Security Experts:

What Enterprise IT Security Can Learn from Super Bowl Security

It’s July. An odd time to be talking about Super Bowl security, right? Actually, it’s never too early to focus on information security and risk management, and Super Bowl security is certainly no exception. Super Bowl officials take two full years to plan and implement their strategy. IT security pros everywhere would be well advised to learn from them and take action long before crunch time.

Security When it comes to risk and security management challenges, America’s premier sporting event is like nothing else. Due to the incredible management challenges, the Super Bowl’s security team has to be the best team on or off the field. The stadium must be staked out well in advance for miles around. Networks and all IT assets must be optimized and locked down. More than 100,000 people attending the game must be screened and monitored. And security for the whole spectacle must be seamless and transparent to the attendees and participants—another factor that requires building the right “enterprise-level” strategy from the beginning.

So, how did the security professionals at Cowboys Stadium in Dallas pull it off without a hitch during the 2011 Super Bowl? According to Dallas Cowboys owner Jerry Jones, no stones were left unturned. He told CNN, “In these current times you would be shortsighted, really, not to have gone to the nth degree to design security and security equipment and security areas.”

IT security pros would be wise to heed Jerry Jones’ advice about going to the “nth degree” when planning and implementing risk and security management solutions. Sure, it’s unlikely that terrorists are lurking in your company’s cubicles, and you may not be protecting people’s lives and the reputation of a nation. But these “current times” are dangerous times for everyone. They require nth degree security programs in enterprises everywhere.

As an enterprise security professional, you are dealing with sophisticated, highly motivated international crime syndicates. Syndicates that are pulling in billions every year from companies with household names, and from companies of which you’ve never heard. Taking IT security to the nth degree means assessing and mitigating risks coming in from all directions in real time, proactively planning to defend against any and all threats, and deploying strategic technologies that neutralize those threats before they ever pose a problem. The stakes are too high to do anything less.

Of course IT security is critically important, but it’s not the only piece of the puzzle. IT security has to be aligned with the organization’s business needs and objectives. In other words, your security technologies shouldn’t be point solutions that are siloed in various business groups or only protecting endpoints, networks, databases, or other isolated assets.

You need a solution that shields the enterprise from every possible angle and broadly integrates IT security with business security—to enhance productivity, control costs and eliminate vulnerabilities on an enterprise-wide basis.

Start with a Solid Game Plan

IT Security StrategiesSo, how do you get to an effective level of comprehensive enterprise security when you are still struggling with siloed point solutions that can easily expose you to large-scale vulnerabilities?

Implement a strategic program based on these three objectives:

Focus on gaining complete visibility into your security posture. Enable your security personnel to call the shots from the best possible vantage point—high above the action where they have an unobstructed view of everything that’s going on. With this capability, you can assess and monitor risk holistically across the entire organization regardless of the networks, hardware, applications or security technologies you’re running. This requires a single, easily managable platform supporting both hosted and on-premises assets, and providing control of security deployments and visibility into risk events across all business systems.

Be able to proactively analyze risk. Reading signals and reacting isn’t enough these days. Any good game plan requires understanding potential risks and being able to proactively anticipate what-if scenarios. Your security program must allow you to proactively identify and respond to threats and events that could negatively impact critical business systems. Analytics at this level enable you to dynamically analyze, prioritize, and manage both current risk within your environment and potential risk introduced by new applications and business processes.

Simplify and automate your security operations. Too much complexity results in dropped balls and missed assignments. By keeping things simple, you eliminate many manual tasks and the human error and technology fragmentation that go with them. By simplifying and automating wherever possible, you can gain technical integration across heterogeneous security systems, enabling automated program management and monitoring across all systems from a single interface rather than through multiple non-integrated consoles. This can dramatically reduce operational costs.

These key objectives of a strategic enterprise security program enable you to move from a reactive mode to a proactive one regarding how you identify and manage security and risk across your organization—so you can effectively guard against virtually every contingency. What’s more, you can establish the foundation that provides a window into the broader picture that includes not only IT but operational, financial, legal, reputational, regulatory, and supply chain risk and security management.

As you continue to align and refine your program to the three objectives above, your goal should be to achieve an integrated solution that allows your team to effectively manage risk by automating the assessment, response and enforcement of your security policies. If done properly, it will also produce a nice side-effect: continuous compliance to your regulatory and policy requirements.

By now, a lot of people don’t remember the final score of Super Bowl XLV, or even who won. Outside of Texas, most folks probably don’t even remember where it was played. That’s a tribute to the security pros at Cowboys Stadium. And just think, if the Super Bowl can be this forgettable, imagine how uneventful and unmemorable—and successful—enterprise security can be with the right programs and technologies in place.

While risk and security management at your enterprise may not be as high-profile and glamorous as securing the Super Bowl, the consequences are just as critical to your organization. So the pressure is on. But unlike the NFL, at least you’re not involved in a labor dispute that might prevent you from doing your job this year.

Dave Anderson currently serves as the Senior Director of Solution Marketing for McAfee, where he is responsible for developing market strategy, delivering new technology solutions, and managing global marketing campaigns for McAfee's Risk and Compliance solutions. Dave has 18 years experience within information security and risk management at companies, including SAP, ArcSight, KPMG, and VeriSign. His expertise focuses on strategy and planning, marketing, and operational governance. Dave received his MBA from Duke University, with an emphasis in international management and strategy