Challenge
Colgate sought to improve security and visibility across its fast-growing multi-cloud environment.
Leaders wanted to empower cross-functional teams with a common tool for identifying and remediating risks.
Teams needed comprehensive visibility and risk prioritization capabilities to address open-source vulnerabilities and supply chain risks, which adversaries can exploit.
Solution
Colgate gained full visibility into its cloud environment within minutes using Wiz’s agentless solution.
Colgate created a single source of truth to democratize security across multiple teams, which collaborate on identifying and prioritizing high and critical risks for fast remediation.
The company leverages integrations with third-party platforms like Snowflake to evaluate critical issues in its Snowflake environment, routing actionable findings to the right teams for remediation.
Gained holistic visibility
across a multi-cloud and data platform environment that spans 737 systems
Achieved zero criticals
and a 44% decrease in external exposure issues
Rapidly identified and addressed
the risks of the Log4j vulnerability and of the targeted threat campaign against Snowflake customer accounts
Evolving the security strategy to support modern business processes
Colgate-Palmolive is a caring, innovative growth company that is reimagining a healthier future for all people, their pets and our planet. Starting over 200 years ago, the CompanyMore than 200 years after its start as a soap and candle business, Colgate-Palmolive Company has become a global consumer goods company serving billions of consumers around the world. This innovative, growth-oriented company has accelerated its digital transformation to reimagine a healthier future for people, their pets, and the planet.
The company has adopted a hybrid-cloud/multi-cloud environment spanning Amazon Web Services, Google Cloud Platform, and Snowflake Data Cloud. As a result, the company’s security leaders needed to update the security strategy to match pace with its ambitious cloud strategy. “From the security perspective, the cloud is a moving target with an entirely new set of variables,” says Alex Schuchman, Chief Information Security Officer at Colgate-Palmolive.
Neelam Kumari, Cloud Security Architect at Colgate-Palmolive, agrees. “We are running business-critical operations on the cloud and supporting a growing number of users. So, it makes sense to evolve our strategy to create holistic visibility, enable collaborative risk processes, and ensure a secure environment.”
Colgate-Palmolive’s security leaders wanted to empower cross-functional teams to identify and remediate risks early in the software development lifecycle, enabling faster innovation and business growth. Previously, developers would wait for security to provide risk information, delaying remediation and hampering the company’s ability to adopt a continuous improvement approach to security. Leaders believed the company needed a security tool that would enable more collaborative risk management processes.
Creating holistic visibility into cloud risks to prioritize remediations
The Colgate-Palmolive security team knew they needed a cloud-native, agentless security solution to identify risks across its sprawling cloud estate. The team trialed Wiz, using it to perform agentless scanning of its entire cloud infrastructure in just a few minutes. Wiz immediately identified misconfigurations and vulnerabilities that needed to be addressed, essentially selling itself.
“We were seeking an easy setup and to gain full visibility into our entire cloud infrastructure in a matter of minutes, without deploying any agents,” says Schuchman. “Even during our proof-of-concept stage with Wiz, we discovered things we hadn’t seen before and used that information to immediately harden configurations and have discussions with our developers.”
Wiz agentless scanning now provides one source of truth for Colgate-Palmolive’s security posture in the cloud. Wiz protects 737 technologies, including code environments, compute platforms, applications, security systems, databases, artificial intelligence and machine learning solutions, and networking tools.
The company uses Wiz Cloud to protect its AWS, Google Cloud Platform, Kubernetes, and Snowflake workloads, continuously detecting and remediating misconfigurations across the company’s cloud landscape that otherwise might be exploited. The Wiz Security Graph provides visibility, context, and correlations into its growing multi-cloud platform. Cross-functional teams can use an intuitive UI and visual graph to easily see interconnections and zero in on high and critical risks.
Wiz Vulnerability Management uncovers vulnerabilities across all clouds and workloads, from code to runtime, empowering teams to focus on the risks that matter most. The Colgate-Palmolive team uses the Wiz Security Graph this tool to identify and address toxic combinations that could put their environment at critical risk.
We wanted to create a one-stop shop for cloud posture management so our development and security teams could can immediately drive to insight about high-priority risks that should be addressed. This decision has proven its worth again and again, especially as we navigate a higher-risk environment with critical open-source vulnerabilities and partner data breaches.
Alex Schuchman, CISO, Colgate-Palmolive
Colgate-Palmolive has further streamlined processes by integrating Wiz with Splunk SOAR and ticketing processes, using automation to trigger alerts for high and critical risks. “I wanted to simplify the work for our teams, who are looking to close vulnerabilities and harden infrastructure,” says Schuchman. “Now, they are able to work within a single interface and one system.”
