How Agoda secures its subsidiaries and migration to the cloud

From securing cloud-native subsidiaries to covering its hybrid cloud deployment and growing cloud migration, Agoda relies on Wiz across the board. Read more.

How Agoda secures its subsidiaries and migration to the cloud

Agoda is a leading global online travel services booking platform, with a significant presence in the Asia Pacific region. Their core technology services have historically been on-premises, and over the past several years, they’ve begun migrating to the cloud. With the addition of overseeing cloud-native subsidiaries on top of this migration, Agoda is working in a multi-cloud estate across Google Cloud and AWS that they need to secure.

Faced with an ongoing migration and managing their subsidiaries, Agoda’s security team set out to get visibility across their hybrid and multi-cloud environments. They wanted to find tooling that could give them a consistent view and help understand and evaluate risks at hand no matter where they come from. They explored some traditional security solutions but found them unsuitable for handling the dynamic nature of the cloud. Then they found Wiz.

Agoda’s original driver for cloud security tooling was to get visibility and risk profiles of their subsidiaries. Within minutes of deploying Wiz, they were able to get a cloud asset inventory, and a prioritized list of the primary risks in their subsidiary environments. With a small security team, this gave them everything they needed to move quickly and stay on top of their risk landscape.

Moving forward, Agoda is prioritizing their move towards the cloud. Security is vital during this transitional period. With Wiz fully operationalized, Agoda relies on Wiz to offer much needed visibility and risk-centric views of everything that the development or QA teams push in production. For their on-premises deployments, Agoda leverages Wiz queries to uncover information about risks and provide a corresponding remediation framework. Agoda’s top priority is to create a strong security posture across their hybrid cloud deployment as this migration is carried out.

When Log4Shell struck, Agoda leaned heavily on Wiz for dealing with the issue in their public cloud environments across cloud service providers. The team jumped into Wiz to identify everywhere they had instances of Log4Shell across their systems.

Agoda uses Wiz widely across their public cloud environments and cloud teams. From application security leveraging Wiz for findings and mitigation plans, to GRC using Wiz for compliance efforts around PCI and SOC 2, to the cloud architecture team using Wiz to understand prioritization of issues and policies, Wiz is the first platform teams turn to for their particular cloud security efforts.

From securing cloud-native subsidiaries to covering their hybrid cloud deployment and growing cloud migration, Agoda relies on Wiz across the board. As they continue to grow their cloud usage, Agoda has the confidence they need in their understanding of their cloud assets and risks to empower DevOps to move and innovate quickly.