Security Overview
Beamable takes several steps to ensure the safety and security of our customers and their player data on our infrastructure. Please consider the following details as an overview of some of our internal processes. If you have specific questions, please address them to [email protected].
Authentication
For user auth, Beamable implements OAuth2 with the following grant flows for token-based auth:
- Password
- Authorization Code
- Federated/Social Login
- Anonymous/Guest
For server auth, we use signed requests using an MD5 Digest of the app secret and other information. The signature is then included in the header of the request.
For password storage, Beamable uses the BCrypt password hashing function, which encompasses a random salt and a difficulty factor in hash, protecting against both brute force and rainbow-table attacks.
Encryption
All data is secured at rest and in flight by industry-standard SSL/TLS encryption within the Beamable platform.
VPCs
Each Beamable dev, test, and production environment has a dedicated VPC, in addition to DevOps infrastructure. These VPCs are isolated from one another, with security groups providing granular and limited access as needed.
Internet Gateways
We minimize the quantity of outward-facing IP addresses, using only as many as are needed for our DevOps admins to securely access infrastructure. MongoDB and AWS are both sealed from the internet and password protected, with all communication occurring over SSL.
Offboarding
We have a documented onboarding/offboarding checklist which we assign to a DevOps admin. This ensures that only authorized personnel have access to Beamable resources at all times.
Backups
We utilize MongoDB Point in Time backups, each of which are sent to other AWS regions. We do nightly internal code backups. Infrastructure is codified and can be deployed using Terraform in under an hour in the event of a massive cloud outage within our region.
GDPR
PII Data is centralized for easy deletion or pseudonymization. We avoid collecting any PII that is not volunteered as part of a Beamable feature. We publish a privacy readiness checklist in our docs site. We process and document proxy requests from our customers via Service Desk.
Security of Applications Built on Beamable
Beamble provides guidance to customers about best practice patterns for secure game development, but does not vouch for the security profile and architecture of games/applications hosted on the Beamable Live Game platform.
For any questions about a specific application running on Beamable, the game studio should be contacted directly.
For more information about the Security of the Beamable platform, contact us at [email protected]
Updated about 1 year ago