“With a small internal team, we rely on Alert Logic to look after our security and provide a 24/7 security operations center (SOC) which wouldn’t be possible for us otherwise.”
Jason Ozin, Group Information Security Officer, PIB Group
As a cloud-first company, PIB Group (PIB), a dynamic and diversified insurance intermediary group, chose AWS for its flexibility, dependability, and built-in security features. To optimize the security of the PIB cloud environment, AWS recommended the Alert Logic managed detection and response (MDR) platform that functions seamlessly on AWS to help with its rapidly expanding cybersecurity needs. Through this strategic collaboration, PIB keeps its in-house security team small and agile, even as business continues to grow.
The Challenge: Limited Staff, Disparate Security Solutions, Increased Risks
After organic and rapid growth through several key acquisitions, the executive team at PIB sought to streamline IT operations and bolster security across the firm’s thirty-plus UK offices. With a focus on data protection and a small internal IT security team, PIB Group Information Security Officer, Jason Ozin, needed trusted partners to ease the burden of running a large security group. “Finding and retaining members of a highly functional security team can be extremely difficult, especially in the current environment. I believe partners who focus solely on cybersecurity can do a better job of finding the skillsets I need and delivering comprehensive, 24/7 protection. This empowers us to concentrate on other areas vital to our company mission,” Ozin stated.
Adding to the complexity of cybersecurity, PIB’s newly acquired companies operate on different environments, platforms, and applications. The smaller ones especially have no security resources at all. Some also use custom-written platforms that are challenging to alter and leverage. Ozin explained the difficulty of these custom platforms, “Typically, they are so custom that only one person in the organization understands how to operate them. What happens when he or she is out unexpectedly or goes on vacation? It’s a recipe for disaster.”
The increased likelihood of an attack on critical systems and data also drove PIB to find a more effective security solution. “Ten years ago, I probably could have brought a terminal server online, not put any protection in place, and it probably wouldn’t have been attacked. If I did that now, it would be attacked within 30 seconds,” Ozin explained. “Many companies miss the security bar. They’ll have significant investment and preventative tools in place but don’t invest in detection technologies. I hear the consequences of that oversight on almost a daily basis in the news and from my peers. I’m focused on that not happening on my watch,” Ozin added.
“Alert Logic is essentially looking after our entire AWS estate. All services, web application firewalls, and ingress and egress points.”
Jason Ozin, Group Information Security Officer, PIB Group
The Solution: Streamlined Acquisition Security, 24/7 Monitoring, Easier Compliance
PIB depends on Alert Logic MDR, embedded into AWS to enhance security. Alert Logic also plays a key role in the process of securing and integrating new acquisitions into the PIB Cloud on AWS. Despite the diverse IT environments and varying scales of it’s acquired companies they are successfully secured by Alert Logic and funneled into the flexible and scalable PIB environment on AWS with ease. By engaging Alert Logic at the end of the acquisitions pipeline, Ozin quickly gains thorough visibility into the assets and existing security protocol of a newly acquired company. He described the significance of AWS and Alert Logic in the process, “Once we acquire a new company, the first thing we want to do is get the AWS and Alert Logic armor around it. Then we know we have it secured.”
Alert Logic’s fully staffed team of cybersecurity experts in their 24/7 global SOC adds an extra layer of protection by continuously monitoring, triaging, and prioritizing any threats that may affect PIB’s IT environment, allowing them to focus on their core business and security outcomes. Ozin explained, “With Alert Logic we’re able to customize for our environment by flagging our risks by importance.”
As a regulated industry, Alert Logic also helps facilitate security compliance auditing. “We’re holding a lot of personal data, but more importantly, we’re regulated by the Financial Conduct Authority (FCA) which mandates business continuity,” Ozin said. “Data security is obviously of utmost importance and Alert Logic is very helpful when proving our compliance.”
Why Alert Logic?
Frequently engaged in complex acquisitions, PIB has been able to leverage the cost efficiency of its small internal security team while trusting Alert Logic to handle its broader security needs. Ozin encouraged others in the insurance industry to consider security and asset protection an essential component of operations, rather than an aside. “I can’t see how another company our size, with our sort of acquisition pipeline, could possibly open up their cloud environment to the internet, especially if they’re platform based, without having something like Alert Logic in place. It’s inconceivable to me because it’s a bit like keeping your front door open and not expecting a break-in.”
Ozin further explained that he believes PIB is ahead of many competitors when it comes to security and data protection. By choosing Alert Logic, PIB understands how important it is to invest where it matters most. “Without Alert Logic, I would never pick up on all the incidents happening within my environment,” Ozin clarified. “I can’t turn to auditors and regulators and say to them, hand on heart, that we have secured our environment unless I’m actually getting metrics to see that security.”
By providing optimized detection, compliance regulation, and thorough cloud protection, Alert Logic and AWS became essential to operations at a time of significant transition for PIB. Ozin elaborated, “We transitioned away from using a lot of platforms and systems, over the years, but we chose to stay with AWS and Alert Logic. Both have proven to be great relationships for us.”
Ozin also believes PIB survived the pandemic very well because they chose to go cloud-first with AWS and Alert Logic — all while working from home. He elaborated, “You can’t be in the cloud, or anywhere with exposure to the internet, without having a SOC helping you out. You must have that blanket of security to keep bad stuff out and quickly deal with anything that gets through, which is what Alert Logic gives us. That 24/7 monitoring and instantaneous alerts are my most valuable layer of protection.” Ozin concluded, “ In the end we’re not doing this to pass audits or satisfy third parties. Our security solution with Alert Logic protects our customers AND our reputation, and that helps me sleep much better at night.”