How Bazaarvoice Scales Public Cloud Security Best Practices

Jackson Lucas
Cloud Tech Journalist
Published:
Oct. 4, 2019
3 minute read

Bazaarvoice collects, stores, and manages consumer-generated content for some of the largest retailers in the world. As Bazaarvoice’s customer base continued to grow, so did their cloud footprint. In order to continue innovating (as well as attract and retain top talent), Bazaarvoice empowered their development teams with high levels of autonomy. While this provided developers with the agility they loved, the growing list of teams—and cloud accounts—meant security over Bazaarvoice’s cloud environment became difficult to maintain over time.  

Read the full Bazaarvoice case study here

In order to regain control over their cloud environment, Anji Greene, Director of Security at Bazaarvoice, focused on seamlessly integrating security best practices into the organization's developer-first culture. To do this, Greene started by educating internal teams on how they could improve operational efficiency that both maintained speed, and allowed for the deployment of secure applications at the same time.  

One of the many ways VMware Secure State has helped Greene integrate security practices into her development teams was by providing team owners with insights about potential or active security risks to cloud infrastructure they were responsible for. VMware Secure State can notify each team owner of relevant violations so they can quickly correct vulnerabilities before they become a problem.

From an education perspective [VMware Secure State’s rules] made it very obvious that I needed to be thinking about certain things. Like RDS, I hadn’t even started thinking about best practices around permissions, patching, etc. VMware Secure State gave us a set of rules to get started within RDS.

Anji Greene, Director of Security, Bazaarvoice

To help the teams adjust to new process changes without overwhelming them, Greene utilized VMware Secure State’s service-specific micro-audits, which allowed her to roll-out a single-service at a time. Greene started with security best practices around S3, and once the team was comfortable with the new processes, they moved onto IAM. 

VMware Secure State helped Bazaarvoice realize that maintaining proper security doesn’t have to slow down developers—and by creating a culture of accountability the entire organization ends up benefiting.
 

To learn more about Bazaarvoice’s security journey, including how they leveraged VMware Secure State’s out-of-the-box ruleset, read the full case study!