Wiz and ControlMonkey integration: what it means for cloud IAM

TL;DR: Cloud security teams often find risks faster than they can fix them, and the Wiz plus ControlMonkey integration aims to connect risk detection with governed infrastructure changes across Terraform, OpenTofu, Terragrunt, unmanaged resources, and drifted assets. The real issue is not visibility alone but turning findings into controlled remediation without creating manual blind spots.

NHIMG editorial — what this means for NHI practitioners

Questions worth separating out

Q: How should teams connect cloud security findings to IaC remediation workflows?

A: Teams should route findings into the same change workflow that manages infrastructure updates, then use policy to decide whether the change is allowed, modified, remediated, or blocked.

Q: Why do unmanaged and drifted resources create so much cloud governance risk?

A: Unmanaged and drifted resources sit outside the declared infrastructure lifecycle, so the security team may see them but not control them through the normal change process.

Q: What breaks when security findings stay separate from infrastructure automation?

A: What breaks is the ability to act consistently.

Practitioner guidance

• Map remediation authority to the infrastructure workflow Define which change paths can consume security findings, then require policy checks before Terraform, OpenTofu, Terragrunt, or API-driven changes are applied.
• Classify unmanaged and drifted resources as governance exceptions Build a process to identify assets that are not represented in code and assign ownership, review, and remediation steps before they remain outside lifecycle control.
• Separate allow, modify, remediate, and block decisions Predefine which categories of findings can be fixed automatically, which require human approval, and which should stop the change entirely to avoid unsafe repairs.

What's in the full announcement

ControlMonkey's full post covers the operational detail this post intentionally leaves for the source:

• The exact flow for mapping Wiz findings to Terraform, OpenTofu, Terragrunt, and unmanaged cloud assets.
• The allow, require approval, modify, remediate, and block decision path used inside the automation layer.
• The workflow context for handling drifted resources and live cloud state during remediation.
• The implementation detail behind turning security findings into governed infrastructure actions.

👉 Read ControlMonkey's analysis of governed remediation for Wiz cloud findings →

Wiz and ControlMonkey integration: what it means for cloud IAM?

Explore further

View Full Forum →  |  NHI Foundation Course →