Challenge
After adopting a multiple cloud strategy, Handshakes needed a cloud-native security solution to gain a holistic view of threats across its environments.
With its multi-cloud strategy, the Handshakes security team encountered challenges with developer velocity, often requiring weeks to address security issues.
The Handshakes security team had limited visibility to highlight security threats to its management team in a timely and cost-effective manner.
Solution
Handshakes used Wiz to get the multi-cloud overview it needs to make informed security decisions.
Handshakes automated security and compliance with Wiz, empowering its team with real-time insights to handle urgent concerns within a day.
Handshakes gained access to proof points that could be easily shared with managers through executive dashboards to accelerate decision-making across the organization.
Securing data in the multi-cloud
Founded in 2011, Handshakes is on a mission to help businesses harness data insights to make safe, informed decisions. As one of the leading corporate data providers in Singapore, Handshakes trusted and secure platform combines reliable corporate data with adaptive technologies to enable greater market transparency and faster risk detection. By accelerating customers’ ability to extract quality data-driven insights, Handshakes empowers organizations to simplify workflows, such as performing due diligence checks or identifying conflicts of interest, and to take actionable steps to improve their know-your-customer (KYC) capability.
Handshakes was originally designed as an on-premises solution but has since made its journey to the cloud. As the business continues to expand, the cloud offers the flexibility and scalability to meet increasing customer demands by allowing product teams to be nimble, and achieve faster speed to market, thus delivering more value for its clients.
The cloud supports Handshakes’ evolution towards a microservices and serverless architecture, but also creates challenges in securing data and ensuring that the requirements of Handshakes’ highly regulated customers are met.
As a SaaS provider, we process a large volume of data. It’s important to have adaptive governance and frameworks to ensure everyone in the organization is aware of their role in security and compliance.
Jonathan Ng, Head of Enterprise Security and Technology Infrastructure, Handshakes
“We want to be cloud-first and drive innovation, but we also need to look at how we are protecting our infrastructure and understand the interdependencies in a more connected and digitised ecosystem,” says Jonathan Ng, Head of Enterprise Security and Technology Infrastructure at Handshakes. “Cloud security is about putting a strong foundation in place. We needed to make sure we weren’t building a house on sand.”
Unifying security to gain a holistic view
Every cloud provider offers built-in security and compliance tools to help organizations secure their assets in the cloud. But, for companies operating across multiple clouds, managing disparate security systems can create a fragmented view of security concerns. Besides being able to promptly identify potential issues in the cloud environments, the biggest opportunity is to be able to establish the context surrounding the issues and understand what steps can be taken to fix them.
“When I joined Handshakes, we were not equipped with the necessary tools to allow product development and security teams to make quick decisions for our cloud security,” Ng says. “There was limited visibility, information, and documentation around security concerns. I recognized the importance to find a faster and easier way to identify this information.”
Wiz is helping us find the balance between security and agility. By ensuring business decision-making is always backed by data, we can make informed decisions when there are risks we have to manage within the enterprise.
Jonathan Ng, Head of Enterprise Security and Technology Infrastructure, Handshakes
As the team began to evaluate its options for a comprehensive security solution, Handshakes focused on finding a provider that could support a multi-cloud environment with integrated compliance and easy deployment. With Wiz, Handshakes now has full visibility into its multi-cloud environment and has instant access to the contextual and actionable insights it needs to effectively address risks.
“Wiz gives us real-time data when it used to take days to get the right insights.” Ng says. “Now, I can bring information back to our teams to address issues quickly.”
Building a strong security foundation
To establish a framework that is able to provide Handshakes with the baseline it needs to bolster its security posture, the company connected Wiz to its environment to establish a framework that provides them with a secure baseline, taking advantage of Wiz's CSPM and DSPM capabilities. Within 24 hours of connecting to Wiz, Handshakes had a full overview of all security issues across its multi cloud environment available on the Wiz Dashboard, including executive reports that provide at-a-glance security posture updates for its leadership team. This improved visibility has also allowed Handshakes to reduce costs by identifying and spinning down unused resources.
With Wiz’s compliance heatmap, Handshakes assess its compliance posture across industry standards and business units at a glance. As compliance becomes increasingly important for its customers in highly regulated industries, this ability to pinpoint improvement areas, and automatically adhere to compliance and ISO requirements, helping to future-proof the company as it continues to strengthen its security posture.
From a security perspective, you can only secure what you are aware of. Often the biggest challenge for security professionals is that limited visibility. The Wiz CSPM and DSPM solutions provide the visibility we need to streamline and shorten our response time to security threats in our landscape.
Jonathan Ng, Head of Enterprise Security and Technology Infrastructure, Handshakes
Handshakes also uses the Wiz Security Graph to show the interconnections among technologies running in its cloud environment. The graph helps the team visualize the potential pathways to a breach and provides meaningful context, all within a single console. To further prevent data breaches and protect sensitive data including PII, Handshakes uses Wiz to continuously monitor for exposure and proactively eliminate attack paths across its multi-cloud landscape.
“Now we can see exactly where the gaps are. We have a clear picture of our data inventory and where sensitive information is residing and need to be protected,” Ng says. “Using Wiz’s capabilities is helping us on our path to achieve ISO 27001 certification in 2024.”
Democratizing security management across the organization
Now that Wiz is in place, Handshakes has turned its focus to building a security-focused culture. “My role is to be an enabler for the business and to make sure that security is a conversation, not an afterthought or a by-product,” Ng says.
With a lean security team, onboarding developers and team leads is critical to Handshakes’ security posture. To align its organization, Handshakes brings together its security, engineering, and product teams to chart the company’s security roadmap and activities. Through a series of roundtables, they identified priorities, evaluated risk and compliance needs, and assigned tasks to relevant system owners. For example, if Wiz identified security issues for a specific product, that product’s delivery team would be notified with a sequence of tasks to resolve the issues.
Once everyone was comfortable with the new system, team leaders were given access to Wiz so they could build security management into their own workflows. Previously, it could take up many days for Handshakes to react to security threats. With real-time information from Wiz, the team can address urgent concerns proactively and aligning with the velocity of development sprints. “With the information we have in Wiz, we’ve seen projects that used to take months cut down to weeks,” said Ng. “For some urgent issues, our teams can resolve them in a single day.” By providing the right knowledge and resources to address security concerns, Wiz is helping Handshakes democratize security across the organization.
Empowering informed and actionable decision-making
With Wiz underpinning its cloud security strategy, Handshakes has better control over its security boundaries, clearer visibility of its resources in the cloud, and the data points it needs to accelerate decision-making. By providing a unified view of Handshakes’ cloud environment, Wiz is helping the company be proactive versus reactive. Now, the team can code, develop, and configure their products to prevent threats before they happen.
“One of the biggest measurements of success to me as a security professional is being confident that my organization can quickly recover from security issues,” Ng says. “It’s not a matter of if these issues will happen, it’s a matter of when. Wiz helps us achieve cyber resilience and preparedness to handle security concerns across our organization.”
