Wiz

Cupid in the cloud: celebrating developer and security team partnerships

In cloud security, the most compelling love story is the one between developers and security teams. This Valentine’s Day, let's shine a spotlight on these dynamic duos.

4 minutes read
Wiz Team

Every Valentine's Day, we celebrate the power of relationships. But it's not only romantic relationships that make hearts race! In the world of cloud security, one of the most compelling love stories is the one between developers and security teams. In the past, the relationship between these two teams hasn’t always been harmonious; they used to work in silos, rarely sharing a goal. But shift left culture — where security work is integrated into the development process — is changing the game. And with the right strategy in place, security doesn't have to be an obstacle for developers; they can remediate issues easily without sacrificing speed.  

With context and accuracy, security teams can prioritize fixes and not send developers a laundry list of tasks — they can speak the same “love language.” This Valentine’s Day, let's shine a spotlight on these dynamic duos who collaborate to secure their organizations’ cloud environments.  

Communication and collaboration at AppsFlyer 

Our first love story starts with the bustling world of AppsFlyer, a leading mobile marketing analytics company. Amidst a period of rapid growth, with a complex multi-cloud architecture, AppsFlyer’s developers and security teams faced an uphill battle to build clear and consistent security practices. Picture two teams standing on either side of a big divide: developers on one side, and the security team on the other. The gap between them represents the challenge of creating mutual understanding around how to move away from project-based security toward a more centralized, risk-based approach. AppFlyer’s security team needed a more direct way to communicate. “We had to learn how to speak the same language in our weekly meetings and be able to react to issues quickly,” says Danny Robinson, the company’s Cyber Security Engineering Manager. The company needed more than a tool; it needed a security partner to help shape solutions to the challenges posed by a dynamic, multi-cloud environment (one that included extensive infrastructure as code, containerized apps hosted on Kubernetes, and standalone containers). The team also realized that they had to unify monitoring and remediation practices to create a smoother deployment process.  

First, the team used CSPM to get a holistic view of their infrastructure. As they continued to streamline security management, they began doing IaC (Infrastructure as Code) scanning, taking advantage of more functionality within a single tool. Operationalizing their security process led to a shift left approach, enabling the identification and resolution of risks earlier during the development cycle. With greater context into their risks across AppsFlyer’s complete infrastructure, teams have gained a better understanding of which risks need to be prioritized. This fostered better collaboration between the security engineering and development teams. They were like two people holding hands and walking together towards the same goal – building a more secure cloud environment. When developers and security teams work together, sparks fly! 

Risk reduction and sustainable growth at MercuryGate 

Our next developer/security love story happens at MercuryGate, a global smart transportation platform. As the company embarked on the massive task of migrating its on-premise infrastructure to the cloud, the developer and security teams knew they needed to form a united front. At first, they tried to work toward their common goal using legacy security solutions and third-party security teams, but as the project advanced, both teams realized they needed to bring security in-house to improve visibility and remediation speed. The security team worked closely with DevOps to create a mutual ownership of security priorities. 

The company is committed to using these resources to keep ahead of evolving and future threats. To ensure sustainable growth, MercuryGate focused on building a security program that made internal collaboration easy. The teams shared crucial information about vulnerabilities and aggregated security data with ease and has extended this collaborative space to include users throughout the organization. In fact, 75% of Wiz users at MercuryGate are not on the security team! Everyone involved in the security process can generate their own reports, identify issues related to their own projects, and remediate them without the security team having to assign a task. This open line of communication has created an environment of trust and collaboration, enabling teams to work together in real-time to solve problems and make critical decisions efficiently. This tale reaffirms that effective communication is the bedrock of any great partnership. 

More love stories 

Several other Wiz customers have noticed the chemistry between developers and security teams: 

Pairing engineers who understand the risks with the tools to remediate them is incredibly powerful. There are 10X as many environment owners, developers, and engineers using Wiz than there are security team members at FOX. This helps us to ensure that the products shipped across over 1,000 technologists across the company have security baked in, which is beyond the impact that a small and mighty cybersecurity team can have alone.

Melody Hildebrant, CISO, Fox 

Wiz helps educate non-cloud experts and enables new ways for security practitioners to work directly with developers and cloud architects. It fosters collaboration across our teams, helps them really understand what the problem is, communicate it in a common language, and collaborate with peers to get it remediated. It’s not just a tool for security.

Alex Schuchman, CISO, Colgate-Palmolive

Following the adoption of Wiz, we have seen improvement in the relationship between the development and security teams. There is now a consensus about how security should be perceived within cloud environments, and we work more effectively and efficiently together.

Daniel Liber, Chief Security Officer, Playtech

Developers and security teams: a match made in heaven

Here's to all the developers and security teams crafting their unique cloud security love stories. Your dedication, teamwork, and victories are a testament to the power of partnership. Your harmonious collaborations serve as inspiration. Together, you’re helping businesses harness the power of the cloud to innovate and grow — without introducing risk. For that, we thank you. Happy Valentine's Day! 

Tags
#Security

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo