iGaming market can adopt the best, proven principles from existing cybersecurity frameworks but create one that is tailored to the industry’s unique cybersecurity challenges and requirements. iGaming and online sports betting operators and suppliers deal with complex, interconnected infrastructure and IT environments that offers attackers a vast surface attack area. With so many potential attack vectors and vulnerability endpoints, a proactive, layered threat prevention, detection and response approach ensures optimal protection – from the edge to the data centre to endpoint and the cloud. Key implementations should include:
“Another important consideration is that iGaming operators and suppliers are faced with the challenging task of maintaining the highest security standards and managing how cybersecurity interacts within their hosting, connectivity, cloud and regulatory ecosystem. This places a significant investment and resource burden on many of these organisations, and we’re observing an increase in operators and suppliers seeking to outsource these responsibilities. Managed security service providers that can support all of these requirements should offer the simplest path to integration for smooth deployment with minimal to no downtime,” said Patrick.
Industry standards embody the collective goals, values, duties and long-term success of an entire industry. Continent 8 has consistently championed and advocated for these standards, engaging and collaborating with fellow industry members through various industry bodies and organisations. Recently, Continent 8 was welcomed into the International Gaming Standards Association (IGSA). With this new role, Continent 8 joins the IGSA Cyber Resiliency Committee, contributing to the development and implementation of industry-recognised cybersecurity standards aimed at enhancing regulatory and cybersecurity quality, innovation and performance throughout the iGaming and online sports betting industry.
The introduction of a common framework is a critical and necessary milestone to bring parity to Gaming security standards with other highly regulated industries. By embracing these additional controls, we are not only protecting the integrity of our industry but also prioritising the privacy and protection of our customers’ data. If adopted, Continent 8 stands ready to assist operators achieve compliance with all aspects of the proposed standards with comprehensive and cost-effective solutions.
As the online gaming industry continues to grow, and the risks that come along with it, cybersecurity frameworks will continue to play an essential role. Continuous monitoring, enhancements and technical advancements will be required to maintain the security and integrity of gaming operations while ensuring standardised protection for all stakeholders.
To learn more about Continent 8’s cybersecurity approaches, best practices and recommendations for the iGaming and online sports betting industry, contact sales@continent8.com.
Explore the critical cybersecurity measures and considerations necessary for safeguarding tribal casino gaming enterprises in an increasingly digital world.
In this blog, Jerad Swimmer, Regional Sales Director at Continent 8 Technologies, discusses the range cyber threats confronting tribal casinos, highlights the most recent cyber attacks on these establishments, outlines the unique specific cybersecurity requirements of tribal gaming and recommends best practices for establishing robust cybersecurity measures to improve their overall cybersecurity posture.
Tribal casinos are increasingly becoming targets for cyber attacks, with hackers constantly looking for vulnerabilities to exploit. Some of the current cyber threats facing tribal casinos include:
To protect against these threats, tribal casinos need to implement robust cybersecurity measures and stay up to date with the latest security practices.
There have been several tribal casino incidents recently where casinos have been forced to close following a cyber attack.
Cyber attacks are on the rise and tribal casinos must take these threats seriously to properly safeguard their operations.
Tribal gaming operations have unique cybersecurity needs that must be addressed to ensure data protection and operational continuity. These needs include:
By understanding these unique cybersecurity needs, tribal casinos can develop effective strategies to mitigate risks and safeguard their operations.
To enhance cybersecurity in tribal gaming operations, the following best practices should be implemented:
By implementing these best practices, tribal casinos can significantly enhance their cybersecurity posture and protect against a wide range of threats.
As cyber threats continue to evolve, tribal casinos can leverage innovative technologies and solutions to enhance their cybersecurity posture. Some key technologies and solutions include:
By embracing these innovative technologies and solutions, tribal casinos can stay ahead of cyber threats and enhance their overall cybersecurity posture.
