Ensuring the Trustworthy Handling of Data in the Sports Betting Industry

Contact: +386 590 742 70 Follow us:

Details: 09.05.2025

Ensuring the Trustworthy Handling of Data in the Sports Betting Industry

The Sports Lottery enhanced its information security protocols by migrating encryption keys to Utimaco SecurityServer Se-Series General Purpose HSM hardware security modules.

Športna Loterija d.d. is a leading Slovenian provider of sports betting, contributing significantly to the financial sustainability of the Sports Foundation and the Foundation for the Financing of Disabled and Humanitarian Organisations. The main shareholders include the Slovenian Olympic Committee, the Slovenian Ski Association, the Slovenian Football Association, as well as the Post of Slovenia and the Lottery of Slovenia.

Information security is a priority for the Sports Lottery (Športna loterija d.d.), as demonstrated by the implementation of ISO 27001 certification in 2021. The primary challenge in enhancing information security was to safeguard the keys they issue with Microsoft CA. This was due to the fact that a solution to protect the keys was being run on the same server as the other data.

"While the solutions proved effective, they did not meet our high security requirements. After devoting three to four years to market research, we were able to identify all the hardware security modules and make informed comparisons. We focused on European manufacturers because we have a lot of regulation in the EU that other countries don't require," said Jani Ravas, IT and Technology Director at Športna loterija d.d.

The selection of Utimaco SecurityServer Se-Series General Purpose HSM hardware security modules was influenced by the support provided by CREAPLUS.

"While it is certainly beneficial to have a product from the European Union that complies with EU legislation, it is even more advantageous to have a development team from the EU located just a few kilometers away.In the event of any issues or maintenance needs, we can immediately contact the manufacturer or CREAPLUS," Ravas explained.

New level of security for identities and communications

The Sports Lottery utilizes the Microsoft CA system to issue digital certificates, thereby authenticating workstations and users.

"We have a dedicated 802.11x protocol to authenticate workstations that are authenticated at CA. Furthermore, the entire sales network and all terminals are authenticated on a secondary Certification Authority (CA) that is subordinate to the primary CA. All keys are now stored on the HSM modules and no longer on the servers. Ravas explained that this design feature makes them potentially inaccessible to attackers because the cards are stored separately and can only be accessed with a physical card.

Jani Ravas We are extremely satisfied with CREAPLUS. In addition to cooperation on HSMs, other areas are opening up. There has never been any problem with HSM and other support. We got all the answers immediately. When, for example, an operating system update has to be done, we do it together, including the report. Everything is as it should be. For updates they have all the procedures described and documented what they do. We are also required to do the latter by ISO 27001 and 9001 and by insurance legislation.

Jani Ravas, Director of IT and Technology at Športna loterija d. d.

Testing data encryption in Microsoft SQL

In 2024, a pilot project was initiated to encrypt data in Microsoft SQL Server using Utimaco's hardware security modules. One of the key benefits of using HSM is that it did not require any changes to the software to implement encryption. The solution is also future-proof, as the 256-bit AES encryption provides high protection even in the event of hacking and data theft. Furthermore, they will be capable of utilizing post-quantum encryption algorithms to ensure data security.

Pleased to offer even more reliable encryption keys

In addition to providing high security in terms of intrusion and data theft, the HSMs will also improve the quality of the key generation itself by using Utimaco's truly random number generator.

According to Ravas, this method of generating keys will enable them to supply keys for all their digital services.The creator is certified in the EU and provides them with all the necessary millions of possible combinations, or completely random numbers, to ensure secure key generation.

News

CREAPLUS convinces at the Croatian conferences on cyber security

CREAPLUS convinces at one of the most prestigious Croatian conferences on cyber security

CREAPLUS presented solutions to strengthen cyber security and resilience at the international conference "S///:TOP konferencija - People Above Technology!" in cooperation with Coro and Stellar Cyber.

Slovenian good practices in the use of artificial intelligence presented to Croatian colleagues

At the international conference "Challenges of Implementing Artificial Intelligence in Enterprises" organized by SRIPGD, the Association for Informatics and Telecommunications, in cooperation with the Slovenian-Croatian Chamber of Commerce and Industry, Mitja Trampuž, President of the AI4SI initiative, presented the state of the art and challenges in the Slovenian economy in the implementation of artificial intelligence.

The Artificial Intelligence for Slovenia AI4SI initiative, which operates within the Association for Informatics and Telecommunications of the Slovenian Chamber of Commerce and Industry, has published an updated "Guide to Deploying Artificial Intelligence in Enterprises".