Google’s $32bn (£24.6bn) acquisition of cloud native application protection platform (CNAPP) provider Wiz has been hailed as both the world’s most valuable cyber security acquisition to date, as well as a landmark deal for Google.
The all-cash transaction, announced earlier on Tuesday 18 March, will ultimately see Wiz folded into Google Cloud and is being described by Google as an investment to accelerate “two large and growing trends in the AI era” – the need to improve cloud security, and the growth of multicloud environments.
“From its earliest days, Google’s strong security focus has made us a leader in keeping people safe online. Today, businesses and governments that run in the cloud are looking for even stronger security solutions, and greater choice in cloud computing providers. Together, Google Cloud and Wiz will turbocharge improved cloud security and the ability to use multiple clouds,” said Google CEO Sundar Pichai.
Wiz CEO Assaf Rappaport, who co-founded the business after selling a previous venture to Microsoft in 2015, and cut his teeth in Israel’s world renowned cyber defence unit, added: “Wiz and Google Cloud are fully committed to continue supporting and protecting customers across all major clouds, helping keep them safe and secure wherever they operate.
“This is an exciting moment for our company, but an even more important one for customers and partners, as this acquisition will bolster our mission to improve security and prevent breaches by providing additional resources and deep AI expertise.”
At its heart, Wiz offers a security platform that can be plumbed into multiple clouds and code environments in order to analyse and detect potential cyber risks and vulnerabilities, and catch them before they snowball into full-blown incidents.
It claims to be used by over 50% of the Fortune 100 list of companies, and counts the likes of Asos, BMW, Experian, IHG Hotels and Resorts, LVMH, Morgan Stanley, Salesforce, and Siemens among its customers.
Together, the two firms say they hope to improve how security is designed, operated and automated in the AI era, help cyber teams scale, lower security costs, protect against new threats, and boost the adoption of multicloud security.
On this final point, both firms today made a point of saying Wiz’s products will continue to be made available across all major clouds, including AWS, Microsoft Azure, and Oracle Cloud.
Deal reaction
Dell’Oro Group analyst Mauricio Sanchez described the multibillion-dollar buy as one of the most significant cyber acquisitions in history, outweighing in its impact the likes of the 2021 purchase of Proofpoint for $12.3bn, and the 2019 purchase of Symantec for $10.7bn.
He additionally noted that Google’s last big security buy – Mandiant – only set it back a comparatively small $5.4bn.
“Understanding Google’s strategic rationale behind this deal requires recognising the surging growth of enterprise cloud investments, coupled with a notable lag in cloud security spending,” wrote Sanchez.
“According to our recent Cloud Workload Security Quarterly Report covering the CNAPP market, enterprise cloud spending skyrocketed from approximately $81bn in 2020 to an estimated $285bn in 2024, representing an impressive five-year compounded annual growth rate (CAGR) of 29%.
“However, security investments have not kept pace, presenting a significant opportunity for vendors like Wiz that provide comprehensive cloud-native security solutions,” he added.
However, he added that the significant purchase price did raise questions about market dynamics and valuations in security, noting that although Wiz has been seeing exceptional growth that may in part justify the hefty premium, there will inevitably be questions raised over whether or not Google might have paid too much.
The deal will almost certainly attract significant regulatory scrutiny and antitrust investigations, he added. However, said Sanchez, Google’s willingness to bet on the acquisition being approved reflected its recognition of the need to make some sort of play in CNAPP.
Forrester vice president and principal analyst Andras Cser agreed Google was likely motivated by this need.
“While Google Cloud Platform (GCP) has been investing in built-in CNAPP capabilities for their own platform’s native security with success, these tools have predominantly focused only on protecting GCP endpoints/assets. After Microsoft’s 2021 early acquisition of CloudKnox and development of Defender for Cloud, Google is feeling the pressure to offer a true, multicloud-capable CNAPP tool given that so many organisations are multi-cloud today,” he said
“Forrester expects that, post-acquisition, most current CNAPP capabilities in GCP (CSPM, CIEM, agentless CWP) will be replaced by Wiz’s offering and remain with multi-cloud support.”
Looking ahead, Cser forecast “immense” competitive pressure and consolidation across the CNAPP community.
“Fortinet, Palo Alto Networks, Sysdig, Rapid7, Trend Micro and other independent CNAPP suite providers now face fierce competition from cloud infrastructure providers to stay ahead in features,” he said. “This planned acquisition plus Microsoft’s continued investments in CNAPP and app security will make it harder for these vendors to maintain and realise their growth.”
Source link
