Ambience is an AI platform for health systems that improves clinical workflows, revenue cycle operations, and patient engagement. Since its inception in 2020, Ambience has raised over $300 million from prominent investors (including a16z and OpenAI Startup Fund) and serves some of the largest medical centers across the United States.
Ambience knew from the start that nailing its corporate IT and security functions — from endpoint protection to compliance readiness and vendor security reviews — was essential to earning the trust of some of the world’s leading medical institutions. Operating in a highly regulated industry meant these responsibilities could not be left to chance.
By 2022, Ambience faced a key decision: either build an internal security function from the ground up — a slow, expensive process — or find a way to compete immediately with trusted protections in place. Outsourcing entirely wasn’t an option either, since the company wanted to retain visibility and control over critical systems.
Zip offered a third path. Unlike traditional service providers, Zip delivers a SaaS platform that combines best-in-class tooling while removing the operational burden of managing that tooling and using it effectively. The result is a true co-management model — Ambience keeps direct access to best-in-class solutions like CrowdStrike and Okta, while Zip orchestrates automation, continuous monitoring, and strategic guidance to extend coverage without additional headcount and while ensuring the business stayed protected and compliant.
This balance allowed Brendan Fortuner, Head of Engineering, to build his security function around Zip. By letting Zip handle the day-to-day blocking and tackling, his lean team could dedicate its time to higher-order priorities, such as securing production infrastructure and enabling the company’s growth.
After exploring other vendors that couldn’t deliver this balance, Brendan engaged with Zip’s security consultants and, in just 30 minutes, immediately saw that the platform aligned with what Ambience needed to scale securely without compromise.
“We needed to bring in strong security expertise and automation to bolster a lean, yet agile team. Zip delivered on both of those fronts, and they've been an invaluable partner since day one.”
Ambience partnered with Zip to scale its security posture quickly and confidently — enabling the company to stay competitive without waiting on lengthy hiring cycles. Unlike vendors that spend weeks in assessments and planning sessions, Zip focused on execution, allowing Ambience to deploy critical IT security and compliance controls in days, not weeks. This accelerated rollout built early confidence and set a strong foundation for the partnership.
From there, Ambience adopted a co-managed model using Zip’s platform. Zip automated essential functions like configuration, monitoring, and remediation while Ambience retained full visibility into its IT environment — spanning devices, identities, and access controls. When alerts arise that require human attention, Ambience leverages Zip’s MDR capabilities, integrated through the platform with opinionated security solutions like CrowdStrike. Each incident is triaged, contained before it can escalate, and documented with a clear narrative, activity timeline, and recommended next steps such as device isolation or wipe if further action is warranted. This balance gives Ambience the best of both worlds: automation and managed expertise, without losing ownership of its environment.
Beyond detection and response, Zip acted as a trusted advisor. The team guided build-versus-buy decisions, such as selecting a centralized logging and audit solution, and connected Ambience with outside experts to expand the company’s knowledge network. Integrated into Ambience’s daily operations via Slack channels and direct phone access to Zip’s security consultants, Brendan’s team treated Zip as an extension of their own — gaining the kind of hands-on support that would otherwise require multiple full-time hires.
This partnership also transformed compliance. With Zip’s centralized workflows and one-click compliance features, Ambience could deploy solutions aligned with SOC 2 Type II and HIPAA requirements in minutes instead of days. By automating evidence collection and giving Ambience continuous visibility into its security posture, Zip made it far easier to demonstrate adherence to the standards demanded by top health system partners.
“Zip is much more than a vendor — they are a true partner and advisor that continues to help shape our security posture."
Three years into the partnership — and now at more than 150 employees — Ambience has built a robust security posture while keeping its core security team lean. The longevity of the relationship itself is a strong signal of Ambience’s satisfaction and trust in Zip.
The results since the partnership began?
Looking ahead, Brendan is eager to continue working with Zip for co-managed security and ongoing strategic guidance as new risks emerge and the company expands.
“Zip’s strategic advice helps us take the right steps and stay lean as we move into uncharted territory. Having that kind of partner at your side is incredibly important for any scaling company.”
