Challenge

• Protect patient data and maintain a zero-tolerance security posture.

• Quickly and easily identify potential threats without a dedicated security team.

• Cut down on noisy alerts that distract from prioritizing the real vulnerabilities.

Solution

• Artisan gained visibility into its cloud infrastructure and was able to clearly identify vulnerabilities across the platform.

• Developers can respond quickly to issues through an easy to understand dashboard.

• Artisan relies on Wiz to automatically elevate the most critical threats while quelling multiple alerts for the same issue.

Securing data has never been more critical

Artisan is a software company that partners with medical practices in the fertility industry to simplify patient care. Its Artisan EMR Solution stores sensitive patient data such as medical history, laboratory tests, and treatment plans.

When Artisan started, it was the only cloud-based infertility electronic medical record system, and that was a powerful incentive to attract new business. “We've become a hub by virtue of being cloud-based, and we've been able to work with other vendors who wish to reach our customers,” says Artisan President and CEO Alex Steinleitner.

As the cloud helped fuel Artisan’s growth, it also brought new challenges in how the company secured its environment. “As we moved to the cloud, things became more spread out amongst vendors, and we started using more software and digital tools to communicate,” shares Steinleitner. “We learned what it means to broaden the attack surface, and that there are a lot of bad guys out there who are going to try to attack our systems at all costs.”

Artisan knows patients must be able to trust that their personal and financial information will be secure and accessible 24/7. “If the system was down for any reason, we'd have thousands of patients who could have their treatments interrupted,” says Steinleitner. “They depend on daily access to the information they trust us with. In some cases, these are people going through expensive, life-changing treatments. Downtime because of a security breach would be catastrophic, not only to our business, but also to the care of the patients.” 

I'm a doctor, I take care of people, I was trained in preventative medicine. Wiz is like preventative medicine for us.

Alex Steinleitner

President & CEO, Artisan

Adopting a secure-by-design approach

It’s important for Artisan to make sure that security is part of all conversations when it comes to development and other areas of the company. “When our developers are starting to build something, we really need them to start thinking of security right away,” says Matthew Mazzariello, Development Manager at Artisan. “Because these cloud solutions can be accessed from anywhere, we really have to be mindful of that when we’re developing.”

New threats come out all the time, so we really have to make sure we're staying on top of it. We want to be proactive, not reactive. We need to make sure that we’re doing our due diligence.

Matthew Mazzariello

Development Manager, Artisan

Maintaining strong cloud security with agentless visibility

Before Wiz, Artisan tried using other CSPM solutions. The company first tried using cloud-native security tools, however they were disparate and didn't provide a full picture of its cloud environment. The company then tried another CSPM solution, which provided more visibility, but also created more alerts than the security team could handle, making it difficult to know which alerts it should act on.

Ultimately, Artisan chose Wiz because it provided full visibility into its infrastructure while only elevating alerts for real risks that needed to be addressed. “We could receive up to 500 alerts for every real vulnerability. We were drowning and had no way to know which alerts were real,” says Steinleitner. “Wiz allowed us to see our full cloud environment and understand what its vulnerabilities were.”

When we looked at Wiz it became obvious it was much more efficient at allowing us to understand how our infrastructure was exposed to external risks and what the vulnerabilities were. Wiz allowed us to concentrate our efforts on problems rather than simply identifying issues. Without Wiz, we were getting alerts every time there was a concern, but there could be a thousand identified issues for every problem that we solve. We'd be down a lot of rabbit holes if we were chasing issues, instead of problems.

Alex Steinleitner

President & CEO, Artisan

Since Artisan uses AWS for its production and environments, “there was nothing to install with Wiz,” says Mazzariello. “We recently put these packages into AWS and Wiz was already on the case and reporting issues before we had even released anything into production.”

Building a collaborative security posture

Artisan turned to Wiz as a security solution that  would be easy for developers to understand. Wiz helped identify potential threats fast, autonomously, and constantly, without requiring a dedicated security team. “The Wiz dashboard is so easy to understand,” says Mazzariello. “With the click of a button, it shows you if there are any critical threats, any highs, any mediums, any lows.”

Seeing that information and knowing what needed to be addressed first was vital for Artisan to maintain a secure posture and the trust of its customers.“We built our reputation within our field as the simplest software to use. It just works. People figure it out. Wiz is similar in that it's easy for somebody with minimal technical background to pick up and understand,” says Steinleitner. “With Wiz, I can view dashboards that show my most critical risks and prioritize lesser ones, so I understand what my problems are.”

When Log4shell hit, Artisan was inundated with calls from customers about whether it was prepared. “We were able to run a Wiz scan, see in fact that our entire system was fine, we were safe and secure, and we were able to report that to our customers,” says Steinleitner.

When you’re operating a cloud-based solution with sensitive data, security is paramount—it’s your duty to protect your customer's data. If you don't have layers of security measures in place, you're not going to be at the table very long. We need to be ahead of the curve and working with Wiz has helped us to do that.

Matthew Mazzariello

Development Manager, Artisan

Making security a primary concern across the board

“Every week when we sit down as a team and look at the latest threat board, Wiz immediately shows us if there is anything to worry about,” says Steinleitner. “It's just comforting to see there are zero critical or even high deficiencies—another week where we're safe and that's good.” 

Knowing the status of its security posture helps Artisan do business as well. The company is being acquired by a large international fund going into Asia and Europe. As part of the fund’s due diligence, it had a lot of questions about Artisan’s software structure. “Security was clearly an issue,” says Steinleitner. “But we were simply able to print reports from the relevant parts of Wiz and show that we had no outstanding major vulnerabilities, and the consultants were able to view our Wiz profile and see that in fact, we were very compliant, and they didn't have security issues.”

With Wiz, Artisan found not only a solution for a non-dedicated security team, but also a partner to help the team understand how their infrastructure is exposed as they continue to build their cloud environment. “We need to be ahead of the curve and working with Wiz has helped us to do that,” explains Steinleitner. “As the CEO, Wiz lets me sleep at night.”