Challenge
Legacy, document-centric security practices and siloed systems created inefficiencies and made scaling the development of software at speed across MCCS’s complex operational environment challenging.
MCCS faced delays averaging 18 months to secure Authorization to Operate (ATO) for new IT projects, hindering its ability to deliver timely capabilities to Marines and their families.
Labor-intensive processes for vulnerability management and compliance reporting strained resources and left gaps in security visibility.
Solution
Operation StormBreaker is an initiative designed to overcome these challenges by centralizing security operations, modernizing compliance processes, and creating a scalable cloud-native IT environment.
MCCS leverages Wiz’s agentless platform to provide centralized access to a single-pane-of-glass view of hundreds of workloads across diverse projects, streamlining operations and allowing the organization to scale securely and efficiently.
Operation StormBreaker’s automation and continuous monitoring compressed approval and deployment timelines by nearly 95 percent, helping teams deliver secure systems faster.
MCCS gained real-time visibility and automated compliance workflows with Wiz, significantly reducing the manual effort required and enabled proactive risk management.
Three hours to integrate Wiz across 350 workloads
in AWS and fully deploy the platform in StormBreaker
StormBreaker reduces the timeline for Authorization to Operate from an average of 18 months to 30 days
or same day authorization for containerized workloads
StormBreaker’s inclusion of Wiz into the platform is on track to eliminate at least two legacy tools,
reducing costs and centralizing workflows
Modernizing security for a complex, global operation
The Marine Corps Community Services (MCCS) serves as a lifeline for Marines and their families, delivering 25 lines of business and managing 84 programs that include childcare, behavioral health services, lodging, retail, and recreational activities. With operations spanning the globe and responsibilities to support a $1.7 billion enterprise, the stakes are high. With its critical mission, MCCS faced growing demands in adapting to modern security requirements and increasing efficiencies across its operations.
The complexity of MCCS’s operational environment created hurdles for its IT and cybersecurity teams. Historically, the Department of War (DoW), including MCCS, relied on legacy, document-centric security practices and waterfall acquisition processes—methods that often led to time-consuming, inefficient workflows. IT projects took two or more years to secure Authorization to Operate (ATO), leaving initiatives outdated by the time they launched, and delaying critical innovations needed to serve Marines effectively.
Operation StormBreaker is about unlocking the promise of the agility and speed made possible in the cloud by addressing the constraints of legacy acquisition and compliance approaches, so we can better support Marines and the Marine Corps mission.
Dave Raley, Chief Digital Business Officer, MCCS
MCCS’s existing vulnerability management and compliance reporting processes also proved to be labor-intensive and disjointed. Without real-time insights into its cloud environment, the team couldn’t proactively identify and address vulnerabilities ahead of emerging risks. As Dave Raley, Chief Digital Business Officer at MCCS, says, “Legacy compliance processes really don’t capture what it takes to deliver mission outcomes in a secure way, so you just end up getting bogged down and going nowhere.”
To bridge this gap and support the goals laid out in the DoD’s software modernization implementation plan, MCCS required a holistic solution that could modernize its cybersecurity workflows, deliver enhanced visibility into its complex hybrid cloud and on-premises environment, and streamline compliance and vulnerability management. The new solution also needed to support the needs of a digital-native generation of Marines who expect fast, seamless, and secure digital experiences.
Adopting Wiz for next-generation cloud security and compliance
MCCS launched Operation StormBreaker, an initiative designed to overcome these challenges by centralizing security operations, modernizing compliance processes, and creating assurance for a scalable cloud-native IT environment. The goal of Operation StormBreaker is to deliver rapid, secure, and adaptable software-defined capabilities to support decisive military advantage across all domains. The initiative focuses on enabling faster delivery of secure and resilient IT capabilities while reducing operational bottlenecks associated with traditional methods of compliance and development.
The team chose Wiz for U.S. Government for its clear alignment with Operation StormBreaker’s goals of enhancing vulnerability management, streamlining compliance reporting, and achieving continuous monitoring, all while reducing the effort required for these processes. Wiz also stood out due to its reputation as a comprehensive Cloud Native Application Protection Platform (CNAPP). The DoD’s guidance on Continuous Authorization to Operate (cATO) emphasizes the value of CNAPPs in achieving agile, scalable, and compliant security frameworks, making it a requirement for all of DoD’s software factory cloud environments. Wiz provided StormBreaker with a powerful solution to architect, monitor, and support its compliance-driven cATO process.
