AWS Partner Network (APN) Blog

Improving Overall Security Posture with Wiz Secured AWS landing zone

Wiz Logo
Wiz
connect with wiz

By Anthony Smith, Sr. Partner Solutions Architect – AWS
By Jason McCoy, Sr. Partner Solutions Architect – Wiz
By Scott Sumner, Director Strategic Partners – Wiz
By Mason Yan, Cloud Security Engineer – Wiz

Organizations struggle to maintain security as they migrate to the cloud. Security teams often implement protective measures too late in cloud projects, causing delays in digital transformation. This reactive approach creates risks and slows innovation. A proactive security strategy, implemented from day one, can help organizations accelerate their cloud journey safely.

Securing cloud workloads requires a modern approach that addresses multiple risk vectors, including misconfigurations, exposed secrets, and identity-based vulnerabilities. Security teams need comprehensive visibility across their entire cloud environment to identify and remediate risks effectively while maintaining the agility needed for innovation. This blog explores how to deploy Wiz in an Amazon Web Services (AWS) environment to address these challenges.

Security Risks in Cloud Workloads

Deploying workloads in the cloud can introduce risks, including misconfigurations, vulnerabilities, exposed secrets, and malware. While AWS offers controls to mitigate cloud infrastructure misconfigurations, security teams may still need additional guidance in maintaining a secure cloud environment.

Traditionally, security is managed by teams without deep expertise in cloud infrastructure, while cloud and application teams often lack strong security knowledge. This lack of collaboration between security team and cloud team can slow down cloud adoption, as security teams may become bottlenecks in development processes.

AWS landing zones

An AWS landing zone provides a secure, scalable, and well-architected multi-account environment. Figure 1 shows how AWS Control Tower can be used to create the landing zone, it establishes best practices for multi-account setups, with centralized identity management and pre-configured governance rules to maintain compliance and security.

Landing Zone provisioned by AWS Control TowerFigure 1: Landing Zone provisioned by AWS Control Tower

Proactively identify, prioritize, remediate, and prevent risks

Wiz offers a modern approach to cloud security, managing security at the workload level and bridging the gap between development and security teams. It empowers organizations to innovate confidently in a secure cloud environment. When combined with AWS tools, Wiz provides security teams with a unified solution for cloud security. Its agentless, full-stack coverage delivers unconditional visibility across workloads, data stores, accounts, and infrastructure in minutes, enabling security teams to detect and prioritize critical risks.

Figure 2 shows how Wiz continuously scans cloud environments to detect critical security risks such as misconfigurations, exposed secrets, and vulnerabilities. The Security Graph, powered by AWS Neptune, helps teams identify and prioritize the most pressing issues. This graph-based approach simplifies threat detection by revealing potential attack paths across the cloud infrastructure. Security teams can quickly identify and address vulnerabilities through targeted queries of their environment.

Wiz Security Graph uncovers most critical attack pathsFigure 2: Wiz Security Graph uncovers most critical attack paths

The new cloud security model democratizes security by embedding it into the responsibilities of all teams, not just security experts. This provides security teams with continuous visibility, while cloud and application teams receive alerts with actionable context, making security everyone’s responsibility.

Figure 3 shows how Wiz facilitate this approach by providing an accurate list of prioritized risk with easy-to-understand graph context and guided remediation guidance to relevant teams. This ensures that cloud resources are secured without overwhelming non-security professionals.

Wiz empower teams to remove cloud security risk in their own workflows.

Figure 3: Wiz empower teams to remove cloud security risk in their own workflows

Wiz secured AWS landing zone

Wiz delivers comprehensive cloud security through its agentless platform, enabling rapid threat response and compliance management. The unified platform streamlines security operations while providing deep visibility across cloud environments. From day one, teams can leverage AWS guardrails and Wiz’s cloud-native protection controls for enhanced security. Each application team receives a dedicated Wiz project, balancing autonomy with centralized security oversight.

Wiz secured AWS landing zone facilitates the onboarding of AWS accounts at the organizational level, creating a dedicated Wiz project for each cloud workload account and assigning appropriate access via Security Assertion Markup Language (SAML) integration. With built-in Cloud-Native Application Protection Platform (CNAPP) capabilities, it empowers application teams to manage their cloud security from day one.

Deloitte’s CCMS powered by Wiz

Cyber Cloud Managed Service (CCMS) is a core component of ConvergeSECURITY, which is a powerful blend of Deloitte’s security and compliance services with AWS cloud security services. As part of ConvergeSECURITY, CCMS helps clients manage the overall cybersecurity posture of their organization through its manage, detect, respond, and recover capabilities.

CCMS solution initiates with the automated deployment of broad security capabilities on the AWS cloud. This includes:

  • Industry-aligned controls: Aligned with latest industry standards
  • Cyber Predictive Analytics: Leveraging advanced analytics to foresee and mitigate potential threats
  • Defined Auto-Remediations: Implementing automated responses to identified security issues
  • Efficient Workflows: Streamlining processes for optimal security management

Figure 4 shows how the CCMS platform integrates with Wiz to automate AWS landing zone deployment and Wiz onboarding, enhancing the security posture across the organization.

CCMS powered by Wiz – Security Assurance workflow

Figure 4: CCMS powered by Wiz – Security Assurance workflow

Key steps in this workflow include automating AWS landing zone deployment and native security tool onboarding, onboarding AWS organizations to Wiz, and creating Wiz projects for each team with access management via SAML integration.

“By leveraging asset correlation, modular API integration, customer-centric design, and shift-left remediation, Wiz enables client and provider practitioners to contribute meaningfully to cloud hygiene. The product reduces cognitive load, enhances collaboration, and provides an intuitive, scalable solution that aligns with the real-world needs of modern cloud environments.

With these enhancements, we can offer a broad, flexible, and efficient cloud security management platform tailored to our clients’ organizational structures, making securing cloud environments more efficient and effective for practitioners” – Aaron Brown, Partner at Deloitte & Touche LLP.

Wiz’s Security Graph assists non-security practitioners to manage risks directly and proactively remove attack paths. Only unresolved alerts are escalated to the security team, who then handle remediation tasks as needed.

Conclusion

The integration of Wiz-secured AWS landing zone with Deloitte’s CCMS provides immediate security benefits for organizations moving to the cloud. Organizations can achieve rapid deployment through agentless architecture, with security insights available within hours. The solution enables automated security operations that reduce manual intervention while optimizing costs through streamlined security processes. Built for scalability, the platform evolves with AWS capabilities to meet future security needs.

To get started, organizations can review their cloud security requirements, contact Wiz through AWS Marketplace, and schedule a consultation with Deloitte’s CCMS team. For additional details, you can read Deloitte’s Cyber Cloud Managed Services (CCMS) – Enhancing Cybersecurity with AWS and Wiz blog.

connect with wiz banner

Wiz – AWS Partner Spotlight

Wiz is an AWS Advanced Technology Partner and AWS Competency Partner that performs a deep assessment of your entire cloud and then correlates a vast number of security signals to trace the real infiltration vectors that attackers can use to break in. Wiz also gives you the tools to bring your DevOps and development teams into the process to fix these risks, creating a culture of security in your cloud operations that results in a stronger, more secure cloud.
Contact Wiz | Partner Overview | AWS Marketplace