Improve security and visibility across the Google Cloud Platform.
Give cloud, development, and security teams a common tool for collaborating on security best practices.
Go beyond alerts to get actionable context and guidance to quickly address critical cloud issues such as Log4j.
Deliver full visibility of the Google Cloud Platform environment within minutes using Wiz’s agentless solution.
Utilize a single source of truth to democratize security across cloud, development, and security teams.
Immediately understand the impact of critical issues and route actionable findings to the right teams for remediation.
Shifting from on-premises to a cloud-first model
More than 200 years after its start as a soap and candle business, Colgate-Palmolive Company is a truly global consumer goods company serving billions of consumers around the world. The caring, innovative growth company that is reimagining a healthier future for people, their pets, and the planet, is in the midst of an ambitious digital transformation
The company’s digital transformation has included a shift from a traditional on-premises infrastructure to a cloud-first approach. With its new cloud strategy, came the need for Colgate-Palmolive to adopt a different approach to security. “From the security perspective, the cloud is a moving target with an entirely new set of variables,” says Alex Schuchman, Chief Information Security Officer at Colgate-Palmolive.
Colgate-Palmolive’s security team knew that lifting and shifting the company’s on-premises security models would not give them the cloud-native security approach they needed to achieve their ideal security posture.
Demonstrating immediate time to value
“We were seeking an easy set up and full visibility into the entire cloud infrastructure in a matter of minutes, without deploying any agents,” says Schuchman. “Even during our proof-of-concept stage with Wiz, we discovered things we hadn’t seen before and used that information to immediately harden our configuration or have a discussion with the developer.”
Wiz agentless scanning provides one source of truth for its security posture in the cloud, including areas such as Kubernetes clusters and serverless functions.
This new depth and breadth of visibility really made us pay attention. We were able to scan tenants and find new critical issues very quickly.
It provides one resource for both traditional cloud posture management as well as vulnerability management. “I wanted to simplify the work for my team, who are looking to close vulnerabilities and harden infrastructure,” says Schuchman. “Now, they are able to work within a single interface and one system.”
When the Log4j vulnerability hit, Colgate-Palmolive realized the value of having full visibility across its cloud environment.
By scanning our entire GCP environment, we could understand where Log4j impacted us in minutes, not weeks.
Simplifying security for cloud teams
The security team at Colgate-Palmolive isn’t the only part of the organization relying on Wiz. "We’ve opened it up to our cloud and development teams so they can see the same alerts that our security team does for their projects,” says Schuchman. “As a result, we don’t have to be the police. Every team can take charge of their own security.” Additional teams are now able to help strengthen Colgate-Palmolive's security posture.
Wiz helps educate non-cloud experts and enables new ways for security practitioners to work directly with developers and cloud architects. It fosters collaboration across our teams, helps them really understand what the problem is, communicate it in a common language, and collaborate with peers to get it remediated. It’s not just a tool for security.
Schuchman believes that the greatest benefit for Colgate-Palmolive is not just the ability to see a vulnerability or a misconfiguration in the cloud, but to understand how to resolve it so that the team is following best practices and closing vulnerabilities. “That helps our teams take action on alerts and close them quickly.”
As Colgate-Palmolive continues to evolve its business and pursue new growth opportunities, Schuchman sees the security team as enablers of the company’s vision. “For us, enabling business growth means supporting additional cloud infrastructure or cloud investment in a way that does not stop or delay developers from deploying applications,” he says.