Challenge
Valiuz’s security team tried to implement multiple, piecemeal security solutions, but managing them was time-consuming.
Valiuz’s existing security tools weren’t able to keep pace with the company’s growth and made it impossible for the team to have a comprehensive view of their cyber risks.
Valiuz’s technical teams struggled to understand security’s role in development, leading to miscommunication and a lack of adoption.
Solution
Deploying an agentless solution gave Valiuz’s security team more time to focus on growth, rather than manually scanning for threats and analyzing data.
Adopting Wiz gave Valiuz’s team one place to see all of the organization’s vulnerabilities across a multi-cloud environment.
With Wiz, Valiuz has empowered its technical teams to address security issues autonomously and incorporate security into the development process.
Enabling a small team to protect the data of millions
Consumer data plays a major role in the way businesses make decisions. To help its partner companies provide better purchasing and service experiences to millions of consumers, Valiuz is an alliance that manages and processes consumer data across nearly 85% of France’s population. Storing and processing that data takes an enormous amount of effort, and protecting it is the company’s top priority. Valiuz’s small security team was faced with a challenge, though. They had to continue protecting consumer data across the Valiuz alliance, while still giving technical teams room to build and deploy new features.
In the search for a solution, the team tried to implement several security tools, including vulnerability scanners, penetration tests, and agent-based tools. But the solutions were disconnected and required hours of manual work from the security team to aggregate data, analyze it, and decide on remediation paths. “It was time-consuming and difficult to process the information we had,” says Anthony Lewkowicz, CISO, Valiuz. “The process wasn’t scalable, and I knew we might miss something important because we couldn’t see all of our risks.”
To get a clearer picture of Valiuz’s entire security posture and help the company grow, the team adopted Wiz.
As our business grows, we need to be agile in order not to block that growth. And our cybersecurity strategy is a very important part of the company strategy because it’s an answer to business, compliance, and legal needs.
Anthony Lewkowicz, CISO, Valiuz
Aligning security and development goals with a single platform
Valiuz knew it needed a cloud security solution that would provide visibility across its entire environment. A key reason Valiuz chose Wiz is because it’s an agentless solution, which ensures that its entire environment is scanned and can be easily managed by its small security team.
While the team initially tested Wiz with a more limited scope, they quickly realized it would also help unify their security strategy. With one unified platform, Valiuz could continue its initiative to shift security left into the development pipeline using Wiz CLI, and at the same time it could align with European GDPR regulations with Wiz DSPM.
Once Valiuz decided to use Wiz as its security solution, it was important to deploy quickly and begin addressing existing vulnerabilities. “In less than two days, I had a clear map of our biggest risks and was able to launch a remediation plan,” says Lewkowicz. “With other tools, I would’ve had to deploy agents and wait months to gather and process all of the information we had, but with Wiz I had my key indicators on day two.” The speed of deployment and adoption allowed Valiuz to remediate its most critical vulnerabilities within 15 days rather than months.
A major concern for us is customer data security. We can’t have any personal information on the platform to adhere to GDPR. With Wiz’s DSPM, we can easily detect personal information and stay compliant.
Anthony Lewkowicz, CISO, Valiuz
Creating a more collaborative development process by including technical teams in security conversations was also critical to the Valiuz security team. “Standard security tools are complex. With Wiz, we can show someone without any cybersecurity knowledge the security graph, and they can understand the risks we have to address,” says Lewkowicz.
As part of this change, instead of simply submitting JIRA tickets to developers to remediate risk, the security team has shifted to also having weekly Wiz review meetings. In these meetings, the security team can help educate technical experts and manage the remediation process to help other teams fully understand a risk, why it needs to be addressed, and how to remediate it. The team now uses Wiz’s CLI to secure their CI/CD pipeline and ensure they’re not introducing any new risks into their production environment, and this new transparency and shared language have helped Valiuz shift left.
Proving security is a business driver
With Wiz up and running and these new processes put in place to address vulnerabilities, Valiuz has been able to focus on scaling as a business rather than spending additional resources to maintain the status quo. The small security team has shifted its attention to value-add projects such as improving security reviews for new mergers and acquisitions. Using Wiz throughout the due diligence process helps Valiuz bring new companies into its alliance without putting its existing data and IT infrastructure at risk.
Wiz has improved the way we can collaborate. Since the portal is so simple to use, our development can see security priorities which means they have the autonomy to do their own work securely.
Anthony Lewkowicz, CISO, Valiuz