Learn more about Continent 8’s multi-layered cybersecurity solutions at the Oklahoma Indian Gaming Association (OIGA) Conference and Trade Show in Oklahoma City ‘the biggest little show in Indian Gaming’, from August 12-14.
Continent 8’s Regional Sales Directors, Jerad Swimmer and Jamie Garcia, and Principal Solutions Architect, Tony Engel, will be in attendance at Continent 8 stand 1033.
To set up a meeting, visit here.
On May 2, 2024, the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance (MF) issued Ordinance No. 722 (link here in Portuguese). This set of regulations outlines the essential technical and security criteria that iGaming and online sports betting operators must adhere to within six months of obtaining their gaming licenses.
In a series of blogs over the coming months, Luana Monje, Sales Executive at Continent 8 Technologies, will examine the various requirements for regulated iGaming in Brazil. First up, she examines the penetration testing requirement, along with other cybersecurity considerations, in more detail.
Ordinance 722, Annex IV, section 41 – Penetration testing: The purpose of penetration testing is to exploit any weaknesses discovered during the vulnerability assessment in any publicly exposed applications or systems that host applications that process, transmit and/or store sensitive information.
Executing thorough penetration testing is a testament to an organisation’s dedication to safeguarding user data. Ordinance 722 defines penetration testing as systematically challenging the strength of network and application layers so that operators and suppliers can identify and rectify vulnerabilities.
Our Vulnerability Assessment and Penetration Testing (VAPT) services provide comprehensive security assessments for a customer’s infrastructure and applications. The VAPT solution enables organisations to achieve regulatory compliance and understand their attack surface area, providing a strong foundation for strengthening security posture.
Key benefits include:
VAPT use case: Read how Continent 8 Technologies supports ODDSworks with cybersecurity audit and vulnerability assessment penetration test services. |
Ordinance 722 offers a set of ground rules from which iGaming and online sports betting operators and suppliers should start. Beyond the suggested checklist, operators and suppliers should also consider a holistic approach that ensures end-to-end protection against any security and cyber threat. A 360-degree defense strategy includes:
By referencing the SPA and MF’s Ordinance 722 policies and partnering with an experienced and trusted solutions provider like Continent 8, operators and suppliers can deploy multi-defense, multi-layer security protection strategies for their iGaming and online sports betting platform. This approach enables them to comply with Brazil’s latest technical and security regulations while demonstrating their commitment to providing secure and trustworthy gaming environments and experiences.
Continent 8 Technologies, the trusted managed hosting, connectivity, cloud and cybersecurity partner to the global iGaming and online sports betting industry for over 25 years, is live in every major regulated Latin American (LATAM) jurisdiction, including Brazil.
Operating out of the LATAM region since 2020, we offer operators and suppliers access to state-of-the-art data centers, connectivity to a global private network featuring 100+ locations across four continents and best-in-class managed and professional services to support the most demanding iGaming and online sports betting requirements.
Discover why Continent 8 is the go-to infrastructure and cybersecurity provider for leading LATAM operators and suppliers such as Betcris, Boldt, Bplay and Vibra Gaming, and learn how we ensure the seamless implementation of compliant and secure infrastructures so that your Brazilian gaming operations are live from day one.
For more information on how Continent 8 can support your organisation’s regulatory and cybersecurity requirements, contact Luana at luana.monje@continent8.com.
Em 2 de maio de 2024, a Secretaria de Prêmios e Apostas (SPA) e o Ministério da Fazenda (MF) emitiram a Portaria nº 722. Este conjunto de regulamentos define os critérios técnicos e de segurança essenciais que os operadores de iGaming e de apostas desportivas online devem cumprir no prazo de seis meses após a obtenção das suas licenças de jogo.
Em uma série de blogs nos próximos meses, Luana Monje, Executiva de Vendas da Continent 8 Technologies, examinará os vários requisitos para o iGaming regulamentado no Brasil. Em primeiro lugar, ela examina o requisito de teste de penetração, juntamente com outras considerações de segurança cibernética, em mais detalhes.
