Epic Games Case Study

RSI Security helped the video game giant Epic Games navigate regulatory and security challenges.

images

Prior to our partnership, we were ready for PCI compliance to be a daunting challenge. However, after working with RSI Security, everything about the process has been as efficient and painless as possible. We’ve turned a potential weakness into a strength overnight.

- Kevin Carpenter, Director of Information Security at Epic Games

Challenges

Epic Games, founded in 1991, is one of the worldwide leaders in video games and 3D engine technology. One of its flagship franchises, Fortnite, features over 250 million accounts. And its Unreal Engine is one of the global gold standards for game and 3D experience development.

To bring entertainment and connection to millions of players across the globe—and support its comprehensive digital ecosystem for creators and consumers alike—Epic Games leverages over 40 international offices. In any organization of this size and complexity, security and regulatory concerns carry increased significance due to the sheer number of people they impact. And for Epic Games, time zone differences add a layer of difficulty to communicating responsibilities.

Ultimately, Epic Games needed to secure Payment Card Industry (PCI) compliance, including both preparing for an upcoming assessment and laying the groundwork for long-term maintenance.

RSI-Security-Logo

Architectural Changes

Senior Security Assessor Peter Phaneuf worked closely with Epic Games Director of Information Security, Kevin Carpenter, to analyze which changes were needed to comply with the PCI Data Security Standards (DSS). RSI Security advised on which changes to make and how. Prior to implementing new architecture or making other critical changes to their systems, Epic Games would consult with Phaneuf and his team to ensure that the new controls were effective and efficient.

“We needed an assessment but didn’t know the extent of architectural changes that were required. We consulted with Peter and his team every step of the way to ensure compliance.”

– Kevin Carpenter

Security Assessments

PCI compliance requires in-depth testing across all systems, which is challenging in a global context. Phaneuf and RSI Security’s Project Manager, Arman Bashir, coordinated assessments with international development teams to ensure smooth communication and collaboration across diverse IT and security contexts. This groundwork set Epic Games up for a seamless Report on Compliance (ROC) and Attestation of Compliance (AOC) documentation process.

“With our international teams, time zones often present a major challenge in terms of getting people on the same page. With RSI Security, the communication was always on point.”

– Kevin Carpenter

RSI-Security-Logo

Compliance Management

Phaneuf and Bashir developed a comprehensive system Epic Games can rely on for long-term PCI compliance. It included building on what made this fragmented engagement work, such as reliable schedules for ongoing regular meetings and realistic timelines for future assessment and remediation exercises. Another major pillar of this system is the streamlined total compliance tracking (TCT) portal—established to facilitate cross-team communication.

“Recurring meetings were professionally run, and the schedules and timelines were always met. I would recommend RSI Security to any company that needs comprehensive cybersecurity and has a complex operational ecosystem.”

– Kevin Carpenter

Outcome

Epic Games was seeking seamless PCI compliance across its operations. Working with RSI Security, Epic Games was able to prepare for compliance in the short term, with updated controls and architecture. And Carpenter’s team now has an actionable plan in place to maintain that compliance long-term. With their PCI compliance efforts handled, Epic Games can focus more of its direct attention on supporting its millions of players, creators, and other stakeholders.

images

“I’m looking forward to partnering with RSI Security now and into the future.”

- Kevin Carpenter, Director of Information Security at Epic Games

LATEST

Case Studies

Epic Games Case Study

Macomb Community College Case Study

Lumistry Case Study

Tilly’s Case Study

RSI Security

Power Digital Case Study

Meltmedia Case Study

WorkWave Case Study

Finix Case Study

CUSTOMERS

Organizations that trust RSI Security

samsung
Screenshot 2023-10-13 142906
Epic
PowerDigital_SecondaryLogo_Transparent_Black_67181
cisco-impact
Workwave-1
sandag
tarleton-state-university-logo-freelogovectors.net_
Rady_Childrens_Hospital_logo.svg
Seal_of_Beverly_Hills_California.svg
century-club-sd