Google's attempt to acquire Wiz: Implications for the industry and clients

Summary

Amid the summer ? and all the Crowdstrike / Microsoft incident news ??, a major cloud news has almost gone under the radar:? Google (Alphabet) attempted a $23 Billion deal for the cybersecurity startup Wiz. However, as of today, Wiz declined the offer, the company said they would now focus on an initial public offering (IPO).

This deal would have been the largest acquisition ever by Google but also one of the largest in the security industry. To put it into perspective, Symantec's acquisition by Broadcom in 2019 was $10.7 Billion.

• This acquisition was an opportunity for Google to boost its Cloud Platform (GCP) offering and close the market share gap with Azure and AWS. This is unlikely to be the end of the story.
• For the Wiz's customer base, this acquisition rumor is likely to have raised a lot of questions about the continued multi-cloud support and the solution's independence. The communication from Wiz about an IPO should have provided some answers for now.
• This is one more illustration of the cloud and security market consolidation acceleration. CIOs and CISOs will need to consider the right long term balance for their organisation between integration and independence. Should their cloud security assurance capability be an independent component?

Wiz is a player in the 'CNAPP' market ... what does this weird acronym mean?

CNAPP stands for Cloud Native Application Protection Platform, a new security market category defined by Gartner in 2022: “A unified and tightly integrated set of security and compliance capabilities designed to secure and protect cloud-native applications across development and production”

Who is playing in the CNAPP market?

There are four breeds of players in this market:

• The CNAPP 'pure players', (Wiz is one of them). They are about 15 companies, grown from startups, such as Aqua Security, Lacework or ORCA. If the Wiz deal does not go ahead, which one will will be the next target? A buoyant, innovative but likely unstable category.
• Independent security providers have developed their platforms and also address the new requirements defined in CNAPP. A major player in this category is Palo Alto who expanded its Prisma Cloud to cover code scanning ("code to cloud"). Other examples are Zscaler which built on its Zero Trust Exchange and expanded its capability for Cloud Posture Management. TrendMicro integrated several capabilities to form CloudOne aligned with the CNAPP requirements.
• Vulnerability Management providers such as Tenable or Qualys are also coming to the CNAPP market from a different starting point.
• Cloud Service Providers, with their native capability. Microsoft (Azure) has pursued a multi-cloud approach with Defender for Cloud.

Conclusion

For the the industry, in the long term, it is a resounding sign of the security consolidation acceleration. It indicates that Google (Alphabet) intends to play a prominent role in this space.

For now, this potential instability and consolidation is an opportunity for major security providers with a CNAPP capability to raise the awareness of their solutions and build on their clear independence, yet interaction, with Cloud Service Providers.

?? Get in touch

Cybersherpa is an independent security consulting firm specialised on cloud and infrastructure security for the Swiss, EU and UK markets.

On Cloud Security, here is how we help:

• Health Check of your organisation's Cloud Security Posture, powered by CNAPP.
• Design and implementation of a Cloud Assurance solution for your organisation (People, Process, Technology).
• Support to CNAPP product selection (RFI, Proof of Concept, RFP).

www.cybersherpa.com

Follow our LinkedIn page for more articles