How Wiz and Domain built cloud security programs that can shift left

Matt Prestwick and Edwin Kwan, speaking at Cloud and Infrastructure Edge, shared how they aligned cloud security with business outcomes.

Matt, Principal Solution Engineer at Wiz, opened the session by explaining why cloud security must “shift left,” moving protection earlier into the development lifecycle.

He noted that traditional siloed tools often cause missed risks and inefficiencies.

Wiz addresses this challenge with unified visibility across code, infrastructure and runtime.

This empowers developers to build faster and more securely in complex hybrid and multi-cloud environments, which are now standard for most organisations.

ADAPT research shows 25% of organisations are already moving workloads from public to hybrid cloud.

This shift enhances cost control, compliance and efficiency, making secure architecture and interoperability more essential than ever.

Wiz enables teams to link code-level vulnerabilities with live infrastructure risks, which helps reduce alert fatigue and foster clearer collaboration between developers and security leaders.

Edwin, Head of Product Security at Domain Group, shared how Domain adopted Wiz to protect its multi-brand ecosystem of over 220 developers.

Operating across several cloud platforms, the company previously faced challenges with visibility, prioritisation and security ownership.

By embedding Wiz directly into tools like GitHub and Jira, Domain shifted security left into the sprint cycle rather than handling it post-release.

Developers quickly engaged once they saw how vulnerabilities could be exploited in real systems and understood the business impact behind each issue.

This aligns with ADAPT’s broader insight that skills gaps in DevOps, AI operations and security require more than training alone.

Organisations must blend intuitive tools with targeted external support to enable agile teams at scale.

To embed security deeper into its culture, Domain introduced a “security tribe” model to encourage cross-team knowledge sharing and leadership support.

A clear directive to allocate 20% of engineering time to security and platform upkeep helped normalise secure development practices.

Edwin emphasised the importance of tying security action to measurable business value.

Only 36% of leaders currently achieve this, according to ADAPT.

Domain is now going beyond “shifting left” and aiming to “start left,” embedding security into design decisions, such as hardened container images.

This reduces risk and cost while aligning security strategy with roadmaps, compliance and operational goals.

Key takeaways:

• Unified security tooling is critical in hybrid cloud. With 25% of organisations repatriating workloads, tools like Wiz consolidate protection across code, infrastructure and runtime, enabling safer and faster delivery.
• Shifting left requires clarity and integration. Domain’s success shows that developers engage with security when risks are visible, contextualised and embedded into platforms like Jira and GitHub.
• “Starting left” aligns security with business value. Domain’s proactive approach connects security design to outcomes like cost reduction, compliance and roadmap delivery, addressing the gap that most leaders still face.