Infosec & product sustainability

Information Security is a strategic priority for the business and it is at the core of our processes and technologies, for both our business units and our central functions.

A strategic priority

Information security risks feed into the wider decision making of the business, as we strive to increase the maturity of our information security function year-on-year.

In 2020, GiG maintained its maturity in its key processes related to Identity and Access Management, Vulnerability Management, User Awareness, Policy Management, Incident Management and Governance. We also set

out to further invest and increase its maturity in Risk Management, Application Security Architecture, Threat monitoring and Incident Management, Vulnerability Management and Supplier Due Diligence. We also initiated plans for Business Continuity Management, safeguarding our future in every circumstance, and will update the business in 2021

 

ISO Certification

GiG’s information security processes are regularly tested by independent auditors, to meet regulatory and compliance requirements and make sure controls are working as required to mitigate risk. In 2018, such information security processes were tested against the highest international standards set down by the International Organization for Standardization via an ISO 27001:2013 audit. In 2019, the certificate was renewed. The GiG Core platform was validated as meeting such standards by an independent audit firm, which is accredited by the United Kingdom Accreditation Service (UKAS). In 2020, we maintained our ISO 27001 certification for our GiG Core and GiG Data products, and their supporting functions. Preparations to obtain the certification for its frontend products were also initiated.

Infosec highlights for 2021:

 

  • Finalised the integration of a 24/7 SoC team with our business. This means that we now have visibility of our GiG servers, systems and network devices; all our Platform products; our critical Media sites; our Malta, Spain and Copenhagen Offices and our very own GiG Cloud via our SIEM
  • The SoC team and the engineering team have already put into place alerting hundreds of types of attacks, constantly hunting for newly introduced threats
  • Trained over 600 GiGsters with bite-sized training modules, aimed at providing dedicated awareness training for our teams and prepared dedicated videos for our Tier 1 policies, all whilst revamping all 13 of them
  • Worked on having a supplier due diligence process that allows us to assess the security and privacy controls of our suppliers, and most importantly, to put into place any required mitigating controls that would protect us against supply chain attacks.
  • Performed over 35 business impact analysis, that will ensure we are keeping our business continuity management system updated and that our business continuity plans reflect our current business objectives
  • Penetration tested all our products, and integrated automated testing in our development pipelines, and performed internal testing of all our networks and infrastructure, ensuring our internal eco system is secure, protecting the business from internal threats
  • Maturity assessment of our corporate security controls, against the governing CIS Top Controls framework and conducted a threat modelling workshop with Corp IT
  • Upgraded our platform, supporting infrastructure and procedures to allow our GiG Core partners to enter the regulated German market and made adjustments to our media services products to align with the requirements of the regulated German market.
  • Received the approval of the joint implementation plan submitted to LOTBA (City of Buenos Aires Regulator) by GiG and Upline SA (Grupo Slots) and made significant technical progress towards meeting the requirements of applicable law and the commitments made to LOTBA. We also applied for a media services licence in Greece and registered for business in Maryland, New Hampshire and Wyoming which supports the rapid growth of the business
  • Gained recertification of the ISO:27001 on all Platform products, including for Malta, Riga and Spain offices and reduced the introduction of new vulnerabilities in our products and infrastructure by 70% since 2020
  • GiG Comply, our proprietary compliance software has continuously gained a stronger foothold and mandate in the industry,supporting third party partners to stay compliant in regulated markets. In 2021 we saw several major markets regulated such as Germany and Netherlands, which introduced unexpected regulatory requirements so we altered our rules engine immediately. Altering the rules engine is something we understood had to be a key feature from the beginning of Comply as the gambling industry is fast paced and ever changing.

 

Product, tech and commercial highlights for 2021:

 

  • Clear progress in expanding our platform to support new regulated markets
  • Improved cadence and released new features on our new platform UI, soon to be rolled out to all operators, with a big focus on operations / support functions being more efficient
  • Greatly improved data platform, with new dashboards, insights and self service functionalities to improve how our operators get data, the detail and how it’s delivered
  • Increased focus on improving our workflow engine Logic, making it more user friendly and putting the power of the tool in the hands of our partners
  • Delivered new brands on our frontend framework and CMS, and one going live with our Omni solution. We have focused here on time to market and reducing the time we can put a website in the hands of a customer
  • Our commercial team assessed and highlighted seven potential areas (including reselling content, better time and material practices, ancillary services, reduction of addressable markets and increased regulated markets) to drive more revenue and increase our share of wallet, driving recurring monthly revenue.
  • Defined our addressable markets for 2022 and will be concentrating on expanding our footprint to Serbia, Ontario and Pennsylvania
  • We have increased our portfolio of direct game provider integrations with EGT
  • Continued work on offering a wider sportsbook offering with Betsson Sportsbook integration
  • We have taken a solid step into the North American market by hiring industry veteran of 14 years, David Elmore, from Gaming Laboratories International and which increased our industry experience in our sales team to 60 years.
  • Improved marketing analytics by strengthening our relationship with Salesforce and their technology offerings.
  • Secured a Platform deal with Rank Holdings from Sri Lanka. Rank is a traditional retail casino with several properties in Sri Lanka and Africa and more in the pipeline.

The B2B services, including GIG Core (online gaming platform), and GIG Sports (proprietary sportsbook), are licensed and regulated by the Malta Gaming Authority (licence number: MGA/CRP/330/2016 issued on the 1st August 2018) and the UK Gambling Commission (44073).

The licences are held by iGamingCloud Limited (Company Reg. No. C48466 of @GIG Beach, Triq id-Dragunara, St. Julians, STJ3148, Malta.)

©2019-2021 Gaming Innovation Group. All rights reserved | Company Registration Number: C44319