Players, staff on Red Sox present security challenges

Stick to sports—or at least mostly.

That’s the message for Red Sox players and player development staff when it comes to their digital footprint, the team’s VP of technology operations and information security, Randy George, told IT Brew.

Though the team doesn’t get actively involved in managing how players deal with their own personal digital security, that’s likely to change. As IT Brew recently reported, the franchise’s tech department is lightly staffed, though they do get help from third party vendors like Centripetal and HYCU.

“This is really more of a staffing resourcing challenge than it is anything else,” George said. “Major League Baseball has cyber training resources that they deploy to every spring training facility at the beginning of the season to educate players on the proper use of social media and other security related things.”

Challenge on the field. But that doesn’t mean they listen. Baseball players are elite athletes, at the top of their game when they’re on the field—“they’re focused on playing baseball…they're not cybersecurity people,” as George put it.

MLB manages a lot of player information and regulates how that data is shared. The Red Sox franchise doesn’t supply players with any tech, leaving them to their own devices—literally. Players and staff “tend to lean on the clubhouse guys that are in that room for questions, and then from time to time those will get filtered up to us if they think the internal IT team can help,” George explained.

Industry-wide. In-house sports franchise IT teams are still important to protecting players, staff, and other internal employees. At last year’s RSA conference in San Francisco, sports IT executives gathered for a panel to discuss their different approaches to maintaining audience and in-house security at games. As NHL SVP of IT and security Dave Munroe put it, taking care of the franchise means taking care of the entire experience—including players and other VIPs.

“We have a really big attack surface that’s human based,” Munroe said. “And that’s where the physical and cyber intersect quite a bit. We have to really protect all of those people, even someone who’s doing payroll, or someone who’s in HR or something like that—they’re all part of the brand, they’re all an extension of the brand. And we have to protect them as such.”