UPDATED 21:16 EDT / JUNE 28 2019

SECURITY

Liberty Mutual highlights the ‘us’ in cybersecurity

There’s no “I” in security. OK, there is. But it’s the “US” now getting savvy companies through these tough cybersecurity times. Spreading security responsibilities across a company’s departments and beyond to third parties can perk up their defense posture.

“There’s very little of what we do in security that’s just done by security practitioners,” said Katie Jenkins (pictured), chief information security officer of Liberty Mutual Insurance Co. The threat landscape is growing in multicloud and attackers are getting more sophisticated. Meeting new challenges takes asset managers, compliance people, a privacy team, auditors, and procurement specialists, according to Jenkins.

Scaring everyone in the business with horror stories of breaches won’t necessarily get them excited to participate. To get all hands on deck requires a can-do ethos and practical re-skilling. Liberty is bringing its entire workforce and others outside the business on board. “We’re educating them on how to prevent phishing attacks. We’re doing all sorts of culture-based initiatives, recognizing that if it’s just the security folks doing security, we’re going to have a big gap,” Jenkins said.

Jenkins spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the AWS re:Inforce event in Boston. They discussed Liberty’s holistic security posture and how cloud, in particular, has enabled enabled it (see the full interview with transcript here).

Third party threats and rewards

Vendors are part of the picture too. Liberty is examining third-party risk management — not just in terms of cybersecurity, but privacy and continuity. For instance, it’s looking at vendors’ services for overlap and trying to trim out anything redundant.

It is also leveraging vendors’ expertise in how to transform security in the company. It runs 20% of its workload in public clouds, including Amazon Web Services Inc., according to Jenkins. The developer operations team manages its cloud resources and services. They work tightly with Jenkins’ team to help them understand how things like access management and identity can affect security.

Cloud automation has taken some previously manual security tasks off people’s plates. This is a big boon, since it frees security pros and others at Liberty to set their brains on other tasks.

“There’s always a something else in security,” Jenkins concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event.

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU