How Yotpo gets visibility into their AWS environment and cloud risks

Learn how Yotpo creates a DevSecOps culture and gets visibility into their AWS environment

How Yotpo gets visibility into their AWS environment and 
cloud risks

Founded in 2011, Yotpo is a developer platform for ecommerce marketing, helping ecommerce companies run reviews, loyalty programs, and more. A cloud-native company, Yotpo uses AWS exclusively, and their security team wanted to be proactive to ensure that they had the visibility they needed to get ahead of any security issues that could represent real risks.

Security is a company-wide responsibility at Yotpo, and their security team realized they needed something to help them handle the complexity that comes with cloud environments. Complexity comes in the form of multiple architectures and technologies in AWS, the complex nature of cloud risk, and the complexities that are part of operationalizing security at scale and at speed. They set out to find a solution that both DevOps and Security could use to work proactively to address cloud risks in a complex world.

Before Yotpo could build a system for unifying security responsibility across the DevOps and Security teams, they needed to understand where the gaps were. They set out to find a solution that could help them get visibility into their entire AWS environment, and that wouldn’t generate a lot of noise. The Security team wanted to be able to monitor their environment and ensure compliance across the entire architecture. Of particular importance, they wanted to identify and address any instances of public exposure of sensitive information as well.

Wiz agentlessly scans everything in the cloud, delivering full stack visibility for Yotpo. With the Security Graph, Wiz is able to identify the toxic combinations of flaws across multiple layers that represent real risks, so Yotpo’s Security and DevOps teams can clearly prioritize what they should remediate first. This has allowed them to visualize their full AWS environment to find where the gaps were. Since Wiz layers together misconfigurations, network exposure, exposed secrets, vulnerabilities and more, Yotpo was able to get organized alerts on the risks that matter, and see how everything in their AWS environment interacts together. With Wiz’ remediation guidance, their DevOps team is able to spring into action whenever an issue arises, ensuring that whatever happens is fixed quickly.

Illustrated example of a Wiz dashboard

Yotpo partnered with Wiz to further their security journey in AWS. Their vision is to build a unified process across DevOps and Security where both teams work in lock-step to build, monitor, identify, and remediate securely in AWS. By partnering with Wiz, Yotpo could ensure that they had a strong security foundation with the visibility and prioritization capabilities they needed to build an end-to-end partnership across Security and DevOps. Now the team is equipped to advance their security capabilities as well as handle unexpected security issues as they arise.

Wiz has provided the deep visibility and prioritization for addressing security issues in AWS that Yotpo was looking for. With Wiz in place, Yotpo’s Security and DevOps teams are able to work as one team to identify, prioritize, and mitigate security issues, helping them move faster and more effectively as they continue to grow.