A Professional Baseball Team in the MLB recently implemented an organization-wide data initiative to warehouse all analytics and player stats. This system allowed the front office and its players to have real-time visibility into stats, updated playbooks, similar player profiles, tailored strength and conditioning programming and other critical data points. The team engaged Valorr to perform a comprehensive cyber program maturity assessment to help them identify security gaps and implement best practices.
Following implementation, the organization worried about potential security risks around and throughout their data environment. The company didn’t have a team managing data privacy, wasn’t sure what best practices should be in place to secure it and lacked visibility into the risks surrounding it.
While the organization knew this implementation had introduced new risks and vulnerabilities, it lacked the visibility and the expertise needed to identify and understand them and the skillset to address them.
The client’s IT and security team had implemented the data warehouse in AWS, but the team was small, focused and lacked the holistic security expertise needed to see the inter-connectivities. Standing up the data warehouse without holistic security experts resulted in new risks and vulnerabilities that security partners could have addressed during the implementation process. But for some organizations, building an in-house security team isn’t always the chosen path. Working with a third-party cybersecurity partner to identify security risks and provide a strategy to address them was the best option for this team.
The teams CIO engaged Valor for a cyber program maturity assessment to identify security program issues, potential data warehouse implementation hurdles and provide a risk-based remediation plan. As a result of this assessment, the CIO hoped to build more confidence in the data warehouse program, increase usage, and maximize the return on their investment. Valor offered a collaborative assessment that was tactical and targeted on the issues and objectives that the business cared about most, without extraneous overhead. This approach that was well suited to the teams’ tight timeline and budget. In addition, Valor’s deliverables provided actionable, risk-based results. Final reports and actionable roadmaps provided clear remediation steps that the manufacturer’s IT and security teams’ could execute without deep security expertise.
For this assessment, the Valorr team used the National Institute of Standards and Technology (NIST) Cybersecurity framework and the Capability Maturity Model Index (CMMI) to evaluate the teams’ environment. Using this framework as a benchmark, they were able to clearly demonstrate where the team aligned with best practices, where there were gaps, and where there were opportunities for improvement.
One of the many benefits of using this combination of frameworks was that it allowed the client to decide the how they wanted to prioritize security budget following this assessment.
Following the assessment, the Valor team hosted a series of collaborative sessions with the team’s front office to discuss findings and socialize recommendations. This provided more insight to the risks and opportunities that were uncovered and allowed the Valorr team to answer the teams’ questions in real time. For an organization without a dedicated security team, these sessions provided an extra layer of context that could help with decision-making down the road.
Following these sessions, Valor built a comprehensive final report, which included a full gap analysis. This report examined every issue our team uncovered, provided clear recommendations, and detailed remediation steps. Remediation was documented in a very tactical way, providing the recommended steps the IT and security team members would need to take to solve an issue. The report was accompanied by a detailed recommendation roadmap, which was designed to help the team prioritize remediation steps.
From kick off to final deliverables, this assessment spanned four weeks, providing the client with the quick assessment and detailed insight it needed to secure its data warehouse environment.
This cyber program maturity assessment identified 10 key issues within the client’s data warehouse environment, four of which were deemed high risk to be immediately addressed. Fortunately, many of these could be resolved in less than an hour through relatively simple configuration changes. Valorr’s detailed remediation roadmap and guidance outlined these steps so the team could take immediate action, without conducting hours of research.
Following this assessment, the teams’ front office felt more confident in the security of its data warehouse environment. This has enabled the client to get more buy-in from users, resulting in more consistent usage and greater ROI from this investment.
Because Valor was able to deliver a collaborative assessment in a short timeframe and provide actionable guidance, the team has partnered to engage us for additional advisory services.
Valor offers expert cyber program maturity assessments that are designed to have a lasting impact on your organization’s business environment. Beyond assessments, we also provide in-demand security implementation services like policy and procedure drafting, incident response tabletops, compliance readiness and vCISO services.
Check out more stories about the exciting projects we’ve been working on.
