Continent 8’s Compliance Audit and Vulnerability Assessment and Penetration Testing (VAPT) services facilitate the supplier’s annual licensing obligations in the Keystone State.

The Customer

ODDSworks, a leader in Remote Gaming Server technology and interactive content, specializes in delivering world-class gaming content and interactive technologies for regulated and real-money gaming markets. The ODDSworks game portfolio features a diverse array of proprietary and third-party titles.

As a licensed supplier under the Pennsylvania Gaming Control Board (PGCB), ODDSworks was required to conduct and submit a thorough audit of its cybersecurity measures for approval. ODDSworks chose its existing data center hosting partner, Continent 8, the leading provider of infrastructure and cybersecurity services to the iGaming and online sports betting sector, to design and implement an extensive regulatory compliance service, ensuring the content provider successfully met its regulatory requirements.

The Challenge

As an existing licensee offering third-party content to the online casino market, ODDSworks’ technology was already in compliance with the PGCB’s cybersecurity requirements. However, the regulatory body mandated ODDSworks to conduct an annual cybersecurity audit.

The primary challenge was selecting a cybersecurity services provider that was both capable and approved by the PGCB. The regulator is among the most stringent in the US regarding cybersecurity, requiring operators and suppliers to adhere to standards such as:

• Acquiring and deploying Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) solutions
• Ensuring virtual machines are dedicated to a single online function
• Verifying that all virtual machines are managed under a separate hypervisor
• Acquiring comprehensive anti-virus, malware and ransomware protection for all virtual machines
• Conducting vulnerability scanning
• Implementing a log management solution to ensure audit logs of user activities, exceptions and information security events are stored and accessible to support investigations and access control monitoring.

The Solution

The audit was conducted by ODDSworks’ existing infrastructure partner, Continent 8 and its specialized cybersecurity division, C8 Secure. They utilized their Compliance Audit and  Vulnerability Assessment and Penetration Testing (VAPT) services to assess ODDSworks’ provisions in accordance with the requirements established by the PGCB.

• Compliance Audit: The service identifies, assesses and mitigates potential cybersecurity risks while ensuring adherence to market and jurisdictional regulatory requirements. Compliance Audit safeguards organizations, builds trust with stakeholders and stays ahead of compliance requirements in an increasingly complex regulatory landscape.
• VAPT: The service provides comprehensive security assessments of an organization’s infrastructure and applications. VAPT helps organizations achieve regulatory compliance and/or understand their attack surface area, providing a strong foundation for strengthening security posture.

The Benefits

Following the completion of the Compliance Audit and VAPT services, Continent 8 and C8 Secure identified cybersecurity vulnerabilities related to third-party platforms. As a result, ODDSworks required the third-party developers to implement necessary upgrades to comply with the iGaming supplier’s compliance standards.

The audit and VAPT reports were submitted to, and approved by, the PGCB.

Project Conclusion

Continent 8’s comprehensive regulatory compliance services have strengthened ODDSworks’ cybersecurity framework by validating existing measures, refining operational processes and ensuring their systems are well-equipped to meet evolving regulatory and security requirements.

To date, ODDSworks is pleased to report the absence of cybersecurity incidents and looks forward to continued collaboration with Continent 8 on various cybersecurity initiatives.

Steven DeMar, Executive VP at ODDSworks, said: “At ODDSworks, we are taking cybersecurity seriously – the industry is under attack. Continent 8 has done an incredible job of supporting us through our cybersecurity audit in the state of Pennsylvania. We were impressed by the speed at which the audit was planned, undertaken and reported on, as well as its scope and depth.

“We already knew that Continent 8 was at the top of its game having used its hosting solutions in other US states, but its cybersecurity audit for us shows that it really does set the standard for others to follow.”

Patrick Gardner, Chief Security Officer at Continent 8, said: “Cybersecurity is a hot topic in the online and land-based gaming industry, and ODDSworks are an example of a company that is prioritizing cybersecurity.

“Having cybersecurity provisions in place is not only a must when it comes to protecting the organization, but also when it comes to compliance. Pennsylvania is setting the standard when it comes to protecting the iGaming market.”

Download the case study here. For more information on how to meet your jurisdiction’s regulatory cybersecurity requirements, visit continent8.com or contact sales@continent8.com.