Inside Baseball: The Red Sox Cloud Security Game
Summary:
The Boston Red Sox, positioned at the forefront of the American League East in baseball, are also making significant strides in cybersecurity. By adopting a comprehensive strategy that involves transitioning critical operations to a software-as-a-service (SaaS) model and embracing the Internet of Things (IoT) at Fenway Park, the team is actively bolstering its cloud security.
Despite facing resource constraints, with only one full-time information security employee and minimal IT support, the Red Sox capitalize on resources provided by Major League Baseball (MLB). Following the 2013-2014 hack of the Houston Astros, MLB developed a robust cybersecurity program accessible to all 30 clubs, enabling collective procurement of advanced security tools and access to expertise and threat intelligence.
The Red Sox prioritize safeguarding intellectual property, ensuring compliance with regulations such as HIPAA and PCI DSS, and addressing fan privacy concerns. They have implemented a broad compliance and privacy program to secure sensitive competitive data and uphold fan privacy expectations.
Security Officer Comments:
The unique challenges posed by Fenway Park's smart-stadium technology require diligent efforts to secure IoT devices and physical assets. The team actively monitors potential threats on the Dark Web and social media while maintaining internal IoT visibility through vulnerability scanning and pen-testing.
Suggested Corrections:
To meet security challenges, the Red Sox are moving mission-critical systems to the cloud and adopting zero-trust principles for identity and access management (IAM). They leverage multifactor authentication and explore AI-driven automation to enhance security and operational efficiency.
Link(s):
https://www.darkreading.com/cloud-security/inside-baseball-red-sox-cloud-security-game