Portaria 722, Anexo IV, secção 41 – Testes de penetração: O objetivo dos testes de penetração é explorar quaisquer pontos fracos descobertos durante a avaliação de vulnerabilidades em quaisquer aplicações ou sistemas expostos publicamente que alojem aplicações que processem, transmitam e/ou armazenem informações sensíveis.
A realização de testes de penetração completos é uma prova da dedicação de uma organização à proteção dos dados dos utilizadores. A Portaria 722 define os testes de penetração como um desafio sistemático à força das camadas de rede e de aplicação para que os operadores e fornecedores possam identificar e retificar vulnerabilidades.
Os nossos serviços de Avaliação de Vulnerabilidades e Testes de Penetração (VAPT) fornecem avaliações de segurança abrangentes para as infra-estruturas e aplicações de um cliente. A solução VAPT permite que as organizações atinjam a conformidade regulamentar e compreendam a sua área de superfície de ataque, fornecendo uma base sólida para reforçar a postura de segurança.
As principais vantagens incluem:
Caso de utilização VAPT (em inglês): Leia como a Continent 8 Technologies apoia a ODDSworks com serviços de auditoria de cibersegurança e teste de penetração de avaliação de vulnerabilidades.. |
A portaria 722 oferece um conjunto de regras básicas a partir das quais os operadores e fornecedores de iGaming e de apostas desportivas em linha devem começar. Para além da lista de verificação sugerida, os operadores e fornecedores devem também considerar uma abordagem holística que garanta uma proteção completa contra qualquer ameaça à segurança e à cibersegurança. Uma estratégia de defesa de 360 graus inclui (ligações de produtos em inglês):
Ao fazer referência às políticas da SPA e da Portaria 722 do MF e fazer parceria com um provedor de soluções experiente e confiável como o Continente 8, operadores e fornecedores podem implantar estratégias de proteção de segurança multi-defesa e multi-camadas para sua plataforma de apostas esportivas iGaming e online. Essa abordagem permite que eles cumpram as mais recentes regulamentações técnicas e de segurança do Brasil, ao mesmo tempo em que demonstram seu compromisso em fornecer ambientes e experiências de jogos seguros e confiáveis.
A Continent 8 Technologies, parceira confiável de hospedagem gerenciada, conetividade, nuvem e segurança cibernética para a indústria global de iGaming e apostas esportivas online há mais de 25 anos, está ao vivo em todas as principais jurisdições regulamentadas da América Latina (LATAM), incluindo o Brasil.
Operando a partir da região LATAM desde 2020, oferecemos aos operadores e fornecedores acesso a centros de dados de última geração, conetividade a uma rede privada global com mais de 100 locais em quatro continentes e os melhores serviços gerenciados e profissionais da categoria para apoiar os requisitos mais exigentes de iGaming e apostas desportivas online.
Descubra por que o Continente 8 é o provedor de infraestrutura e segurança cibernética para os principais operadores e fornecedores da LATAM, como Betcris, Boldt, Bplay e Vibra Gaming, e saiba como garantimos a implementação perfeita de infraestruturas compatíveis e seguras para que suas operações de jogos brasileiras estejam ao vivo desde o primeiro dia.
Para obter mais informações sobre como o Continente 8 pode apoiar os requisitos regulatórios e de segurança cibernética da sua organização, visite Continent8.com ou contactar Luana em luana.monje@continent8.com.
Continent 8 Technologies, the trusted partner and provider of global managed hosting, connectivity, cloud and cybersecurity solutions to the regulated iGaming and online sports betting market, has expanded its partnership with Amazon Web Services (AWS), chosen as an official solutions provider in the Solution Provider Program (SPP) by AWS.
Over the past 25-plus years, Continent 8 has earned an unrivalled reputation for reliable infrastructure and connectivity, innovating, developing and providing customers with best-in-class managed and professional services to support the most demanding online requirements.
