How Yotpo gets visibility into their AWS environment and cloud risks

Learn how Yotpo creates a DevSecOps culture and gets visibility into their AWS environment.

Yotpo

Industry

Technology

Region

Global

Cloud Platforms

AWS
Ready to start?
Get a demo

Challenge

  • As a cloud-native company, Yotpo needed visibility into their AWS environment to identify and prioritize incidents.

  • Yotpo wanted to be proactive with their cloud security, and surface the risks that matter to make the best use of their time.

  • They wanted a security partner that could help the Security team and DevOps team work in lock-step to bake security through everything they do.

Solution

  • Wiz delivered a cloud infrastructure security solution that brought full stack cloud visibility and prioritized alerting so the team could focus on what matters most.

  • Wiz's agentless, deep scanning deployed in minutes and began identifying and correlating issues across their AWS stack immediately.

  • Yotpo has empowered both Security and DevOps to iterate faster and build more securely in AWS with Wiz.

Founded in 2011, Yotpo is a developer platform for ecommerce marketing, helping ecommerce companies run reviews, loyalty programs, and more. A cloud-native company, Yotpo uses AWS exclusively, and their security team wanted to be proactive to ensure that they had the visibility they needed to get ahead of any security issues that could represent real risks.

Security is a company-wide responsibility at Yotpo, and their security team realized they needed something to help them handle the complexity that comes with cloud environments. Complexity comes in the form of multiple architectures and technologies in AWS, the complex nature of cloud risk, and the complexities that are part of operationalizing security at scale and at speed. They set out to find a solution that both DevOps and Security could use to work proactively to address cloud risks in a complex world.

Building in the cloud is complex, highly technical, and requires a variety of skills to operate and secure. Operational responsibility and security responsibility can often be at odds as a result. The challenge we had was to identify and give focus to the security side of the environment and allow the Security team to give it the attention that it deserves while not impeding the operational requirements.

Eyal Sasson
CISO, Yotpo

Before Yotpo could build a system for unifying security responsibility across the DevOps and Security teams, they needed to understand where the gaps were. They set out to find a solution that could help them get visibility into their entire AWS environment, and that wouldn’t generate a lot of noise. The Security team wanted to be able to monitor their environment and ensure compliance across the entire architecture. Of particular importance, they wanted to identify and address any instances of public exposure of sensitive information as well.

The DevOps team at Yotpo already uses Wiz. Now that we have the visibility, the DevOps team takes a proactive approach and goes into the system to make sure everything works well. Our vision is that the business owner should be the ultimate owner for security in their domain.

Eyal Sasson
CISO, Yotpo

Wiz agentlessly scans everything in the cloud, delivering full stack visibility for Yotpo. With the Security Graph, Wiz is able to identify the toxic combinations of flaws across multiple layers that represent real risks, so Yotpo’s Security and DevOps teams can clearly prioritize what they should remediate first. This has allowed them to visualize their full AWS environment to find where the gaps were. Since Wiz layers together misconfigurations, network exposure, exposed secrets, vulnerabilities and more, Yotpo was able to get organized alerts on the risks that matter, and see how everything in their AWS environment interacts together. With Wiz’ remediation guidance, their DevOps team is able to spring into action whenever an issue arises, ensuring that whatever happens is fixed quickly.

Illustrated example of a Wiz dashboard

Yotpo partnered with Wiz to further their security journey in AWS. Their vision is to build a unified process across DevOps and Security where both teams work in lock-step to build, monitor, identify, and remediate securely in AWS. By partnering with Wiz, Yotpo could ensure that they had a strong security foundation with the visibility and prioritization capabilities they needed to build an end-to-end partnership across Security and DevOps. Now the team is equipped to advance their security capabilities as well as handle unexpected security issues as they arise.

Integrating Wiz and getting it running in our complex cloud environment was an easy task.

Nethanel Moshkovitz
Director of DevOps, Yotpo

Wiz has provided the deep visibility and prioritization for addressing security issues in AWS that Yotpo was looking for. With Wiz in place, Yotpo’s Security and DevOps teams are able to work as one team to identify, prioritize, and mitigate security issues, helping them move faster and more effectively as they continue to grow.

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management