How a UK-based Insurance Brokerage Achieved Sizable Annual Savings While Securing Access for Over 2500 Users
PIB Group (‘PIB’), a UK-based global insurance intermediary with a presence in the UK, Europe and India, set out to improve their overall security posture and provide a seamless user experience for internal and third-party user access of the company’s business applications.
Established in 2015, the Group was expanding quickly, going from 12 to more than 2500 desks in a remarkably short window of time. With around 60 business acquisitions since 2016, and 2021 marking their move into new countries like Spain and Netherlands, PIB is on track to continue its rapid scaling. In 2022 further acquisitions have been made with many more on the horizon as PIB continues its rapid international expansion.
PIB was looking for a security model that would support their growth and acquisitive business strategy objectives.
The company's Chief Information Security Officer (CISO) who led the shift to a new security strategy was aware that PIB’s existing IT infrastructure limited flexibility and lacked identity-based authentication. He knew the company’s growing attack surface was leading to even greater risk but also had to prioritize business agility and security with pursuit of further acquisitions and expansion.
PIB’s customer-centric and specialized approach to providing insurance brokerage services made operational agility and efficiency top priorities, withzero trade-off on organizational and data security. Reducing their security risks by minimizing their attack surface and meeting the ever-changingcompliance requirements of the finance sector, particularly in the insurance vertical, were critical in continuing to scale up.
The company was looking for a solution to centralize identity-based secure user access to mission-critical applications and resources, with a range of challenges they set out to overcome.
The Existing Tech Stack and the Challenges to Overcome
With PIB’s offices, internal users and clientele located across the UK and diverse corners of Europe and India, it was essential to blend speed and agility with improved secure connectivity to support the business and maintain productivity.
Users, working both internally and remotely, were connecting to private circuits through firewalls in internet breakout locations. Key business applications were accessed via VPN and virtual desktops, increasing the attack surface and adding further complexity, latency and overhead to the infrastructure.
When starting their new journey to connectivity and secure user access, PIB used AWS Workspaces VDI as a security and performance tool, alongside Okta for MFA, SSO and MDM, with all devices joined to a domain. Keeping all applications protected with MFA was critical to PIB, and while Okta was able to provide this for some applications, others posed challenges for Okta’s MFA integration because of their age, provenance or architecture.
One critical example was the PIB Human Resources application, which would have otherwise required additional coding and customization to apply MFA to it. With the sensitive data and daily workflows involved using the human resources application, finding a way to authenticate users and secure user access and connectivity with MFA was critical.
Fronting Okta-based connections with Cyolo did the trick. Simple.
PIB was eager to adopt and implement a security model that would support peak performance and efficiency, while meeting the insurance industry’s demanding compliance requirements with full control and ownership of sensitive content and data.
“Cyolo is laying the foundation for PIB to implement a new architecture with non-domain joined devices using Microsoft’s InTune MDM. Cyolo also provides modern ongoing identity-based authentication and verification with MFA and SSO from Okta, centralized in one identity-based access and connectivity solution. The tool’s unique zero-trust architecture created a platform for us to review our WAN architecture, with the possibility to bypass the need to move to SD WAN when suitable.”
- Jason Ozin, Group Information Security Officer, PIB Group
Goals
Easily, quickly and cost-effectively deploy and implement a single secure access and connectivity solution at minimal overhead and to lay a zero-trust foundation and meet industry compliance requirements.
Fill in MFA and SSO gaps, further increasing the value and extending use of Okta for MFA, SSO, and MDM.
Improve security posture while maintaining optimal performance and user experience for internal and remote users.
Replace VPN used for remote access to key business applications in order to reduce the attack surface and improve user experience.
Simplify the network while laying foundation to review WAN.
Move away from reliance on domain-joined device to support BYOD and improve business agility.
