Where Trust meets Cloud Security

Wiz Security Trust Center

Elevate your magical cloud security game with confidence! Come and explore the Vault of Digital Safety and Trust for your data where you will find our transparent security measures, policies, documentation and much more!

Wiz is proud to announce its ISO 27001, ISO 27017, ISO 27018, and ISO 27701 recertification. To request these documents, please visit our Compliance Command Center Below!

Wiz is excited to announce our most recent SOC reports, demonstrating our significant commitment to security, availability, confidentiality, and privacy. Our SOC 2 Type II + HIPAA report and our SOC 3 report are available in the Compliance Command Center below.

Wiz has published our latest Payment Card Industry Data Security Standard Self-Assessment Questionnaire (PCI DSS SAQ-D for Service Providers) in our Compliance Command Center. Check it out below!

Security with a splash of Magic

  • Strong Authentication and Authorization

    Strong Authentication and Authorization

    Wiz enforces the use of a Single Sign On (SSO) platform and phishing-resistant FIDO2 Multi Factor Authentication (MFA) for employee access to Wiz systems. Wiz utilizes IAM roles and short-lived tokens for access to cloud environments. Access to development and production environments is further restricted through the use of a Just in Time administration process to minimize standing privileges, device posture checks, and the use of a zero-trust network access solution.

  • Cloud Security Architecture

    Cloud Security Architecture

    The Wiz production environment runs as immutable infrastructure and is strictly managed through infrastructure-as-code. Automated mechanisms built into the SDLC process and Wiz’s CI/CD pipeline ensure that configuration changes are strictly controlled, undergo security checks, and subject to audit and approval. Unauthorized changes to production are automatically detected and escalated to security and operations teams. Wiz utilizes cloud-native network security mechanisms, in conjunction with its authentication and authorization controls, to restrict remote access to cloud infrastructure, enforce a secure perimeter, and segregate internal environments.

  • Wiz4Wiz

    Wiz4Wiz

    Wiz uses an internal deployment of its own product (”Wiz4Wiz”) to continuously monitor and protect its cloud environments. Security and engineering teams collaborate on the Wiz platform to identify, prioritize, and fix vulnerabilities, to enforce and validate preventative controls, and to detect and respond to potential threats. Wiz applies industry best-practice frameworks, as well as guidance from Wiz’s own internal research teams, to harden and assess its cloud environments on an ongoing basis.

  • Secure Development Lifecycle

    Secure Development Lifecycle

    Wiz ensures the security and integrity of its infrastructure and product code throughout the SDLC. These mechanisms include automated secret scanning, static and dynamic security testing, container image vulnerability scanning using WizCLI, mandatory peer review for code changes, and additional security features within Wiz’s source control and CI/CD platforms. Wiz’s security team partners with engineering to perform threat modeling, security design reviews, and security implementation reviews of emerging product features and changes to development and production infrastructure.

  • Security Awareness

    Security Awareness

    Wiz’s awareness programs include recurring training focused on information security and data privacy, ongoing guidance on emerging threats, and team-specific guidelines and procedures to ensure employees can adopt secure practices in their daily work. By fostering a culture of security awareness, Wiz can significantly reduce the risk of human error leading to data breaches or security incidents. This proactive approach not only protects customer data but also enhances Wiz's reputation, builds customer trust, and ensures regulatory compliance, ultimately contributing to its long-term success.

  • Logging, Detection, and Response

    Logging, Detection, and Response

    Wiz employs a Security Information Event Management system that ingests security telemetry from corporate, development, and production cloud environments. Incoming data is processed through a detection pipeline and retained in a security data lake. Detections and alerts are routed to on-call engineers via ticket, messaging, and paging systems. Wiz’s security team operates globally to quickly triage, investigate, and remediate events.

  • Endpoint Security

    Endpoint Security

    Wiz workstations run endpoint detection and response software that provides malware and attack prevention, detection, activity logging, containment, and investigative capabilities. Wiz additionally deploys Data Loss Prevention software to protect and manage the flow of sensitive information within Wiz systems. Patching and security configuration management are addressed via Mobile Device Management and Mobile Application Management solutions.

  • Risk Management

    Risk Management

    Wiz’s risk management process is integrated with business and technical functions across the company, helping teams identify opportunities to improve security and privacy, and to mitigate threats. Doing so enables Wiz to protect critical assets and uphold its customer, regulatory, and legal commitments. Effective risk management also enables Wiz to adapt and evolve in the ever-changing landscape of cyber threats, ensuring long-term success in providing robust security solutions.

  • Supplier Risk Management

    Supplier Risk Management

    Ensuring the security and reliability of supplier products and services is vital to maintain the integrity of Wiz’s offerings and protecting customer data. A robust supplier risk management program helps mitigate potential breaches, ensures regulatory compliance, and preserves customer trust, making it an essential component of Wiz's overall security strategy.

  • Audits and Compliance

    Audits and Compliance

    Wiz maintains a comprehensive audits and compliance program to uphold industry standards, regulatory requirements, and data protection laws worldwide. Such programs ensure Wiz's operations meet or exceed established guidelines and best practices and help identify and rectify potential vulnerabilities. Wiz engages in third-party oversight of its organization-wide security and privacy programs, as well as recurring technical assessments, such as penetration testing and red teaming, of its products and infrastructure.

  • Encryption and Key Management

    Encryption and Key Management

    Wiz uses cloud-native key solutions such as AWS KMS for secure key storage and management. Automated controls ensure that keys are not stored or transferred via insecure or unapproved methods.

Trusted by more than 45% of Fortune 100 companies

Salesforce logo
Bridgewater Associates logo
Morgan Stanley logo
ASOS logo
Siemens logo
Chipotle logo
Fox logo
Takeda logo
Colgate-Palmolive logo
Wolt logo
IHG logo
Snowflake logo
Mars logo
LVMH logo
BMW logo
Otto logo
Priceline logo
DocuSign logo
Slack logo
Experian logo

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management