Genesys Leverages CrowdStrike to Strengthen Cloud Security
Genesys delivers AI-powered customer experience software that underpins business-critical interactions for organizations around the world. Securing production environments is central to both customer trust and business continuity.
“Security is a critical component of our engineering mindset,” explained David Morton, Manager of Security Operations at Genesys. “Partnering with CrowdStrike helps us strengthen that foundation while continuing to operate at scale.”
To support this approach, Genesys leverages CrowdStrike Falcon® Cloud Security to protect its customer-facing production environments. By combining proactive cloud posture management with real-time runtime protection, Genesys has built a cloud security program designed to scale alongside its platform and its customers.
A Cloud-First Security Strategy
Genesys has embraced a cloud-first approach to delivering and operating its customer platforms, aligning security practices with the scale and complexity of modern cloud environments. Morton’s team is responsible for securing production environments, which allows them to focus security efforts where the impact to customers is the greatest.
This production-first model shapes how Genesys evaluates risk, deploys controls, and measures success. Because these environments directly support customer operations, Genesys prioritizes strong visibility and protection across its cloud environments.
“Our commitment to protecting production workloads is how we protect our customers,” Morton said. “That’s where our team’s responsibility has the greatest impact.”
Embedding Cloud Security Early
Operating a large-scale, microservices-based platform requires security controls that can keep pace with continuous development and deployment. Genesys has embedded cloud security directly into its build and deployment processes, using Falcon Cloud Security to shift security left without introducing friction for engineering teams.
Every code change is evaluated through automated security scans before deployment. This approach enables the Genesys Cloud™ security team to identify cloud misconfigurations and access risks early enabling faster validation and remediation earlier in the development lifecycle. Because the company’s lower environments closely mirror production, findings can be validated quickly and addressed before services go live. This alignment increases confidence that issues identified in test environments will accurately reflect production conditions. Importantly, it also allows the organization to maintain consistent security standards across its AWS environments without slowing innovation.
“Security can’t be something you bolt on later,” Morton said. “It has to be part of how you build and deploy in the cloud from the start.”
Real-Time Cloud Runtime Protection and Faster Investigation
Falcon Cloud Security gives Genesys proactive visibility into cloud configuration and risk, but protecting production environments also requires understanding what activity happens at runtime. To address both needs, Genesys leverages the unified CrowdStrike Falcon® platform, which combines cloud security posture management (CSPM) with real-time detection and response.
Genesys uses sensor-based runtime protection delivered through the Falcon platform to secure cloud instances, extending Falcon Cloud Security beyond posture management into real-time protection for production workloads. The Falcon platform provides continuous visibility into activity occurring inside running workloads, enabling the security team to detect unauthorized or suspicious activity within running workloads as they happen.
“The speed of response that CrowdStrike enables really matters to us,” Morton said. “Whenever a malicious command is run, CrowdStrike sees it first.”
When investigating live activity in production, the security team can see how active behavior in production intersects with existing cloud risks. This helps them quickly determine which issues are contributing to active behavior and require immediate action.
Accelerating Investigation with Expert Insight
To support investigation and response, Genesys uses CrowdStrike Falcon® Adversary OverWatch, CrowdStrike’s 24/7 managed threat hunting service, to enrich alerts with expert context and real-world adversary intelligence. This additional insight helps validate detections and provide confidence when activity is identified in production.
When Genesys requires deeper investigations, visualizations of attack activity within the Falcon platform show how events are connected across cloud workloads, identities, and services. This visibility enables faster scoping and root-cause analysis, which helps the team determine what happened, how far activity progressed, and what actions are required to remediate the issue.
As a result, Genesys has significantly reduced the time required to investigate CSPM-related issues, compared to its previous tool — providing analysts with direct, actionable insights. Tasks that previously required searching can now be completed directly within the Falcon platform, allowing teams to quickly locate roles, understand context, and take action.
Unified Cloud and ASPM Drives Risk Reduction
As Genesys continues to scale its environments, understanding which risks need to be prioritized has become just as important as identifying them. Treating every issue with the same urgency can slow teams down and obscure what’s most important.
Falcon Cloud Security helps Genesys prioritize cloud risk across multiple attack surfaces, including cloud configurations, identities, applications, and APIs. Through infrastructure-as-code scanning and CSPM, the security team gains visibility into cloud misconfigurations and policy gaps early in the development lifecycle. This allows them to address issues before they reach production and continuously monitor risk once workloads are deployed. Context from runtime activity and asset criticality further helps the team determine which issues warrant immediate attention.
More recently, Genesys expanded this approach by adding application security posture management (ASPM) following a successful proof of value. ASPM extends Falcon Cloud Security’s risk prioritization into the application layer to provide deeper insight into how vulnerabilities, APIs, and application dependencies intersect with running cloud applications and active workloads. This approach supports the Genesys shift-left strategy by helping teams identify and address issues earlier in the lifecycle.
“When you’re operating at scale, context is everything. It’s not just about seeing issues, it’s about understanding which ones are most urgent and why,” Morton explained.
Together, CSPM and ASPM allow Genesys to apply a consistent, risk-based prioritization model across the cloud stack. By correlating configuration issues, application-level vulnerabilities and API exposures, and runtime context within the Falcon platform, the security team can narrow large volumes of findings down to a focused, actionable set of application risks.
This unified approach enables Genesys to focus remediation efforts where they have the greatest impact on application security, while maintaining strong security standards as cloud environments and applications continue to evolve.
A Trusted Cloud Security Partner for Long-Term Growth
The Genesys approach to cloud security reflects a clear philosophy: protect what matters most, build security into how the cloud operates, and scale controls alongside the platform. By standardizing on Falcon Cloud Security and extending protection into runtime through the Falcon platform, the security team has established a consistent model for securing customer-facing production environments.
“Our goal is to enable the business to move forward securely,” Morton concluded. “With CrowdStrike, we have the visibility and context we need in the cloud to protect our production environments and support our customers as we continue to grow.”