Challenge
Managing security across a complex multi-cloud infrastructure made it challenging for Canva to scale confidently.
The lack of context or prioritization across fragmented security tools meant that Canva’s engineers spent significant time addressing issues rather than focusing on product innovation.
Canva needed to meet compliance standards like SOC-2 across multi-cloud environments to support enterprise-level growth.
Solution
Canva streamlined its security strategy with Wiz, achieving unified visibility and efficient risk mitigation to support its growth.
Canva consolidated security workflows with Wiz, empowering engineers to prioritize building new features.
Canva implemented Wiz to automate compliance processes and enable enterprise-grade security.
240 million
global users empowered to create securely
General cost savings
by unifying security workflows with Wiz
Accelerated enterprise-level growth
with built-in compliance features
Empowering the world to securely design anything
Canva empowers millions worldwide to design, unlocking creativity for professionals and beginners alike. From individual creators to large enterprises, Canva’s mission is clear: Make design accessible to everyone. But with its rapid expansion and growing user base of 240 million monthly active users, Canva faced a pressing question: How do you scale innovation securely?
Security is fundamental to Canva’s ability to deliver a trusted design platform. It ensures users can focus on creativity without worrying about vulnerabilities or risks. Yet, as Canva’s operations grew globally and its business pivoted toward enterprise clients, this growth introduced new complexities. Years of acquisitions meant internal teams were managing diverse technology stacks across multiple cloud platforms, with limited visibility into their unified security posture. Maintaining compliance, addressing vulnerabilities quickly, and supporting innovation had to coalesce into a single vision for security at scale.
Creativity at Canva is built on trust. Our job is to make the platform as secure as possible so that our customers feel safe while creating.
Callum Proctor, Head of Application Security, Canva
With a preference for a “build vs. buy” approach, Canva initially considered building an in-house solution for security features. However, given the vast and complex multi-cloud estate, the team realized it didn’t have the time, resources, or cloud security expertise to build a solution that could keep up with its rapid growth. This led Canva to seek a market solution that could provide the desired single pane of glass and visibility.
“Our security provider needed to be cloud agnostic, provide wraparound visibility, integrate quickly with our existing platforms, and support our compliance requirements like SOC 2,” says Callum Proctor, head of application security at Canva. “Wiz met all of our criteria, and we deployed the tools with basically a flip of a switch.”
A unified security strategy for modern cloud challenges
With a primary goal to achieve a unified view across all its technical platforms and cloud providers, Canva began its journey with Wiz. By establishing all-in-one visibility, the team would be able to efficiently identify risks, as well as prioritize and apply strategic approaches to mitigation and remediation. This would also allow developers to focus on fixing critical issues without being overwhelmed by an array of vulnerabilities and engineers to dedicate their time to core feature development.
The simplicity of Wiz’s setup removed key roadblocks in Canva’s security workflows. Previously, the security team dealt with redundant, disparate tools across cloud platforms. This fragmented tooling meant the team spent excessive time navigating different dashboards and trying to make sense of a lot of noise, which diverted effort from critical security work. With Wiz, the team completed onboarding within a week, moving from siloed tools to a single, unified platform.
Wiz is easy to install, it’s easy to set up, and it gives us insight into things we didn’t even know we needed. First impression was ‘wow’ - we were onboarded within one week and had visibility across multi-cloud in a single pane of glass
Callum Proctor, Head of Application Security, Canva
“Our goal is to reduce engineering toil. We don’t want engineers bogged down with patching minor vulnerabilities when they could be building amazing features for our customers,” Proctor says. “With Wiz, we can identify the vulnerabilities that pose the biggest risks and address those first.”
By consolidating security with Wiz, Canva has significantly improved its ability to operationalize vulnerability management for the cloud. And because of the context to prioritize security risks and triage threats that Wiz provides, engineers can now focus their remediation efforts where they are most valuable
Wiz's full SBOM capability has also been crucial for Canva's bug hunting efforts, enabling the team to quickly identify and fix zero-day bugs and their dependencies. The Wiz Security Graph also saves Canva significant time, as it allows the team to drill down on specific resources, find edge cases that would be difficult to uncover manually, and centralizes information that previously required logging into multiple cloud providers.
Automating compliance for enterprise-level growth
As Canva continues to grow, its strategy centers on expanding into enterprise markets, which requires a robust security framework to meet compliance demands and support innovation. Wiz plays a critical role in aligning Canva’s security posture with this vision, enabling the company to scale confidently while maintaining trust with users.
Achieving SOC-2 accreditation has been a milestone in Canva’s evolution—one that paved the way for enterprise partnerships. “Wiz has been a pillar in accelerating our compliance journey,” Proctor says. “It gave us the ability to meet compliance requirements and move into the enterprise space while staying ahead of cloud security risks.”
As we grow, we’ll stay focused on reducing engineering toil, fostering innovation, and prioritizing security. With Wiz, we have the tools and insights to make that happen.
Callum Proctor, Head of Application Security, Canva
Beyond compliance, Wiz empowers Canva to innovate securely. As Canva integrates AI into its platform, the company benefits from real-time visibility into the dependencies that new technologies create. This allows the security team to track and mitigate AI risks seamlessly, even in a quickly evolving environment.
“Our growth in areas like AI introduces new security challenges,” Proctor explains. “Wiz keeps us up to speed by providing visibility into these emerging risks. We can act quickly, ensuring our platform remains secure without slowing down innovation.”
Saving costs by unifying multi-cloud security
With Wiz fortifying its security framework with 360-degree visibility, Canva can now work more effectively. When new threats emerge, Canva can immediately identify their location and direct the appropriate effort for security and engineering staff to resolve them. By providing continuous visibility across their multi-cloud estate, Wiz helps Canva maintain a strong security posture amidst continued growth and increased cloud risks, particularly when introducing new technologies to the platform.
Canva has also democratized security internally, with over 100 people organically logging into Wiz on their own, including compliance and data analytics teams. This broader adoption allows more employees to contribute to improving the overall security posture.
Unifying disparate security tools into one platform has also helped Canva reduce its tech debt, reduce the time to remediate, and decreased cloud spend.
By adapting to Canva’s needs and keeping pace with its trajectory, Wiz has become pivotal to Canva’s success. As Proctor says, “Wiz is a great partner because, like Canva, they thrive on pushing boundaries and delivering innovative solutions.”
