Synthesia maintains complex AI compliance standards with improved security visibility

To meet several layers of regulatory, contractual, ethical, and business security requirements, Synthesia used Wiz to expand security visibility and tooling across multiple teams.

Synthesia

Industry

Technology

Region

Global

Cloud Platforms

AWS
GCP
Kubernetes
Azure
Ready to start?
Get a demo

Challenge

  • Security, trust, and transparency are the cornerstones of Synthesia’s overall business strategy, but the team needed more contextualized alerts to better understand potential risks to its tech stack. 

  • A large number of alerts overwhelmed the security team, and it was impossible to know which of the alerts to focus on first. 

  • Synthesia wanted to empower engineers and other technical employees to own and remediate potential issues to free the security team from managing patching tasks. 

Solution

  • With more accurate, contextualized security alerts, Synthesia is able to make better-informed decisions about potential vulnerabilities and maintain its high compliance standards. 

  • Synthesia’s security team uses Wiz’s built-in prioritization to determine the biggest risks and how to spend time remediating potential vulnerabilities.   

  • By granting other teams access to Wiz, Synthesia can give technology owners direct visibility of risks and the tools they need to patch their own vulnerabilities.  

Building a commitment to compliance into a cloud security program 

Generative AI is now trending, but video generation platform Synthesia has been at the forefront of this technology since 2017. The company has more than 50 leading AI researchers dedicated to pushing the limits of artificial intelligence. Their goal? To give everybody the ability to create impactful video presentations with generated avatars and audio directly in their browser.  

Pushing those limits safely, however, is vital to Synthesia’s growth. “Security, trust, and transparency are cornerstones of our company. We invest a tremendous amount of effort into our moderation functions to prevent our AI technology from being misused,” said Martin Tschammer, Head of Security at Synthesia.  

In addition to this ethical compliance commitment, the company has contractual and regulatory standards to which it adheres. To best meet them and protect the business from cyber threats, Synthesia needed to prioritize its cloud security strategy. 

I’m not an engineer or researcher, so I don’t always know the context behind any given running machine, container or process. With Wiz, it’s easy to share cloud security issues with the relevant teams to address.

Martin Tschammer, Head of Security, Synthesia

Effectively protecting its cloud environment with its existing security solution was challenging. Synthesia’s security team was overwhelmed by a large number of alerts, so they were forced to pick and choose which issues to address. The team wanted to build an operational framework to empower technology owners directly impacted by those issues to remediate them, but sharing information without context made it impossible. “Our previous security solution attempted to contextualize alerts, but the information provided was unclear,” said Tschammer. “Without that, we weren’t able to prioritize remediation.”  

As the company worked to build its strategy and achieve SOC 2 certification, a potentially critical security issue arose. Synthesia needed a cloud security partner that could support them immediately and in the long term. “We knew we needed clearer insight into our security posture, but at that time, we also needed insight right away,” said Tschammer. That’s when the company found Wiz.  

Rapidly deploying a scalable security solution 

Synthesia deployed Wiz and gained immediate visibility into its overall security posture in a dashboard that displayed and prioritized issues that needed urgent attention. “Wiz was amazing. It was like flipping on a switch,” Tschammer said. “We saw results immediately, and we were able to achieve crucial security wins on day one.”  

To democratize access to critical security information, Synthesia shared access to Wiz with its engineering and technical personnel. This increased visibility aligns closely with Synthesia’s broader commitment to transparency, and the company has continued to find more ways to share information, including sending security alerts to Slack channels. “We have automations set up so that if Wiz recognizes a medium- or high-level risk, relevant team members are messaged and can take action autonomously,” said Tschammer. 

As much as possible, I want to avoid the security team being a bottle-neck. With Wiz, we can enable our engineers and development teams to confidently resolve issues on their own.

Martin Tschammer, Head of Security, Synthesia

With the Wiz dashboard, the security team can more easily share risk information with other people at the company, and even more importantly, that information is contextualized. Being able to identify where vulnerabilities are located in the company’s cloud environment, and which stakeholders are responsible for them, empowers Synthesia’s engineers to manage and patch issues.  

“Giving stakeholders agency to investigate, prioritize, and resolve issues is powerful, because we can focus our attention elsewhere,” Tschammer added. “The Wiz Security graph has such a powerful interface. It’s easy to share queries and point exactly to where a vulnerability is located in our environment, and we can build automation on top of that. I don’t know how I could do anything like this with any other tool.” The security team can instead put effort toward protecting other areas of the business and its cloud infrastructure, including endpoints and identity. 

Scaling a hypergrowth company with shareable security insights 

Synthesia continues to scale its use of Wiz to support its rapid growth. With live updates and insights in its Wiz Dashboard, the security team can now more easily report on the company’s security posture to the rest of Synthesia. Automated reports are sent out quarterly, providing updates to stakeholders. “Between actionable alerts and automations, we’ve saved hundreds of hours of work with Wiz,” Tschammer said.  

Meanwhile, at a higher level, Wiz also supports Synthesia’s strict compliance standards. Built-in compliance frameworks make it easy for the team to keep pace with evolving regulations.  

Wiz is essential for operating a hypergrowth company. If you want to scale and reduce risk simultaneously, you need something like Wiz. There’s nothing of comparable quality on the market right now.

Martin Tschammer, Head of Security, Synthesia

The team also continues to explore new Wiz features to accelerate a secure growth trajectory. “More and more, we’re finding new ways we can use Wiz. As the business scales and our security challenges become more complex, the impact of having a vendor that supports our growing needs becomes more evident,” Tschammer said. “Sometimes it feels like we’re trying to keep up with Wiz’s development pace rather than the other way around, and that’s really reassuring.”  

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management