CASE STUDY
Comanche Nation Casinos
Slot machines are the bread-and-butter for virtually all casinos that employ them.
In fact, the American Gaming Association reported in 2010 that while one-armed bandits
produced just 45% of the revenues in gambling mecca Atlantic City in 1978, by 2010 that
number had climbed to almost 70%. Small wonder: most gamblers – the AGA calls it a
“significant majority” -- say slots are their favorite games to play, with nearly endless
varieties of machine types and often low-entry costs – as little as a penny in some cases.
For David Kavaljian, IT Director at the Comanche Nation Board of Advisors, the allure
of noisy and colorful slot machines and electronic bingo systems means good business
for the five casinos in southern Oklahoma. But slots are also one of the most heavily
regulated and scrutinized aspects of casinos.
The Challenge of NIGC Regulations
The Comanche Nation Casinos fall under the auspices of the Indian Gaming Regulatory
Act of the National Indian Gaming Commission (NIGC) which requires that casinos
monitor the internal controls of any and all gaming systems on site.
The National Indian Gaming Commission’s Minimum Internal Control Standards for
Class II Gaming specifies the basic security visibility required for information technology and information technology data. “In practice, Comanche Nation Casinos needs to
“We’ve got a new level
of confidence in our
ability to report on all IT
activities, and to satisfy
all of the many and
changing regulations
we face as a casino.”
be able to show, at any given time, where and when our people have touched
information in any of the machines,” Kavaljian says.
At the Comanche Nation Casinos, that can get complicated. The casinos use a number
of Class II (electronic bingo machines) and Class III (slot machines) in their various
locations. The machines are owned by eight discrete vendors, and are managed by
proprietary servers at each site. For security purposes, the individual casino has no
direct access to its on-site servers.
Monitoring the disparate systems and servers from a centralized location while also
meeting regulatory demands was a significant challenge, Kavaljian says, so his group
set out to find potential solutions.
—David Kavaljian, IT Director
Finding the Right Monitoring Solution
The IT group for the casinos researched and tested several security solutions that
would allow them to track the required information. Kavaljian says that while each had
its plusses, the main negative was each allowed some level of data access by
third-party equipment vendors, essentially negating his ability to have full control.
Additional research brought them to ObserveIT, which offers video-level auditing that
records remote desktop protocol (RDP) and all remote access. “This was the only
solution that really allows our Board of Advisors to do the auditing in a non-intrusive
and fully transparent way,” he says.
observeit.com/tryitnow
CASE STUDY
Comanche Nation Casinos
ObserveIT’s session recording and logging solution – which records videos of every server session as well as textual activity logs of
everything done by users while logged into casino computers -- allows the casinos to implement key controls involving the logging and
monitoring of all activity performed on its sensitive systems. Whereas standard logs collect data on server and network activity, session
recordings and logs focus on the user activity within the operating system and every application (commercial, bespoke, legacy and
cloud). It’s a granular, user-focused monitoring capability so the Comanche Nation can have all the details to understand what
administrators and remote vendors are doing on managed servers and desktops.
The ObserveIT Solution for Comanche Nation Casinos
ObserveIT quickly gave The Comanche Nation Casino absolute visibility. “Having a video that can show exactly what is happening or
what already transpired -- like the script used in a command -- is essential to compliance with the NIGC regulations, and that’s what
ObserveIT allows us to do,” Kavaljian says.
The remote vendor monitoring aspect allows them to see exactly what each third party vendor is doing, helping improve security,
accountability and policy messaging. It offers transparent service-level agreements and billing validation with third parties as well.
The system also helps with root-cause analysis, so they can better understand “who did what?” and when.
“We’ve got a new level of confidence in our ability to report on all IT activities and to satisfy all of the many and changing regulations
we face as a casino,” Kavaljian adds.
The casino also uses ObserveIT’s network device configuration change monitoring capabilities, allowing them visual monitoring
and auditing when they need to reconfigure network devices. In addition to full video recording and playback of every device
configuration change, the system also offers keyword-searchable activity logs and custom alerts based on user-definable triggers.
observeit.com/tryitnow