How Game Warden Protects Your Data¶
Second Front Systems takes our customers’ security and privacy seriously. We employ industry standards and best practices, restrictive access, and security log reviews to keep our platform - and your data - secure. See below for information on our security practices.
Security Incident
If you ever suspect your application's security may have been compromised, contact the Game Warden Security team at gamewardensecurity@secondfront.com
Industry Standard Practices¶
Game Warden employs industry standard practices to keep your data secure including the following:
- Annual company security awareness training to include work from home and phishing
- Regular penetration tests, security audits, and business risk reviews
- Customer cluster and data deleted as requested/required
- Continuous Integration/Continuous Deployment (CI/CD) through industry standard tools and services
- Customer data encrypted in transit and at rest
- Regular vendor security review
- Background checks on all employees prior to access
- RBAC and principle of least privilege enforced across teams
- Minimum data collection limited to lawful basis required to provide services
- Regular security log review
- Regular data snapshots; ability to preserve for forensic purposes if required
Data Encryption¶
We use SSL/TLS encryption on all our websites and microservices in order to maintain the highest security and data protection standards. Sensitive data such as connection credentials is encrypted any time it is “at rest” or “in transit” in the Game Warden platform using industry standard encryption. In addition, we regularly verify our security certificates and encryption algorithms to keep your data safe.
TLS
Your application does not need to use TLS as our service mesh uses TLS 1.3.
Security Audits and Penetration Tests¶
SecondFront’s Game Warden platform is currently pursuing FedRAMP High accreditation including a full 3PAO audit. We conduct recurring penetration tests on our environments (at least annually) via a third party security firm leveraging the latest security penetration testing tools and methodologies. We work diligently to ensure these strict security and privacy standards are continuously maintained.
Game Warden’s Tenancy Model¶
Game Warden is a multi-tenant SaaS provider. We give each customer a private namespace for data segregation (meaning databases, storage, etc. are unique) and boundaries are secured by service mesh (Istio) set with a denied-by-default policy.
Each customer is given their own Harbor repository to ensure isolation of images.
Access¶
All Game Warden users require a Platform One Single Sign-on (P1 SSO) account and authentication via Keycloak to access the production cloud environment and other relevant systems.
DoD-imposed requirements for Impact Level (IL) Environment:
- IL2 - P1 SSO, Keycloak authentication
- IL4 - IL2 requirements and government access cards, Appgate SDP
- IL5 - IL4 requirements and IL5 hardening compliance
Secret Management¶
In conjunction with AWS Key Management System (KMS), secrets are handled by SOPS (Secret OPerationS) which encrypts the value of .yaml or JSON files to ensure there are no plain-text secrets in our code.
Physical Security¶
Game Warden’s physical infrastructure is hosted and managed within cloud provider data centers whose operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
For additional information on Game Warden’s hosting platforms, see:
- Amazon Web Service security
- Google Cloud Platform security
- Microsoft Azure security
Shared Responsibility Model¶
To understand the division of responsibility between Game Warden and our Customers, see the Game Warden Shared Responsibility Model.
Last updated: 11/20/2023