How Game Warden Protects Your Data¶
At Second Front Systems, protecting your data is a top priority. We use industry-standard security practices, strict access controls, and continuous monitoring to secure the Game Warden platform and your application data.
Security Incident
If you ever suspect your application's security may have been compromised, report the incident immediately by following the procedure outlined in the Customer Incident Reporting Procedure.
Security best practices¶
Game Warden incorporates the following industry-standard security measures:
- Annual security awareness training (including phishing and remote work topics)
- Regular penetration tests and security audits
- Customer data and clusters deleted upon request or as required
- CI/CD pipelines secured with industry-standard tools
- End-to-end data encryption (in transit and at rest)
- Periodic vendor security reviews
- Background checks for all employees prior to access
- RBAC and least privilege access enforced across teams
- Data collection limited to what’s necessary for service delivery
- Continuous security log reviews
- Regular data snapshots, with support for forensic retention if needed
Data encryption¶
All websites and microservices in Game Warden use SSL/TLS encryption. Sensitive data (e.g., connection credentials) is encrypted both in transit and at rest using industry-standard algorithms. We routinely audit our certificates and encryption protocols to maintain data protection.
TLS encryption
Your application does not need to implement TLS. Game Warden’s service mesh uses TLS 1.3 by default.
Security audits & penetration testing¶
Having to achieve FedRAMP® High Authorization, the Game Warden is now authorized to handle the Federal Government’s most sensitive unclassified data. To maintain this authorization and ensure ongoing security posture, Game Warden conducts comprehensive external penetration testing at minimum annually. These assessments employ current industry-standard tools and methodologies to rigorously evaluate platform security controls and identify potential vulnerabilities before they can be exploited.
Game Warden’s tenancy model¶
Game Warden is a multi-tenant SaaS platform that uses strict isolation between tenants:
- Each customer has a dedicated namespace with isolated databases and storage.
- Boundaries are enforced by Istio service mesh using a deny-by-default policy.
- Each customer has a private Harbor image repository.
Access control¶
Access to Game Warden environments varies depending on the deployment type and security Impact Level (IL). The table below outlines the required access controls:
| Deployment Type | Access Requirements |
|---|---|
| DoD IL2 | - Platform One Single Sign-On (P1 SSO) - Keycloak |
| DoD IL4 | - All IL2 requirements - Government-issued access card - Appgate SDP |
| DoD IL5 | - All IL4 requirements - IL5-specific hardening and compliance |
| FedRAMP / Commercial | - Game Warden account - Keycloak |
Secret management¶
We use SOPS (Secret OPerationS) along with AWS Key Management System (KMS) to encrypt secrets in YAML and JSON files, ensuring no plaintext secrets exist in source code.
Physical security¶
Game Warden’s infrastructure is hosted in secure data centers compliant with:
- ISO 27001
- SOC 1 / SOC 2 / SSAE 16 / ISAE 3402
- PCI DSS Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
For more details, see cloud provider security documentation:
Shared Responsibility Model¶
Security is a shared responsibility between Game Warden and our customers. For more information, refer to the Game Warden Shared Responsibility Model.