Formula 1 is well known for its precision engineering pedigree and where races are won and lost by mere milliseconds. While it has long been data driven, attention to security and resilience are deepening. To dig into those themes, I was delighted to be joined by industry peers and the Atlassian Williams F1 team on a ‘behind the scenes’ tour of the season opener in Albert Park, Melbourne.

Third party risk determines race day resilience

Motorsport relies on a diversified mix of vendor partners to deliver high performance. Think of the devices, clusters and software involved pre-race and at trackside. That network brings third party risk. But no two connections are the same: a guest WiFi connection segregated from trackside carries less risk than the systems capturing and processing in-race telemetry. 

Dealing with third party risk in the garage is akin to managing it in a complex enterprise: your supplier’s risk is your risk. Team trackside technology principal James Kent said, “We partner with vendors that align with our own strategy.” By selecting vendor partners that regard security as a business imperative, the team is sourcing resilience, not just supplies. It is also taking a layered approach to security, based on the sensitivity of the data. “We have multiple data links,” said Kent. “These are either aggregated or locked based on the latency and security requirements.”

New identity types are also posing new third-party risks. Organisations are now managing many non-human, machine identities from their suppliers. Gone are the days where organisations could rotate contingent staff using a generic login from project to project. Role-specific identities with location-aware authentication and zero trust approaches are required to keep the organisation safe. That’s particularly true as software increasingly enforces policy, detects risky connections, rotates credentials and protects multi-cloud environments. 

Balancing data sensitivity and risk to build competitive advantage

Formula 1 famously lives and breathes data. That data spans all the usual telemetry; from acceleration and braking data, to cornering speeds, gearing, track conditions and much more. But it is how that data is combined that makes the difference. “When I come back into the garage, my teammate and I are constantly elevating each other thanks to the data analysis,” said Carlos Sainz Jr. “But there’s a sweet spot. You’re slower if you’re not using the data correctly [but] it can take too much out of your headspace if you lean too much on the data.”

Getting the balance right is not just about building that personal resilience. It is also about correlating the right perspectives. The first is the driver’s on-track experience informed by their previous race history. The second comes from trackside simulations that combine current and historic race data from trackside clusters and cloud, respectively. And the third is an optimal model that predicts the best route without considering the human inputs. By combining those 3 perspectives, at the right level of fidelity and timespan, the team can uncover a deeper understanding of race trends to build competitive advantage.

That balance also involves collecting and protecting the right data. Because data has a gravity – in the supporting infrastructure, data architecture and security – collecting the wrong data poses cyber, privacy and latency risks. “I pay close attention to what [data] we’re moving, how we’re moving it and where we’re moving it to,” said Kent. “We partner with organisations to protect us because the cyber threat is constant.” Skimping on the protections and collecting the wrong data just isn’t worth the cost.

Securing high performance with the right fundamentals and levers

Continuing geopolitical uncertainties are making it harder for enterprises to build and retain business value, particularly for a global sport like F1. Focusing on the organisational fundamentals is crucial when deciding which change levers to pull. In terms of building cyber resilience, Keeper Security, Chief Executive and Co-founder Darren Guccione looks beyond the tech to focus on the people fundamental. 

“The model [for cyber security] is simple but execution is complex,” he said. “There’s [often] an inverse relationship between cyber security and ease of use. We try to unify security and ease it because if it is complex, employees will find ways around it. That puts the company at risk.”

Toolchain simplification with a platform approach is just the start. Cultural change must also accelerate. Elevating the security culture at a leadership and workforce level can ensure resilience against new attacks that the tools may miss. Creativity and ingenuity are the keys to unlocking greater defences.

Aside from the tech and people fundamentals, unifying risk management processes also matters. Think of all the effort that goes into auditing and reporting on regulatory requirement, such as Operational Risk Management (CPS 230). Under that regulation, department chiefs own – and must understand – the risks inherent in the technology assets under their purview. But when it comes to auditing and assessing those risks, disconnected processes and siloed point solutions lead to difficulties in reporting. 

In Guccione’s view, “An organisation might have 25 different security products, but they don’t thread together. [This leads to] operational and security gaps, making it impossible to run a compliance report. So, we’ve threaded all those core security applications into one unified platform. That’s the future.”

Data, security and resilience to drive high performance. By selecting the right partners, collecting only the essential data, and building upon the right fundamentals, organisations can create deeper personal, cyber and operational resilience. Technology leaders adopt these approaches, proactively, to build and maintain resilience in an increasingly uncertain environment.