Challenge
Scaling visibility with growth: As Owkin’s AWS environment expanded rapidly, the team needed a clear, consolidated view across accounts to support secure innovation and protect sensitive research data
Prioritizing what matters most: With a small team managing continuous operations, Owkin needed a way to quickly identify and focus on the risks that truly matter, without getting slowed down by noise
Enabling security at the pace of development: As AI workloads and data processing increased, the team looked for an approach that could keep up with development speed while supporting ongoing research and experimentation
Solution
Immediate visibility and fast time to value: With Wiz, Owkin gained full visibility across its cloud estate in under an hour, reaching production in two weeks and establishing trusted data from day one
Faster, more efficient investigations: Using Wiz AI capabilities like Mika and the Blue and Green agents, the team reduced investigation time from hours to seconds, freeing up resources for higher-impact work
Security that supports builders: Wiz enabled developers with self-service visibility and guardrails, helping teams catch and fix issues earlier while maintaining strong security standards
75% reduction in false positive investigation time
from 20-30 minutes to 5 minutes
1 hour total deployment time
across entire cloud estate
Less than 1 hour daily cumulative threat response time
down from several hours
Securing AI Innovation at Scale
Owkin operates at the intersection of artificial intelligence and biotechnology, using advanced AI models to accelerate medical research and drug discovery. As CISO Leo Cunningham explains, the mission depends on protecting highly sensitive research data while enabling fast innovation.
Over the past year, Owkin saw its largest cloud growth spurt, driven by AI adoption and rising data demands. Today, the company runs a large-scale AWS environment supporting production AI workloads, with 13 to 40 petabytes of sensitive research data across more than 50 accounts.
This rapid expansion created a clear challenge. A lean security team of three needed to maintain visibility and protection across a fast-moving environment, without slowing the business.
We needed a consolidated view of everything going on within our cloud infrastructure and ecosystem. We have a large estate, we're constantly building as a company, and we needed something that could help us look at our security posture and give us insights end-to-end.
Leo Cunningham, CISO, Owkin
At the same time, trust in security data was critical. "We needed visibility quickly with data that we trusted," explained Jacob Barnes, Head of Cloud Security. "We had previous experiences where we never had the trust we needed in the data."
Owkin needed a platform that could deliver immediate, trusted visibility across its cloud environment, without adding operational overhead.
Fast Deployment, Immediate Confidence
Wiz delivered value from the start. Barnes deployed Wiz across Owkin’s entire cloud estate in just one hour, even while managing childcare at home.
I deployed Wiz across our entire estate whilst looking after a two and a half year old and a 6-month-old in an hour, while trying to feed them their dinner. It hit all the marks we needed very quickly.
Jacob Barnes, Head of Cloud Security, Owkin
Within two weeks, Owkin completed both the proof of concept and full production deployment. The platform immediately provided the consolidated visibility and trusted insights the team had been missing.
"Every deployment with Wiz has been easy, from initial setup to integrations," Barnes explained. "The light-touch approach of getting insights quickly and then extending as needed has continued through new features and integrations."
This ease of use meant the team could adopt new capabilities without disrupting workflows. More importantly, it changed how they operated. With trusted data and full visibility, Owkin could clearly communicate risk, prioritize remediation, and move at the pace of its business.
AI-Powered Efficiency: From Hours to Minutes
Once deployed, Wiz's AI-powered capabilities transformed how Owkin's lean security team operated. The impact was particularly dramatic in threat investigation, where the blue agent automates evidence collection and investigation and the green agent automatically guides remediation, significantly reducing manual effort. "At first we continued our manual investigation side by side with the agents, but 10 out of 10 times we were getting the same threat assessment conclusions," Barnes explained. "building this trust enabled us to rapidly accelerate."
This automation delivered quantifiable time savings. What previously required 20 to 30 minutes of manual investigation per false alert now took just 5 minutes—a 75% reduction in investigation time. For a team managing 24/7 on-call rotations, this meant dramatically less time spent on alert triage and more time available for strategic security initiatives. Overall daily threat response time dropped from several hours to less than one hour cumulatively.
