Challenge
Rapid growth of SaaS platform required a new approach to securing Redis’ cloud infrastructure.
Redis previously lacked a unified security view or tooling across its multi-cloud infrastructure.
As an engineering-first organization, the Redis security team wanted modern cloud security tools that would add value and speed tasks for Cloud Ops and other teams .
Solution
By deploying Wiz, Redis was able to scale its security posture without hiring additional staff.
Wiz gives Redis total visibility and a bird’s eye view of every system across its multi-cloud infrastructure.
With Wiz, Redis eliminated manual work to save time and speed up development.
Rapid growth creates urgency to adopt a new cloud security approach
From gaming leaderboards to fraud detection to real-time inventory management, Redis makes applications faster, with blazing fast performance at scale. The company is the driving force behind Open-Source Redis, the world’s most loved in-memory database, and is the commercial provider of Redis Enterprise, a real-time data platform that powers services for more than 8,500 organizations globally.
Although Redis has been cloud-native from the start, the rapid growth of its managed service offerings changed how the company approached cloud security. With an infrastructure that is highly elastic and dynamic, Redis realized it needed an equally flexible yet mature security stack that could provide the multi-cloud visibility and confidence in security that the company needed for continued success.
Relying on native cloud security features and employee tribal knowledge was no longer an option at scale
“Our developers are building a phenomenal product with low-latency data access and retrieval and high availability for some of the most demanding companies in the world,” says Quincy Castro, Chief Information Security Officer at Redis. “The security team’s goal is to support that mission with services that protect our business and our customers without slowing down our engineers.”
However, when Castro joined Redis, the company lacked a unified security tooling that could span the thousands of accounts Redis runs on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. The company had been relying on a combination of native security solutions from the three cloud providers together with tribal knowledge and manual processes. It was clear that as the company continued its rapid growth, this initial approach to cloud security would no longer be sufficient.
“If you think of the way traditional security programs are structured, you're not going to be successful in a B2B SaaS world by just scaling up that old fashioned security function,” says Castro. “You need to lean into innovative tools and technologies that can underpin the automation and dynamic response necessary to protect your environment.”
For Castro, one of the first things he needed to do was find a solution that would enable Redis to quantify its security posture across all its cloud platforms at a glance while being fast and easy to deploy and use, all without disrupting engineering teams.
Wiz “flips on the lights” for Redis
After evaluating multiple security tools, Redis chose Wiz for the scale and maturity of the platform, its robust set of features, and ease of use. Ease and speed of deployment were also must-haves for the new solution, and something that Wiz delivered with its agentless approach.
“Any tool that required agents or scripting would be a non-starter because of the disruption to development and our business,” says Castro. “One of the reasons we chose Wiz’s agentless solution is its ease of use for our development and DevOps teams. Their positive experience with the security tools we choose is a top priority.”
In less than 30 minutes, Redis deployed Wiz and began seeing immediate value. “Wiz gave us total visibility,” says Castro. “It was like flipping on the lights. That was an eye-opening moment for our partners in the company when they realized that we brought in a tool that gives us this bird's eye view of every single system across all of our cloud environments."
Wiz gives a high-growth startup like Redis a very mature capability out of the box that would be very, very costly and labor intensive to create on its own.
Quincy CastroChief Information Security Officer, Redis
After the initial deployment of Wiz for malware scanning, Redis rapidly expanded its usage and now relies on Wiz to evaluate its security posture from an overall risk-based view with context, prioritize which security issues should be addressed first, and support compliance reporting and certification.
Redis improves agility while gaining confidence in its security posture
For Castro, one of the major benefits he sees with Wiz is how it empowers non-security people to understand the context of security issues, how they can be fixed, and what the priority is for fixing them — delivering value for DevOps that drives adoption and generates wide support. “Wiz identifies and contextualizes real risks rather than just spitting out a list of isolated issues,” he says. “This helps our agility as DevOps gets the context it needs to fix things and move faster. As we transition to using Wiz as a DevOps tool across the company, it’s important to have that context for people who are not security experts.”
Having Wiz in place saves Redis time and resources it can use for other important security tasks. “With Wiz, we can scale our cloud security approach without adding more staff by eliminating much of the tedious manual effort that was necessary in the past,” says Castro.
Wiz also significantly streamlines compliance efforts for Redis. “As we go through PCI and other certifications, having the built-in compliance framework checks within Wiz lets us very easily get the data we need to provide,” says Castro. “It's been very helpful from the compliance perspective.”
Castro particularly appreciates the confidence Wiz gives him to “speak truthfully and confidently” to customers and partners about Redis’ security posture. “The visibility and insight we gain from Wiz helps us maintain trust with our customers,” he says. “We can evaluate our security posture versus a vulnerability making the front page and instantly determine whether we’re impacted or not.”
So much of the value we get from Wiz is that confidence that things are doing what they're supposed to be doing and our technologies and platform are configured properly.
Quincy CastroChief Information Security Officer, Redis
Integrating Wiz will give Redis an “immune system” for security
The next priorities for Castro are integrating Wiz with Redis’ security operations center (SOC) provider and DevSecOps platforms and automation tools to automate alerting, containment, and remediation processes. “The idea is to turn a source of information into a trigger,” he says. “Integrating Wiz with other capabilities helps us develop a dynamic defense footing, and build an ‘immune system’ that can take action on things that are beyond our risk tolerance.”
As Redis continues to move from manual operations to a scalable multi-cloud approach, Castro views Wiz as an essential component in securing the company’s success. “Wiz gives us the ability to be confident in the security posture of our products and services,” he says. “It allows our DevOps teams and engineers to move quickly, and it allows us to deliver the best possible experience to our customers. We don’t have to worry about the state of the environment or whether there’s some security issue lurking out there that we don’t know about.”