Remediating risks is a responsibility shared by information security, cloud, DevOps, and ecommerce development teams. More than half of the 60-plus Wiz users now sit outside the security organization.
“These teams are not security practitioners. They’re technical resources who need alerts and relevant insights they can proactively identify, prioritize, and remediate risks, without security’s intervention. Wiz has helped build credibility for risk remediation, because it has such a low level of false positives. I don’t think we’ve ever had a false positive for a critical or high risk,” says Schuchman. “That’s not true for other CSPM solutions, even though they have access to the same data.”
Colgate-Palmolive has created such a strong security culture that developers proudly share how many issues they’ve addressed during their sessions in Wiz. By shifting left and fostering collaboration, cross-functional teams address risks when it’s easier and cheaper to do so, creating products that are secure by design. They’ve also significantly improved Colgate-Palmolive’s security posture, with the company sustaining long periods of zero critical risks and decreasing external exposure issues by 44% over the past year.
“Our response time has gotten so much quicker,” says Kumari. “Our development team doesn’t have to wait for security to identify risks: They can log into Wiz, understand the issues, and get started immediately on applying fixes.”
This security culture goes all the way to the top. Schuchman tracks and reports metrics on risks and remediations, presenting them to the board. “Our focus is on reducing the risk count, particularly at an application and project level,” says Kumari.
Wiz helps educate non-cloud experts and enables new ways for security practitioners to work directly with developers and cloud architects. It fosters collaboration across our teams, helps them really understand what the problem is, communicate it in a common language, and collaborate with peers to get it remediated. It’s not just a tool for security: Wiz helps create security awareness and accountability across our entire company.
Alex Schuchman, CISO, Colgate-Palmolive
Meeting the growing challenge of mitigating open-source and supply chain risks
In addition to driving security best practices, Wiz has helped Colgate-Palmolive navigate major external risks, including the Log4j vulnerability in 2021 and the targeted threat campaign against some Snowflake customer accounts in 2024.
When the Log4j vulnerability was published, Colgate-Palmolive used Wiz to identify affected workloads and prioritize public-facing and highly privileged workloads for rapid remediation. More recently, the company wanted to assess whether Colgate was impacted by a targeted threat campaign against Snowflake accounts. As a publicly traded company, Colgate-Palmolive needed to quickly determine if they were impacted.
Colgate-Palmolive already leveraged the Wiz Snowflake Connector to create advanced visibility into its Snowflake environment and surface high-priority risks, such as toxic combinations, in the Wiz Security Graph. The company had turned on multi-factor authentication with Okta on day one of using Snowflake. As a result, Colgate-Palmolive’s leaders believed they were not at risk of the threat targeted campaign but wanted to perform due diligence security assessment of their environment.
Working together, security and development teams used Wiz to confirm that customer data was protected. However, they identified excessive privileges and misconfigurations that the development team hadn’t detected previously. They quickly prioritized and remediated these issues, performing a third-party check of Colgate-Palmolive’s security posture in Snowflake to verify the integrity of its processes and got good results.
“Since Snowflake is our primary data platform, we put a lot of highly sensitive consumer and ecommerce data into it, to drive critical business processes. We want to make sure that we’re protecting both data and identities. Wiz enables us to do both and ensure it’s the most secure it can be,” says Schuchman.
When organizations like Colgate-Palmolive store sensitive consumer and business-critical data in Snowflake, it's imperative to have comprehensive visibility into security posture. By utilizing our integration with Wiz, customers can implement best practices and reduce risk in a familiar and trusted setting
Jake Berkowsky, Snowflake Cybersecurity Field CTO
Colgate-Palmolive’s security team collaborates closely with Wiz to maximize use of its security platform, proposing new features and seeking training on advanced capabilities. At the team’s request, Wiz customized its Snowflake Connector to enable the use of infrastructure as code (IaC) in Terraform.
According to Kumari, the team is also considering expanding Wiz to include coverage of Kubernetes clusters and serverless functions and integrating with more tools. The team has used Wiz connectors to integrate with other point solutions and is considering integrating Wiz with FreshService to extend its ticketing capabilities.
“We value what Wiz provides: the holistic visibility, the ability to explore risks in context, the integrations, and the threat intelligence on emerging risks,” says Kumari. “Wiz helps us focus on the right risks, while saving a lot of time. We’re now consistently developing products that are secure by design.”
As Colgate-Palmolive continues to evolve its business and pursue new growth opportunities, Schuchman sees the security team as enablers of the company’s vision. “For us, supporting business growth means being able to extend our cloud infrastructure, develop high-quality products, and continually improve our security posture all at the same time. We don’t have to sacrifice anything,” he states.