Being a lean team on call 24/7 with 2-week rotations, knowing that if I'm getting woken up by a Wiz alert, it's going to be good and concrete is critical.
Jacob Barnes, Head of Cloud Security, Owkin
Wiz's Mika AI query generation capability delivered another efficiency breakthrough. Cunningham demonstrated how Mika could produce a complete analysis of security exposures, their sources, remediation steps, and exploitability in just 7 to 8 seconds—work that would have taken considerable time manually.
The accuracy of these AI-powered tools was crucial. Because the team could trust the AI's conclusions, they didn't need to verify every assessment manually. This trust multiplied the time savings, allowing the team to operate with the precision and efficiency their operating model demanded.
Intelligent Prioritization: Cutting Through the Noise
Beyond speed, Wiz provided something equally valuable: the ability to prioritize intelligently. Like many organizations, Owkin faced thousands of potential vulnerabilities across their infrastructure. Without proper context and prioritization, this volume could paralyze a security team—especially one with only three members.
Wiz's Issues abstraction layer solved this problem by correlating vulnerabilities with actual exploitability, business impact, and environmental context. This allowed Barnes to communicate risk clearly to leadership despite high raw vulnerability counts. "With Wiz, the issues abstraction layer is genuinely there," Barnes noted. "I can tell leadership we may have thousands of vulnerabilities, but I'm not worried because we have no high-severity issues, everything's low or medium."
This capability proved particularly important given the team's on-call responsibilities. When an alert triggered in the middle of the night, team members needed confidence that it represented a genuine issue requiring immediate attention, not just another false positive.
I trust Wiz's insights. I can give rule sets to developers with confidence that it's hitting most of my security requirements, because Wiz always seems to arrive with visibility in the exact areas where we have gaps.
Jacob Barnes, Head of Cloud Security, Owkin
The data governance and DSPM capabilities added another dimension to this visibility. Barnes could proactively identify unexpected data combinations in S3 buckets and communicate potential privacy concerns to the legal and data privacy teams—visibility that would have been impossible without Wiz.
Democratizing Security: Empowering Developers to Build Securely
Perhaps the most strategic impact of Wiz was how it enabled Owkin to democratize security across the organization. Rather than creating a bottleneck where all security decisions flowed through the three-person security team, Wiz allowed developers to take ownership of security within their own workflows.
Barnes implemented a developer-centric approach using Wiz's capabilities. "I can give developers a Wiz AI security guardrails dashboard and sandbox AWS account, saying don't use real data, let Wiz look at it, and then tell them here are your bad points before you go into production," Barnes explained. This self-service model meant developers could identify and remediate security issues early in the development process, without requiring constant security team intervention.
This approach aligned perfectly with Owkin's innovation-driven culture. "We want to be the brakes on the Ferrari," Barnes noted. "Having more insights into AI usage in the cloud lets us move quickly while managing our internal risk posture and continuing development."
The cultural shift was significant. Engineers, SREs, and data teams began using Wiz daily, taking ownership of security within their domains. The security team transitioned from gatekeepers to enablers, providing tools and guardrails that empowered other teams to make secure decisions independently. This multiplication of security capability across the organization meant that Owkin's three-person security team could effectively support an entire company's worth of cloud infrastructure and innovation.
Security that scales with innovation
Today, security at Owkin is built to keep up with the business. What started as a need for visibility has become a foundation for how the team operates, moving quickly, focusing on what matters, and supporting innovation without adding friction.
With Wiz, the team has reduced investigation time and streamlined response, freeing up capacity to focus on higher-impact work. Just as important, they now have trusted insights they can rely on, whether communicating risk to leadership or enabling developers to build securely from the start.
We're like SEAL Team 6. We go in, we get the target, we get it done very effectively and very quickly, so Mika has been an excellent addition that really saved a lot of time.
Leo Cunningham, CISO, Owkin
As Owkin continues to grow, the team is set up to scale its impact without adding complexity. With clear visibility, AI-driven support, and security embedded into development, they can keep pushing the boundaries of AI-driven research while staying secure.
