Synthesia maintains complex AI compliance standards with improved security visibility

To meet several layers of regulatory, contractual, ethical, and business security requirements, Synthesia used Wiz to expand security visibility and tooling across multiple teams.

Synthesia

산업

기술

부위

글로벌

위즈 제품

Wiz Cloud

사용 사례

CSPMCompliance

클라우드 플랫폼

AWS
GCP
Kubernetes
Azure
시작할 준비가 되셨나요?
데모 신청하기

Challenge

  • Security, trust, and transparency are the cornerstones of Synthesia’s overall business strategy, but the team needed more contextualized alerts to better understand potential risks to its tech stack. 

  • A large number of alerts overwhelmed the security team, and it was impossible to know which of the alerts to focus on first. 

  • Synthesia wanted to empower engineers and other technical employees to own and remediate potential issues to free the security team from managing patching tasks. 

Solution

  • With more accurate, contextualized security alerts, Synthesia is able to make better-informed decisions about potential vulnerabilities and maintain its high compliance standards. 

  • Synthesia’s security team uses Wiz’s built-in prioritization to determine the biggest risks and how to spend time remediating potential vulnerabilities.   

  • By granting other teams access to Wiz, Synthesia can give technology owners direct visibility of risks and the tools they need to patch their own vulnerabilities.  

Building a commitment to compliance into a cloud security program 

Generative AI is now trending, but video generation platform Synthesia has been at the forefront of this technology since 2017. The company has more than 50 leading AI researchers dedicated to pushing the limits of artificial intelligence. Their goal? To give everybody the ability to create impactful video presentations with generated avatars and audio directly in their browser.  

Pushing those limits safely, however, is vital to Synthesia’s growth. “Security, trust, and transparency are cornerstones of our company. We invest a tremendous amount of effort into our moderation functions to prevent our AI technology from being misused,” said Martin Tschammer, Head of Security at Synthesia.  

In addition to this ethical compliance commitment, the company has contractual and regulatory standards to which it adheres. To best meet them and protect the business from cyber threats, Synthesia needed to prioritize its cloud security strategy. 

I’m not an engineer or researcher, so I don’t always know the context behind any given running machine, container or process. With Wiz, it’s easy to share cloud security issues with the relevant teams to address.

Martin Tschammer, Head of Security, Synthesia

Effectively protecting its cloud environment with its existing security solution was challenging. Synthesia’s security team was overwhelmed by a large number of alerts, so they were forced to pick and choose which issues to address. The team wanted to build an operational framework to empower technology owners directly impacted by those issues to remediate them, but sharing information without context made it impossible. “Our previous security solution attempted to contextualize alerts, but the information provided was unclear,” said Tschammer. “Without that, we weren’t able to prioritize remediation.”  

As the company worked to build its strategy and achieve SOC 2 certification, a potentially critical security issue arose. Synthesia needed a cloud security partner that could support them immediately and in the long term. “We knew we needed clearer insight into our security posture, but at that time, we also needed insight right away,” said Tschammer. That’s when the company found Wiz.  

Rapidly deploying a scalable security solution 

Synthesia deployed Wiz and gained immediate visibility into its overall security posture in a dashboard that displayed and prioritized issues that needed urgent attention. “Wiz was amazing. It was like flipping on a switch,” Tschammer said. “We saw results immediately, and we were able to achieve crucial security wins on day one.”  

To democratize access to critical security information, Synthesia shared access to Wiz with its engineering and technical personnel. This increased visibility aligns closely with Synthesia’s broader commitment to transparency, and the company has continued to find more ways to share information, including sending security alerts to Slack channels. “We have automations set up so that if Wiz recognizes a medium- or high-level risk, relevant team members are messaged and can take action autonomously,” said Tschammer. 

As much as possible, I want to avoid the security team being a bottle-neck. With Wiz, we can enable our engineers and development teams to confidently resolve issues on their own.

Martin Tschammer, Head of Security, Synthesia

With the Wiz dashboard, the security team can more easily share risk information with other people at the company, and even more importantly, that information is contextualized. Being able to identify where vulnerabilities are located in the company’s cloud environment, and which stakeholders are responsible for them, empowers Synthesia’s engineers to manage and patch issues.  

“Giving stakeholders agency to investigate, prioritize, and resolve issues is powerful, because we can focus our attention elsewhere,” Tschammer added. “The Wiz Security graph has such a powerful interface. It’s easy to share queries and point exactly to where a vulnerability is located in our environment, and we can build automation on top of that. I don’t know how I could do anything like this with any other tool.” The security team can instead put effort toward protecting other areas of the business and its cloud infrastructure, including endpoints and identity. 

Scaling a hypergrowth company with shareable security insights 

Synthesia continues to scale its use of Wiz to support its rapid growth. With live updates and insights in its Wiz Dashboard, the security team can now more easily report on the company’s security posture to the rest of Synthesia. Automated reports are sent out quarterly, providing updates to stakeholders. “Between actionable alerts and automations, we’ve saved hundreds of hours of work with Wiz,” Tschammer said.  

Meanwhile, at a higher level, Wiz also supports Synthesia’s strict AI compliance standards. Built-in compliance frameworks make it easy for the team to keep pace with evolving regulations.  

Wiz is essential for operating a hypergrowth company. If you want to scale and reduce risk simultaneously, you need something like Wiz. There’s nothing of comparable quality on the market right now.

Martin Tschammer, Head of Security, Synthesia

The team also continues to explore new Wiz features to accelerate a secure growth trajectory. “More and more, we’re finding new ways we can use Wiz. As the business scales and our security challenges become more complex, the impact of having a vendor that supports our growing needs becomes more evident,” Tschammer said. “Sometimes it feels like we’re trying to keep up with Wiz’s development pace rather than the other way around, and that’s really reassuring.”  

맞춤형 데모 받기

맞춤형 데모 신청하기

"내가 본 최고의 사용자 경험은 클라우드 워크로드에 대한 완전한 가시성을 제공합니다."
데이비드 에슬릭최고정보책임자(CISO)
"Wiz는 클라우드 환경에서 무슨 일이 일어나고 있는지 볼 수 있는 단일 창을 제공합니다."
아담 플레처최고 보안 책임자(CSO)
"우리는 Wiz가 무언가를 중요한 것으로 식별하면 실제로 중요하다는 것을 알고 있습니다."
그렉 포니아토프스키위협 및 취약성 관리 책임자