Next Steps: Replacing the VPN to Improve Security, Performance and Productivity While Scaling Up
The team at PIB was ready to remove their virtual desktops and simplify their infrastructure, while simultaneously implementing a zero-trust access framework that would allow them to review their Wide Area Networking (WAN) strategy in the future while replacing VPNs today. Under the leadership of PIB’s CISO, the organization was ready to make the shift and adopt Cyolo’s identity-based zero-trust access solution, proactively taking cost-effective measures to further secure the organization and underpin performance.
The Cyolo Solution
Replacing AWS Workspaces, Cyolo publishes business applications in the Okta Dashboard using the least privilege approach.
Cyolo provides foundation to review WAN and the potential need move to SD WAN.
New device image with MS Intune MDM, Okta SSO/MFA to support non-domain joined devices.
Improved user experience with every app/resource in Okta Dashboard.
Why PIB Chose Cyolo: Secure Access and Unmatched User Experience
In evaluating the solutions on the market and ultimately choosing Cyolo, PIB felt they gained the fastest and most secure access solution available. Key to their decision were the facts that Cyolo has no access to their data, stores nothing in the cloud, and provides an unmatched speed, low-latency cloud delivered service. The finance and insurance industry’s compliance requirements are increasingly rigid and demanding, particularly adherence to privacy policies related to security and storage of sensitive data, like GDPR standards. Cyolo’s trustless architecture empowers PIB to fully own and control all critical content and data.
All of the company’s most sensitive information (such as passwords, encryption keys, and tokens), remains within the PIB security perimeter – not in the Cyolo cloud, automatically improving their ability to adhere to compliance requirements. It was also important for PIB that Cyolo’s trust-less architecture could not be weaponized against them in a supply chain attack. As supply chain breaches become more common and provide hackers with ease of lateral movement into a vendor’s customer IT systems and networks to exploit stored credentials and sensitive data, Cyolo’s zero-trust architecture that adheres to true zero trust principles provided PIB with an unmatched advantage.
Results
Unmatched speed and ease of deployment and implementation – taking just one hour to get up and running with immediate results
Minimal management overhead
Improved business agility & operational efficiency: ability to add acquired companies in minutes and support Just in Time access
Built foundation for a zero-trust framework and secure user access and connectivity
Reduced attack surface, improved security posture
Realized significant cost savings and infrastructure simplification
New Security Measures Implemented Cost-Effectively and With Ease
Cyolo was initially deployed for PIB within just one hour, providing a near instantaneous improvement to business agility and operational efficiency for an organization with over 2500 remote, internal and third-party users - and growing at a rapid pace. With the new cost-effective identity-based access strategy as a foundation, PIB’s acquired companies could be easily added to their IT systems and applications within minutes. Key stakeholders and users gained just-in-time secure access and connectivity with minimal management overhead.
PIB is in the process of removing inbound firewalls and their VPN, along with AWS Workspaces, and is already realizing significant cost savings of £35 per user per month with a simplified IT infrastructure. Savings will reach over £1 million annually.
Cyolo seamlessly integrates with Okta, providing secure access to every mission-critical application and resource in the Okta dashboard using the least privilege approach. In addition, applications like the human resources solution that posed customization challenges are no longer an issue, as Cyolo instantly extends Okta’s MFA to the legacy HR system for simplified and streamlined secure access. Cyolo’s publishing abilities also enable PIB to replace AWS Workspaces. Session recording and supervised user access are additional feature options to help PIB mitigate threats and improve visibility and control, yielding an overall improved security posture.
“Working with the Cyolo team continues to prove that identity-based access based on a trust-less architecture will bring our security posture and user experience to the next level. Deployment took just an hour, and our users immediately experienced better speed, operational efficiency and saw business agility supported with a simplified IT infrastructure at the heart of the shift. With our attack surface shrinking, and a projected £1 million in annual cost-savings, we’re moving full speed ahead with acquisitions and growth with secure identity-based access and connectivity.”
- Jason Ozin, Group Information Security Officer, PIB Group
