The reason people use sports analogies in business and life is because they’re boiled down, easy-to-understand snippets of actions. I’ve been banging the drum of security awareness here for some time now, but the message of constant vigilance sometimes feels stale. Therefore, after watching dozens of college football players get selected to play for various NFL teams last night, I thought I’d use the draft as an example.
And Johnny Manziel as the lightning rod. Stick with me.
We can all agree that to maintain a secure facility and data center, you need to know what’s happening within and outside of these areas. Knowing the landscape and the environment is paramount to making informed decisions on provisioning and breach remediation.
Further, we all have daily tasks on our calendars that seldom change. A routine, if you will, of security steps we all follow to ensure our IT team and the organization is protected and aware of access to systems and buildings.
Finally, when the environment changes suddenly and drastically, we go into crisis mode and react in the best way we can to the factors presented us. Whether those be a hack, a DDOS attack, a physical breach or something else. In all, we hope to be ready for everything.
That’s where the NFL Draft comes in. Last night, Johnny Manziel dropped 21 spots (at least in his mind) to be selected by the Cleveland Browns as the 22nd overall pick. The quarterback from Texas A&M was considered by many to be at least in the top 10 picks in the 2014 NFL Draft. He was also considered to be the best quarterback. That didn’t matter.
What occurred last night was the environment changed and Johnny Football dropped to a lowly 22 in the draft order. Similar to what happens in your data center if there’s a crash, or what happens in IT if there’s a breach reported, decisions had to be made on the fly.
I won’t bore you with too much inside football, but Johnny didn’t fit any of the needs of the first 21 teams choosing players. Once that was taken into account, anyone can look objectively at the draft environment and understand what happened. It just takes a little big-picture understanding.
To wrap this back to keeping your data and enterprise safe…you can only do so if you see the entire landscape. Who might want to target your systems? What areas would you try to breach if you were on the outside? Are there any blips or curious events happening in your daily logs? When you take the time to really look at – and then fix – any issues, you’ll be keeping your facility and information more secure and efficient.
How do you use log management to make security decisions at your company? What one event – without giving away proprietary info – at your firm helped you step up your security game?