Wiz Defend is Here: Threat detection and response for cloud

Physical Security 101

Protecting your assets: the fundamentals of physical security and enterprise resilience at Wiz

4 minutes read

In this blog we’ll look at how our internal Wiz team secures not just the digital realm but the physical one as well, as it’s a core part of our commitment to earning the trust of our customers, partners, and Wizards.  

Physical security at Wiz means ensuring the safety of our people and safeguarding our assets around the world. It includes installing and monitoring security systems, implementing access controls, securing offices, and ensuring the safety of employees working from home, in the office, or while traveling.  

Comprehensive physical security is essential for creating a secure and productive work environment, and for enabling the continued growth of our company. In today’s world, where working from home has become the norm, physical security has had to evolve to ensure that we are looking after Wizards wherever they are. While the digital realm is crucial for safeguarding sensitive data, physical security plays an equally vital role.

At Wiz, physical security goes beyond risk management -- it's about enabling our business to thrive.

Will Scott Moncrieff, Head of Physical Security, Wiz

Wiz’s physical security regimen covers multiple aspects including office access, strategic events, executive protection, risk mitigation for company events, travel security, international expansion, and crisis response. Of these, perhaps the most visible is access management in our offices. It involves meticulous planning and implementation of measures aimed at preventing unauthorized access and mitigating potential risks.  

Each Wiz employee must be assigned access to a particular office location to gain entry. Just as we maintain role-based access in cloud, so in the physical realm do we assign access according to need and role. Wiz utilizes an access control platform to ensure that every office is automatically assigned to users, which enables agility and ensures that there is a process for employees to gain authorized access. In every office across the world – from the United States to Israel to Sydney and even Wiz coworking spaces – the Physical Security Team monitors access in real time and investigates policy violations to continually improve our risk management posture. From access management systems, which track and control entry to our facilities, to policies that ensure compliance and prompt notification of violations, every aspect is designed to maintain a secure environment that is conducive to productivity and in line with our compliance standards and customer commitments. 

While our operational model emphasizes a light physical footprint, with cloud-hosted secrets and minimal on-site customer data, the need to protect against external threats is always paramount.  

Whether it's addressing travel security concerns in regions with specific risks, geographic expansion, or responding to natural disasters, an emphasis on physical security is necessary to ensure proactive measures are in place. For Wiz events and travel security, Scott Moncrieff always plans to mitigate risks and support traveling Wizards with guidance and context for a forthcoming trip.  

As a global company, Wiz faces diverse challenges that require tailored security strategies. For instance, the potential for intellectual property seizures in certain jurisdictions necessitates careful planning and risk assessment. Similarly, hosting events and conducting business in locations with various rates of crime and economic tensions, mean different mitigations. And in locations where there is political turmoil, the physical security team will develop risk assessments and proportionate mitigation strategies to enable Wiz to seize diverse opportunities in global markets. To inform these assessments, the Physical Security team draws on a wide network of analysts, security and intelligence professionals, both peers in the security community and from across the public sector. And the team leverages a threat management tool to monitor threats around world, correlating them with our people and places to make sure they remain one step ahead.  

During a significant event affecting Wiz’s operations or staff that requires a crisis response, physical security works in close collaboration with the Enterprise Resilience (ER) team, led by Ernie Martin. The team has implemented a robust crisis management program with defined roles, responsibilities, and plans that integrates with the physical security program developed by Scott Moncrieff. As a part of crisis management, Wiz and the ER team must be able to effectively identify, respond to, and communicate during disruptive events, minimizing any negative impact or consequences on operations, staff, and customers.  

For example, during Hurricane Beryl, a deadly and destructive category 5 Atlantic Hurricane that occurred in June of this year, the Enterprise Resilience and Physical Security teams activated the Crisis Management team to safeguard employees and maintain business continuity. As the hurricane approached, the teams utilized data monitoring tools and location strategy to track its progress and assessed potential risks to both the business and its employees. By initiating our emergency response procedures and triaging affects, we ensured timely communication with those in the hurricane’s path, provided support to impacted Wizards, rerouted travelers away from the affected areas, and maintained business operations despite the significant disruption.

In times of crisis, our primary focus is on the safety and well-being of our Wizards and ensuring continuity of our operations. By integrating a holistic crisis management program with physical security, we ensure a swift and efficient response to any disruptive event.

Ernie Martin, Head of Enterprise Resilience, Wiz

Within the Crisis Management Program, various roles and responsibilities have been established to manage an All-Hazards approach to crisis management. These roles include Crisis Management Commanders (members of Wiz’s executive team) and key decision makers during disruptive events, Incident Response Coordinators who manage and coordinate Wiz’s response during events, and Incident Response Ambassadors, who notify the Incident Response Coordinators of events affecting Wiz offices. Additionally, the Enterprise Resilience team leverages Crisis Management Tools such as an Emergency Notification System, Real-Time Event and Risk Detection System, and a Security Travel System to facilitate urgent messaging, event detection, and ensure the safety of travelers.

By employing a standardized strategy and maintaining a coordinated response, the Enterprise Resilience team strives to safeguard staff, technology, offices, and third parties in the face of potential crises. Both Martin and Scott Moncrieff welcome outreach to the Physical Security or Enterprise Resilience teams with any questions: security@wiz.io

 

 

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management