Challenge
As a result of its rapid cloud migration, OFX found it difficult to have a centralized view of its cloud environments, making it difficult to identify potential vulnerabilities and risks.
OFX recognized the need to consolidate its security governance to address inconsistencies and potential vulnerabilities across its multi-cloud infrastructure.
OFX’s rapid product development and multi-cloud strategy made it challenging to align on security objectives across development teams whilst also working towards ISO27001 compliance.
Solution
OFX used Wiz to centralize its cloud security management and gain a comprehensive view of its multi-cloud environment, enabling the company to identify potential vulnerabilities and risks.
OFX used Wiz’s security governance capabilities to ensure that security practices were aligned across the organization and to improve prioritization.
OFX improved collaboration between security and development teams with Wiz, creating a shared understanding of security risks and empowering developers to take ownership of remediation.
Zero critical
risks achieved
Improved SLA to three days
to address new critical risks
Instantly responded
to zero-day vulnerabilities with Wiz Threat Center and Security Graph
Clearing security bottlenecks with 360-degree security solutions
Global money transfer company, OFX, helps people and businesses send and receive money to over 170 countries in 50+ currencies. The company offers global money transfers online, in-app, or over the phone, as well as products to manage foreign exchange risk.
Operating in the fintech space, OFX faces similar security risks as traditional banks and other financial institutions, including cyberattacks, data breaches, compliance violations, and fraud.
When OFX shifted from on-premises infrastructure to the cloud, it quickly became clear that the company’s security methods would need to change, to provide continued protection for its business and clients.
OFX understood that by gaining complete visibility and prioritizing security as a shared responsibility across the business, OFX could overcome modern challenges presented by its new multi-cloud environment.
Previously, users had to manually log in to separate security tools to manage security posture. This made uncovering risks and vulnerabilities a more complicated process that bottlenecked OFX’s lean team, and didn’t offer a 360-degree view of the company’s entire cloud security posture. Without this insight, it was difficult to stay agile and get ahead of evolving threats, resulting in a less proactive approach to security. OFX needed a centralized approach to security governance. The company didn’t have a way to restrict users from performing certain actions across multiple clouds and followed ad-hoc processes to remediate issues as they occurred, which made it even more difficult to ensure proper configuration and compliance across its cloud landscape.
“I can’t tell someone to take a particular path if I don’t know myself which direction we need to go,” says Santanu Lodh, CISO at OFX. “We had to understand what we had in our environment. If you don't know what's there, you can't possibly secure it. We needed a tool that could give everyone visibility in a single pane of glass.” To gain full visibility, reduce critical risks, and ensure everyone was doing their part to keep the company secure, OFX turned to Wiz.
Once we migrated to the cloud, we needed to understand the threats we were facing and keep track of everything across our infrastructure. Wiz gives us visibility and peace of mind to know what is happening in our cloud environment.
Andy Yap, Senior Cyber Security Engineer, OFX
Improving visibility, prioritization, and collaboration
When evaluating security solutions, OFX considered factors such as support for multi-cloud environments, ability to provide real-time insights, and ease of deployment and onboarding. After running proof of concepts with multiple vendors, the OFX team ultimately chose Wiz for its centralized visibility, comprehensive security coverage, ease of implementation, and API integration capabilities.
OFX began its journey with Wiz by implementing Wiz Cloud to proactively reduce attack risk across its cloud environments and remediate risks. OFX uncovers vulnerabilities across multiple clouds and workloads without deploying agents or configuring external scans. “Wiz gives us the single pane of glass we were looking for, providing full visibility of our environment and the risks we have in real time,” Lodh says. “All the information is there the moment we need it.” To gain even deeper visibility into its security posture, the team relies on the Wiz Security Graph to visualizes the relationships between different components of OFX’s infrastructure, including in-depth container risk assessment, making it easier to identify potential vulnerabilities and attack paths.
Meanwhile, OFX also protects critical data across multiple clouds and automates compliance with regulatory frameworks. By providing visibility into potential non-compliance issues, OFX has meet requirements such as ISO 27001.
OFX also continuously monitors its cloud workloads for suspicious activity, and collects intelligence from its multiple cloud providers to proactively detect and respond to unfolding threats. The company uses Wiz in tandem with CSP-native tools, cross-referencing incidents to ensure its teams can continue to trust Wiz as their source of truth.
Approaching zero-critical status with comprehensive security tools and collaboration
OFX has fostered a collaborative approach to remediation, using Wiz to provide a shared understanding of security risks and enabling developers to take ownership of remediation efforts. By integrating Wiz with its Jira ticketing system, application owners can easily prioritize and address issues based on their severity and potential impact, within their existing workflows.
"Our developers needed a more efficient way to manage tooling on vulnerability management,” says Andy Yap, Senior Cyber Security Engineer at OFX. “With Wiz, we can now prioritize issues that have genuine risk specific to our business context, ensuring all critical issues are being addressed in a timely manner."
With Wiz, developers have the solutions they need to understand and address issues in a timely manner. We can remediate issues within three days.
Andy Yap, Senior Cyber Security Engineer, OFX
Since operationalizing Wiz across its business, OFX has improved its security posture, is maintaining zero critical risks, and has reduced the mean time to repair for new critical issues to three days. The company has also established better collaboration between security and development teams, empowering them to use comprehensive data and insights from Wiz to make informed decisions about the company’s security strategy.
"When working with our development and security teams to make changes, we needed to know exactly how to advise them,” Yap says. “Before Wiz, this was bit reactive and ad hoc. Today, we can proactively enable self-service remediation to know we are communicating effectively and our dev teams are working in lock step with security standards at OFX.”
We went from limited visibility, measurement, or remediation capabilities to exploring, understanding, and resolving issues in real time. Wiz gives us the full picture of our cloud environment and tells us exactly how to keep it secure.
Santanu Lodh, CISO, OFX
An evolving partnership for long-term success
OFX's partnership with Wiz has helped transform the company’s approach to cloud security. By leveraging Wiz's capabilities for visibility, prioritization, and collaboration, OFX has been able to enhance its security posture, reduce risk, and improve operational efficiency.
"There is no better response and clarity than what you get with Wiz,” Yap says. “The ease of implementation was second to none, we gained real-time visibility across our environment in one place, and Wiz is a partner that will scale with us as our environment evolves over time."
