Challenges
Renaissance's security team spent valuable time and resources manually assigning support tickets to remediate issues across 15 products.
Newly acquired teams used different technologies for coding and engineering, impeding the operation of consistent security standards across the organization.
Delayed review of non-critical vulnerability fixes could create areas of risk.
Solutions
Vulnerabilities and issues are automatically assigned to the appropriate teams to resolve, while the security team provides oversight, intervening as needed.
Renaissance leverages Wiz to assess the cyber-risk of acquired companies, which is critical when it comes to securing sensitive data.
Real-time tracking of vulnerabilities enables Renaissance’s development and engineering teams to proactively investigate and fix lower priority issues that may not warrant a ticket.
A leading SaaS provider to K-12 schools
Renaissance is a software as a service (SaaS) business that provides products that manage assessments, curriculum, practice, and instruction activities for K-12 schools across the US and globally. Founded in 1986, Renaissance provides 15 core products and, over the last three years, has acquired additional companies to fulfill its mission of accelerating learning for all. “Our acquisition strategy provides schools with integrated tools to support assessment and instruction from one source rather than needing to work through multiple vendors,” explains Renaissance’s Chief Information Security Officer.
Currently, school districts use tools from different companies and have to integrate them without the resources and funding for those tools to work successfully. Whereas Renaissance gives schools access to a full ecosystem of learning tools from a single provider—enriching the learning experience for millions of students.
Protecting student data is a critical priority for Renaissance. “Data privacy is often a key differentiator for decision makers,” the CISO shares. “So when it comes to potential acquisitions, we look at the risks involved and the finance, resources, and people needed to bring the target up to our security standards.”
Consolidating onto the cloud
Renaissance's journey to the cloud began over 20 years ago, starting initially with its own data center. Over time, the organization moved its core products to a public cloud environment in AWS, acquiring organizations that were cloud-native. “One of the biggest challenges is to get visibility across the whole environment and know what's going on with all these different areas.”
Renaissance’s existing security products and processes required automation to support its rapid growth. Manually assigning support tickets to teams to rectify issues across 15 products was a time- and resource-consuming process. In addition, addressing non-critical vulnerabilities was sometimes delayed, and tracking any fixes was also a laborious exercise.
Holistic view and contextualization among key selection criteria
Renaissance considered a range of solutions before selecting a partner. “Wiz looked at our core cloud infrastructure to provide a holistic view, whereas others only looked at individual elements such as APIs or shared files or data.” He was also impressed by Wiz’s fast, easy, deployment that promised unprecedented time to value, with no setup and service costs. The Wiz Security Graph was another differentiator.
The Security Graph adds context to the issues you’re seeing and allows you to triage them automatically. It’s about tracking down and addressing the vulnerabilities that truly impact the organization, and the Wiz Security Graph allows us to do that.
Chief Information Security OfficerRenaissance
The Renaissance security team was able to immediately use the Wiz dashboard to gain visibility across its cloud environment and started achieving value within minutes.
The deployment rigorously tested Wiz’s role and performance during the acquisition process. “One of the most challenging issues I have as CISO is that I need the fastest and most efficient way of covering the environment from a security standpoint. Day one after an acquisition, I can plug Wiz in, sync with the new environment, and see it right away.”
Now, Wiz delivers value to Renaissance even earlier in the acquisition process. Once Renaissance can view the acquired business’s infrastructure, Wiz identifies vulnerabilities, misconfigurations, network exposures, privileges, and exposed secrets across its own cloud environment and that of acquisition targets, minimizing the security risks of its growth strategy.
Wiz has changed our M&A procedure. The tool provides an automated assessment of the cyber-risk of the acquiring company, which is a core consideration, especially when it comes to handling sensitive data.
Chief Information Security OfficerRenaissance
Building trust with development teams
Since the status of vulnerabilities and remediation is now automated and observable from a single pane of glass view, the security team can clearly assign ownership to the appropriate team to fix the issue.
By automating the threat vulnerability management process, Wiz has helped Renaissance change the relationship between security and developers by scanning for vulnerabilities that can be triaged with rich context and pushed to the relevant team.
And because the security team has integrated tools such as JIRA with Wiz, developers have far greater ownership of the vulnerability resolution process. While the security team assumes an oversight role, developers can proactively investigate and fix lower priority issues, breaking down silos and transforming the cloud operating model at Renaissance.
Renaissance is now well positioned to continue its growth and dedication to customer trust, by monitoring security 24/7 and resolving issues quickly. “As a SaaS provider, you need to lean forward with security as a differentiator and say we’ve got you covered. Wiz allows us to do that.”
