How the UK's Department for Work and Pensions Achieved 100% Cloud Visibility and Zero Critical Issues in 90 Days

Serving 22 million citizens, DWP transformed its security model to empower 1,000 engineers with agentless cloud security across 2.5 million resources

Department for Work and Pensions

産業

政府

リージョン

ヨーロッパ

ウィズ製品

Wiz Cloud

ユースケース

CSPMAI-SPMCDR

クラウドプラットフォーム

AWS
Azure
Kubernetes
開始する準備はできましたか?
デモを見る

Challenge

  • At the start of 2024, cyber threats were increasing and placed some pressure on DWP’s ability to monitor and respond to vulnerabilities.

  • The increasingly ephemeral nature of cloud-based resources meant that 24-hour scanning was not providing real-time information, especially in the cloud-based environments.

  • Agent-based security solutions required engineering teams to deploy agents on infrastructure, creating friction where agents couldn't be installed.

  • DWP required comprehensive visibility and context across a massive estate including 85,000 containers, 20,000 servers, and 85% of applications in the cloud.

Solution

  • Agentless scanning delivered complete visibility across multiple cloud environments within 24 hours, eliminating deployment friction and achieving coverage across the full estate.

  • Federated security model with role-based access empowered 1,000 engineers to manage their own security postures while maintaining central oversight.

  • Deep integrations with ServiceNow enabled automated workflows and investigation capabilities, while AI-powered triage reduced false positives.

100% visibility icon

100% visibility

of cloud estate across three environments.

Zero critical issues icon

Zero critical issues

within 90 days.

24 hours icon

24 hours

from deployment to full estate scanning.

Securing the UK’s Social Safety Net at Scale

The Department of Work and Pensions (DWP) stands as one of the UK's most critical government agencies, serving approximately 22 million citizens through 800 offices across the country, including Jobcentres and distributing £285 billion in annual payments.

With around 8,000 people working across digital and transformation, DWP manages a substantial technical infrastructure: 1 billion lines of code, 85,000 container workloads, and 2.5 million cloud resources on any given day.

As digital teams drove an ambitious cloud transformation, moving 85% of applications to the cloud with plans to complete the journey by 2028, the scale of the security challenge grew accordingly. With approximately 1,000 engineers making 15,000 IT changes per year across three cloud platforms, John Keegan, Head of Digital Security, and his team needed to ensure the right security controls were in place to support that transformation, evolving away from a traditional centralised model to keep pace with the scale and speed of change.

"One of the biggest things we wanted to do was have a central team doing security, but it was very difficult to scale," Keegan explained. The team needed a fundamentally different approach, one that could provide comprehensive visibility without deployment friction while empowering engineering teams to take ownership of their security posture.

The Agentless Advantage

When evaluating solutions, DWP had clear requirements. Agent-based tools had proven problematic at scale, creating deployment friction and leaving coverage gaps across a complex, fast-moving estate. "The challenge we found was that you can't put an agent on everything. There's also quite a bit of friction in needing the application team to deploy it," said Keegan. 

Wiz stood out not just for its agentless scanning capability, but for its federated approach to security management. "The agentless scanning solution wasn't unique, but the federated approach that allowed us to manage this at scale with a thousand engineers was the differentiator," Keegan explained. The platform would allow role-based access, enabling individual engineering teams to manage their own configurations and vulnerabilities while maintaining central oversight.

With Wiz, we got value pretty much straight away within a 24-hour period.

John Keegan, Head of Digital Security, Department of Work and Pensions

The implementation delivered immediate impact. Within 24 hours of deployment, DWP achieved complete visibility across their entire multi-cloud estate. New resources are now scanned within 30 minutes of spinning up through CloudTrail log integration, ensuring continuous protection as the environment evolves.

From Centralised Security to Enablement Partners

The transformation extended well beyond technology. DWP deliberately structured their security centre of excellence as an enablement team rather than a compliance function, building 'secure by default' controls where the secure path became the natural path.

The results proved transformative. Approximately 1,000 engineers now regularly log into Wiz, not just for security but for general troubleshooting and operational visibility. The platform became embedded in day-to-day engineering practice rather than sitting apart from it.

"We've changed from a centralised security team telling teams to fix vulnerabilities into a collaboration approach," Keegan noted. "Wiz is seen as an enablement tool, and engineering teams are using it not just for security but also for troubleshooting IT problems." 

The platform's contextual capabilities proved essential in improving the accuracy of risk assessments. The system shows configuration state, vulnerability details, PII data presence, and internet exposure, allowing teams to prioritise based on actual risk rather than theoretical severity scores.

Results and Innovation

DWP achieved zero critical issues within 90 days of deployment. The team integrated Wiz into their existing infrastructure, feeding data into ServiceNow for workflow generation and Splunk for investigation capabilities. As their sophistication grew, DWP adopted advanced capabilities. Wiz Blue and Green AI Agents now triage alerts and identify activities, significantly reducing false positives. By automating initial triage, DWP's security team can focus human expertise where it matters most.

The shift to Kubernetes-based architecture led to implementing runtime protection sensors, moving from detection to prevention. "As more of our estate moved to Kubernetes-based architecture, we found it was much better to protect by default rather than detect something that's happened," Keegan explained.

Beyond the platform’s technical capabilities, there is a collaborative feedback loop with Wiz support & product teams. This ensures the platform’s evolution is directly informed by the practical requirements of DWP’s cloud estate. 

Looking forward, DWP continues expanding its security visibility, with new integrations extending visibility into SaaS platforms and CDN services. For one of the largest government estates that serves millions of citizens every day, visibility is essential.

パーソナライズされたデモを見る

実際に Wiz を見てみませんか?​

"私が今まで見た中で最高のユーザーエクスペリエンスは、クラウドワークロードを完全に可視化します。"
デビッド・エストリックCISO (最高情報責任者)
"Wiz を使えば、クラウド環境で何が起こっているかを 1 つの画面で確認することができます"
アダム・フレッチャーチーフ・セキュリティ・オフィサー
"Wizが何かを重要視した場合、それは実際に重要であることを私たちは知っています。"
グレッグ・ポニャトフスキ脅威および脆弱性管理責任者