Now, as an SPP member, this enhanced AWS collaboration will enable Continent 8 to introduce a new range of services to simplify the management of AWS cloud environments and infrastructures. The new managed and professional services include:
Regulatory compliance is non-negotiable in the betting and gaming industry. The tailormade Regul8 Guardrails solution provides customers with customised designs and configurations for easy-to-integrate compliance across cloud environments while accelerating time-to-market and expansion into new jurisdictions.
Migrating and managing Kubernetes across different cloud environments can be difficult. The Kubernetes Everywhere service makes it easy for customers to manage their containerised deployments, ensuring consistent, resource-friendly and cost-effective operation across cloud environments, data centers, edge computing infrastructures and within AWS regions using Elastic Kubernetes Service (EKS).
Managing hybrid and multi-cloud networks is a complex task. By integrating Continent 8 and AWS networks, the managed network services address the connectivity challenges between on-premises infrastructures, AWS Outposts, enterprise networks and AWS Regions. This service ensures customers benefit from the most resilient and secure hybrid cloud connectivity path, away from the public Internet.
Continent 8 is the trusted advanced partner in delivering 90% of AWS Outposts to the biggest brands – including FanDuel and Hard Rock Digital – in the regulated betting and gaming market. Building upon this AWS Outposts portfolio, the new Managed AWS Outposts service streamlines the procurement, logistics, workload migration and ongoing management of AWS Outposts, allowing customers to focus on launch activities. Continent 8 continues to provide best-in-class connectivity and seamless access to all AWS Direct Connect (DX) on-ramp locations.
Complementing these new cloud offerings is a dedicated team of over 30 AWS-certified and AWS-trained experts available to deliver and support high-touch AWS solutions tailored to each customer’s unique requirements.
“The AWS Solution Partner Program milestone underscores Continent 8’s commitment to continuing its position as the service and solutions provider of choice to the iGaming and online sports betting market. Whether it’s hyperscale, hybrid, public or private cloud management, Continent 8 remains steadfast in delivering trusted, bespoke, best-practice and value-added cloud experiences for our customers.”
Extending AWS capabilities for regulated betting and gaming environments
Join Continent 8 and AWS in a rapid-fire webinar to discover the key considerations and best practices for extending, optimising and reimagining AWS hybrid and multi-cloud architectures for betting and gaming operations.
Continent 8 Technologies PR & Media Marketing Department contact: press@continent8.com
The International Gaming Standards Association (IGSA) is pleased to welcome Continent 8 Technologies, the award-winning global managed hosting, connectivity, cloud and cybersecurity solutions provider to the global online gaming industry, as its newest association member.
Continent 8, an IGSA Silver member, is a trusted industry partner for global leading brands in the iGaming and online sports betting market. With over 25 years of experience, Continent 8 brings unparalleled expertise to the association. Their well-respected regulatory and cybersecurity practices make them an obvious choice in supporting IGSA, advocating true industry standards for the gaming industry. As a member of the IGSA Cyber Resiliency Committee, Continent 8 will have an immediate impact, empowering suppliers, operators and regulators with best-practice recommendations to meet current and evolving regulatory and cybersecurity requirements.
Jeremie Kanter, Continent 8 Director of Regulatory Affairs said:
“Continent 8 and its dedicated cybersecurity company, C8 Secure, have helped our global network of operators and suppliers achieve sustainable, long-term success. This is largely due to our commitment to industry standards. We are excited to collaborate with the IGSA and industry peers to develop and establish comprehensive compliance and cybersecurity standards with the goal of elevating regulatory and cybersecurity excellence, performance and innovation across the gaming
industry.”
“IGSA is very excited to welcome Continent 8 to our membership. As a long-time champion of industry standards, they are intimately familiar with the regulatory and cybersecurity challenges, opportunities and requirements that today’s gaming stakeholders face,” said Mark Pace, IGSA President.
“We look forward to their participation within our Cyber Resiliency Committee and other various IGSA groups. We believe their contributions will be significant and of great value to the industry.”
For media inquiries, contact press@continent8.com