Challenge
As Cushman & Wakefield accelerated its cloud journey, its cross-functional teams and vendors struggled to gain visibility into risks and threats.
These teams waited for security to report on risks, slowing risk remediation processes to days or even weeks.
Since Cushman & Wakefield uses external vendors for IT service and development, it needed to extend access to an enterprise-class cloud security platform so that these collaborators could remediate risks proactively.
Solution
With Wiz, Cushman & Wakefield and vendor teams gain holistic and granular visibility across the company’s multi-cloud environment and can see risks and threats in context.
These internal and external teams can identify risks in real-time and prioritize them with Wiz CNAPP. Alerts are then connected to a service desk platform and team to speed up their analysis, assignment, and remediation.
For newly deployed systems with high or critical risks, the third-party IT service desk now has a service-level agreement (SLA) to address the issue immediately.
Gained visibility
across a large number of cloud workloads
Resolved high and critical risks
within 24 hours after alerted
Addressed significant code issues
within one hour for new systems being deployed
Cushman & Wakefield uses centralized visibility and automation to enable faster risk remediation processes
Cushman & Wakefield is a full-service global commercial real estate company that provides leasing, property development, asset management, capital markets, and other services for industry companies. Its teams are driven to solve complex problems: selecting sites, arranging financing, and building specialized facilities that require expert planning, custom-designed spaces, and advanced technology, such as ambulatory care centers, life science laboratories, and data centers.
According to Erik Hart, Global Chief Information Security Officer at Cushman & Wakefield, the company’s security strategy focuses on increasing consistency across its global operations, ensuring the security of its cloud- and SaaS-based services, and enhancing agility. With a worldwide workforce, one key area of focus is ensuring tight integration with SaaS services to enforce access controls. “Identities are the new firewall,” says Hart.
The company has a small security team and involves an outsourced IT service desk and internal and external development teams in identifying and remediating risks. To improve collaboration across these groups, Cushman & Wakefield needed to make risk remediation processes as painless as possible.
I’ve learned that water follows the path of least resistance. From a security standpoint, people will do what’s easiest. So, any tool must balance securing our services and providing a great experience.
Erik Hart, Global Chief Information Security Officer, Cushman & Wakefield
Aiding the cloud journey by creating holistic visibility into risks
Cushman & Wakefield is speeding its cloud journey, leveraging IaaS, PaaS, and SaaS services to run and grow its business. “We have been moving more workloads to the cloud because it provides us with greater flexibility, whether that’s consuming IaaS on demand or using PaaS to deliver products and services to our clients,” says Hart. “We also empower our teams with SaaS solutions that offer great business capabilities, such as Salesforce and Workday.”
As the commercial real estate company migrated from the data center to the cloud, it could no longer use traditional agent-based security solutions to monitor services for anomalies and risks. Because Cushman & Wakefield’s environment was more complex, point solutions created gaps in visibility. This led to slower response times for addressing risks. As a result, security leaders sought an agentless solution that was easy to deploy and use, provided holistic visibility across its multi-cloud infrastructure, and empowered teams with actionable insights to address risks and threats.
Hart asked his team to review only current vendors to avoid navigating a complex contracting cycle. However, the team recommended Hart consider Wiz, a new provider, because of the robustness of its solution. Meeting with the Wiz team, Hart agreed to a proof of concept of the company’s cloud security platform. After a quick setup, Wiz began providing immediate visibility across his company’s environment, detecting vulnerabilities, misconfigurations, excessive permissions, exposed secrets, and more. “Wiz sold itself with its ease-of-use, not just to the security team, but also to our development and operations teams,” says Hart.
Connecting Wiz to our environment in just one hour was a major selling point. Wiz immediately detected risks, such as misconfigurations and out-of-date code in new solutions. With a single setup, Wiz frees our development teams to easily set up and tear down infrastructure as code as they build products and do more testing. Any time you can reduce friction from an operations perspective, that is a win.
Erik Hart, Global Chief Information Security Officer, Cushman & Wakefield
Coordinating security processes across cross-functional teams and vendors
Cushman & Wakefield is using Wiz CNAPP, with CDR capabilities, to protect its extensive number of cloud workloads across AWS and Azure. The Wiz Security Graph shows how resources connect and provides an intuitive UI to understand risks and attack paths. Wiz identifies critical risks before they become threats by providing an automated, cross-cloud, cross-account attack path analysis. The company also uses Wiz DSPM to strengthen data protection. Wiz DSPM discovers and classifies sensitive data, detects risks and attack paths to sensitive data with context, and automates compliance assessments. Finally, developers use Wiz CLI to enable secure cloud development processes with containers, preventing software supply chain risks.
“We handle sensitive and confidential information from our clients, such as client building and lease information. Wiz DSPM helps us protect this vital intelligence,” says Hart. We can look at Wiz DSPM findings and see if there are any issues we need to address.”
One security employee is dedicated to monitoring Wiz and sharing insights with cross-functional teams, including cloud operations, internal and external development, outsourced IT service, and sales. This staffer is responsible for educating teams on Wiz capabilities and ensuring developers use the right integrations to increase pipeline security. However, multiple teams also have access to Wiz and can access the risk information they need to participate in remediation work.
Cushman & Wakefield integrated Wiz alerts into IT service desk processes, enabling cloud and other teams to respond to anomalous behavior. Wiz has detected configuration issues that the cloud team explored, identifying them as internal mistakes or external threat actor activity, and triggered security incidents that the security team rapidly responded to. For example, Wiz detected an accidental misconfiguration created by a developer setting up remote access for an outside team. The IT service desk updated the settings swiftly before an adversary could exploit them. In a second instance, a Wiz alert for a suspicious cloud event enabled the cloud team to discover a threat actor setting up subscriptions. The team immediately shut down systems and remediated the issue before the hacker could control services.
With cloud services, you move at a speed that is light years faster than 20 years ago. With Wiz, we detect threat activity before malicious actors can do significant damage and immediately address these issues. What previously would have taken weeks or months, now only takes one day. We can also diagnose the root cause of issues and roll out process improvements that improve our security posture
Erik Hart, Global Chief Information Security Officer, Cushman & Wakefield
For developers, Wiz has moved risk identification into real-time. Internal and external development teams get risk insights as they build products, enabling them to remediate risks continuously, typically within 24 hours of receiving alerts. For new systems that are deployed, the outsourced IT service desk has an SLA of remediating high-priority risks within one hour.
The IT service desk uses Wiz alerts, automation, and context to analyze security incidents, prioritize them, and assign them to the right team for remediation. This group includes cloud operations, internal and external development teams, and the outsourced IT service desk.
“Previously, we had a black box, with security reports coming out on a lagging basis. Now, we integrate risk processes into daily operations—for our internal teams and third-party vendors. They are using Wiz, taking outputs, and creating tickets that teams can act upon. Wiz enables us to become a more effective, secure cloud-oriented organization,” states Hart.
Contributing to building a security platform for the future of cloud computing
Cushman & Wakefield is committed to speeding its cloud migration to create the flexibility and agility it needs to compete in a fast-moving industry. The company is consolidating servers, using more PaaS capabilities to build applications without needing to manage infrastructure, and providing more SaaS applications to empower the business with new tools.
“SaaS is such an important part of our business. I’m working with Wiz leadership to get the same visibility into our SaaS tools that I have with our PaaS offerings,” says Hart.
By using Wiz, increasing automation, and setting up scalable processes, Cushman & Wakefield is well-positioned to spur business growth while continuously enhancing its security posture.