By deploying Wiz in AWS and leveraging the AWS Marketplace to accelerate implementation, Operation StormBreaker successfully integrated the platform into its cloud architecture. The team connected Wiz to its AWS accounts, identity provider, and collaboration tools like Slack within just three hours, thanks to Wiz’s intuitive configuration process and agentless nature. This rapid setup provided StormBreaker with instant visibility across its cloud environment and enabled further enhancement of continuous monitoring and proactive alerting.
The Operation StormBreaker team deployed Wiz in about three hours, and a day later they achieved zero criticals with Wiz
Customer Success Manager, Wiz
Operation StormBreaker leveraged Wiz integrations with RegScale, a platform that automates compliance by operationalizing policy-as-code to streamline reporting and ensure real-time adherence to frameworks like NIST and FedRAMP. In addition, Operation StormBreaker is integrating with Harness, a leading software delivery platform that simplifies continuous delivery and enables seamless deployment pipelines. Together, these integrations promise to enhance automation and compliance, creating a tightly connected ecosystem that amplifies Wiz’s foundational impact.
By leveraging Wiz’s dashboards and context-driven security insights, Operation StormBreaker gained a centralized and actionable view of its cloud security posture. This allowed teams to swiftly identify and prioritize vulnerabilities enhancing the data-centric approach to ATO compliance. The integration of Wiz and RegScale further automated these workflows, creating outputs such as real-time compliance evidence and reducing the workload traditionally associated with reporting and manual processes.
“Context is king,” Pratt says. “Wiz’s ability to surface relevant data and make it actionable fits perfectly with our strategy.”
Transforming security outcomes with automation and visibility
The adoption of Wiz enhanced Operation StormBreaker’s approach to cloud security, vulnerability management, and compliance reporting. In just weeks, StormBreaker achieved several key milestones that highlighted the immediate impact of deploying Wiz for Gov.
First, Wiz enabled a reduction in effort traditionally required for vulnerability management and compliance workflows. Automation replaced time-intensive manual processes, freeing teams to focus on higher-value initiatives while improving their overall productivity. “We’re already operating with a high degree of maturity,” Raley explains, “and Wiz enhances our ability to scale with automation instead of adding people.”
Additionally, Wiz’s agentless platform provided Operation StormBreaker with visibility into hundreds of workloads deployed in AWS. This real-time view allowed the team to identify potential vulnerabilities, track drift in compliance, and act on critical risks proactively. StormBreaker achieved its first zero critical vulnerabilities badge immediately after deployment, an achievement that Raley calls “another first to the fight for the Marine Corps.”
We’re demonstrating how secure, resilient software can be delivered at the speed of relevance, much faster than traditional methods. This initiative is about showing the art of the possible to the rest of the DoW
Dave Raley, Chief Digital Business Officer, MCCS
Operation StormBreaker also moved to continuous monitoring and real-time compliance reporting through Wiz’s contextual dashboards and integration with RegScale. By shifting from document-centric to data-centric compliance practices, StormBreaker reduces key delays in meeting the DoD’s cATO standards and positions themselves as a pioneer in modern compliance operations.
Lastly, Wiz’s intuitive dashboards and actionable insights made managing Operation StormBreaker’s growing cloud environments highly efficient. Even as MCCS’s workload and AWS environments expanded, Wiz’s single-pane-of-glass approach gave stakeholders a clear, organized view of their cloud security posture. Operation StormBreaker achieved zero-critical status verified by Wiz on day one, demonstrating a high-level operational maturity.
Building a foundation for future growth
With Wiz as a part of its security strategy, Operation StormBreaker is focused on scaling across the DoW. Using Wiz’s continuous compliance capabilities and integrating tools like RegScale and Harness, StormBreaker aims to further automate workflows, improve security outcomes, as a model platform that aligns with the DoD’s cATO framework.
Looking ahead, Operation StormBreaker plans to leverage upcoming features like Wiz’s Data Security Posture Management to enhance data protection for sensitive information while sharing its proven processes with other DoD components. “We have the certifications, the approvals, and the proven results,” Raley says. “Our goal is to share these best practices, support others, and redefine security as an enabler of mission success.”
