Wiz Defend is Here: Threat detection and response for cloud

BMW accelerates cloud security with Wiz

BMW, at the forefront of the shift to electric vehicles and connected cars, has increased its cloud adoption with a strong emphasis on digitalization.

BMW

Industry

Manufacturing

Region

Global

Cloud Platforms

AWS
Azure
Ready to start?
Get a demo

Challenge 

  • BMW wanted to enable internal teams to use the cloud technologies they need, while also implementing controls that don’t add additional friction or cost to projects. 

  • The manufacturer sought a cloud-agnostic solution that could connect across multiple clouds and provide a centralized point for visibility and security governance. 

  • Ensuring robust security was paramount while maintaining the agility of development teams.  

Solution

  • BMW reduced friction and created more seamless workflows between security and DevOps by integrating Wiz with existing tools that easily send information to the DevOps teams. 

  • Wiz’s agentless and cloud-agnostic capabilities provided BMW with unmatched visibility into its entire cloud infrastructure. 

  • BMW’s developers now have visibility into security issues with detailed remediation steps, making security more digestible and actionable without hindering the development processes. 

95% decrease icon

95% decrease

in critical cloud security issues

95% of Wiz users icon

95% of Wiz users

outside of the security team

Complete visibility icon

Complete visibility

into thousands of cloud workloads within a few days

A digital transformation for a recognized innovator 

BMW has been at the forefront of the shift towards electric vehicles and connected cars — a process that bolstered the company’s commitment to cloud adoption and prioritization of digitalization across teams. This move toward digitization permeated development, logistics, assembly, and research processes.  

Electric vehicles and connected cars have really accelerated the market. Therefore, we have to be much faster. That has driven a lot of IT needs, and cloud is one of the big things.

Roland Lechner, Director of IT Security, BMW Worldwide

BMW has prioritized its security strategies to address the unique challenges and complexities of cloud-based architectures and operations. 

Goals at a forward-thinking company 

BMW recognized the potential of cloud technologies early on. However, the introduction of these technologies also brings unique security concerns. A lack of proper controls in place can lead to accidental exposure of data, potentially damaging the company’s security posture and leading position in the market. Yet overly restrictive security controls can hinder developer productivity and creativity and add time and higher costs to projects.

Roland Lechner, Director of IT Security at BMW Worldwide says in his search for a developer-friendly security solution, he “wanted to give them something where it's easy to do the right thing, so they can concentrate on building functions for the business and get the business better. A lot of times, security is the opponent of fast development. If you solve that conundrum, you're golden.” BMW recognized the need for a delicate balance to ensure that developers can continue to build innovative products at scale without compromising security. 

As a company with historically high standards, BMW understood it needed centralized visibility and transparency into its complex multi-cloud environment. This visibility was critical for identifying security risks and vulnerabilities. BMW had been using cloud-native security tools with different controls and rule sets, which didn’t provide the standardization and global view they needed.

Enhancing operational efficiency was another key goal for BMW; the company needed to address its security needs but also streamline processes and reduce manual effort. Lechner remarked: “It's very easy in security to get lost in tools. Security departments are notorious for having the most tools out of any IT department. So for us it was important to get the right tools on board and get to the point where we can help people do the right thing.” 

Bringing Wiz on board (and containing Log4j) 

BMW looked at several solutions; Lechner recalls that they sought “the CSPM solution or solutions that were cloud-agnostic and gave us a lot of oversight without additional friction.” The team began looking at Wiz. Lechner explains that he was impressed by Wiz’s product plan: “I really liked the product roadmap, which I found really ambitious.”  

The next big (and unexpected) deciding factor for BMW was Log4j. While BMW was still in the evaluation phase with Wiz, the Log4j vulnerability was discovered – requiring quick action and remediation. In Lechner’s words, “within days, Wiz onboarded all of our cloud workloads and gave us complete transparency on where we had vulnerable Log4j instances, where they were dormant, and so on. That was really, really impressive.” Guido Roesler, Manager of IT Operations, says, “with an on-prem system, it was much harder to collect all the information where Log4j is available. We would have been using a lot of huge Excel lists and asking team by team if they used Log4j.” The team implemented Wiz addressed the situation across its cloud implementations very quickly. 

We were able to get transparency on the Log4j situation. We had visibility into our cloud workloads within a few days, and that brought us in front of the wave. With our old on-prem system, it was much harder to collect all the information about where Log4j is available. And at that time, the visibility with Wiz really was a game changer for us.

Guido Roesler, Manager of IT Operations, BMW

The experience also underscored for BMW how important visibility was for their solution. Lechner reflects, “When we put our RFP out for CSPM, I thought automatic remediation was my biggest point. And I quickly found out, with Log4j, that transparency was the big thing for me.” 

Unmatched transparency, enhanced collaboration  

After swiftly conquering the threat of Log4j, BMW's security work with Wiz continued with an enlightening revelation. "We found a lot more cloud workloads than we thought we had," shared Lechner. This realization was a testament to BMW's proactive planning in deciding to achieve full visibility across its cloud landscape. Roesler later remarked on the transformation, "the agentless approach of Wiz helped us to get full transparency on the cloud security situation within a few days after the deployment. That" This visibility also creates simplified means for reporting system updates to executives and other team members. Regarding infrastructure visibility, Lechner says, “I just go into Wiz and look it up. I'll do that, for example, before meetings with vice presidents or senior vice presidents.” 

The integration of Wiz into BMW's cloud environment brought other significant benefits, including bringing developers and the security teams closer together.  

IT security governance has traditionally been somebody saying "You have to fix these vulnerabilities." Now, people can look up and say, "This is the attack path, and this is what I should do." It has brought us closer to developers and shown that we care to make remediation easy for them, not hard.

Roland Lechner, Director of IT Security, BMW Worldwide

This shift in dynamics transformed the company's security culture, democratizing security work across the multiple teams. Roesler says, "95% of Wiz users are the DevOps teams who need to take care of security. We also have other technology-focused teams like architecture teams who want to know about the coverage of their technologies in the cloud." 

Moreover, implementing Wiz helped to improve BMW’s security posture. Roesler reflected, “Compared with the point in time where when we switched on Wiz, the number of critical issues decreased by 95%. If we consider that the number of cloud workloads doubled within this time, the success rate is even higher.” 

Next steps for a revolutionary business  

BMWs democratization of cloud security across global DevOps teams has facilitated more proactive risk management. BMW teams have the visibility they need to understand vulnerabilities better and take remediation steps swiftly.  

Every team must fix the issues. Wiz gives them the all of the information and also gives them a guide on how to remediate.

Guido Roesler, Manager of IT Operations, BMW

Beyond security, BMW has successfully made improvements in operational efficiency. Using Wiz-generated comprehensive security reports has significantly reduced the manual effort required by teams. Changes like this let BMW focus its resources on innovation and driving business growth. 

In the near future, BMW aims to expand Wiz to more aspects of its cloud security program, including expanding its use of Wiz Code to catch issues earlier in the development pipeline, rolling out Kubernetes capabilities and moving towards sophisticated Cloud Detection and Response (CDR) operations. 

BMW’s innovative approach to security, coupled with Wiz's robust cloud security solution, resulted in a successful partnership. BMW has been able to leverage cloud technologies securely, while still staying ahead of the curve. 

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management