Google has announced definite plans to acquire cloud-native application protection platform (CNAPP) vendor Wiz for $32 billion, which is the largest ever acquisition in cybersecurity, surpassing the $28 billion that Cisco paid for Splunk in 2024. This is also Google’s largest ever acquisition and, based on Forrester’s estimates of Wiz’s annual revenue, represents an astronomically high, approximately 45–50x estimated multiplier of Wiz’s annual revenue. Wiz has been making financial headlines since last summer, stemming from rumors in July 2024 that Google would acquire Wiz for $23 billion, as well as Wiz’s acquisition of Gem Security along with talk that Wiz would acquire Lacework, a deal that fell through (Fortinet later acquired Lacework).

This acquisition highlights the following:

  1. In the light of Google’s track record with past security acquisitions, Google can successfully integrate Wiz. When evaluating Googe Cloud’s previous security acquisitions, the track record is strong. Google’s 2022 acquisition of Mandiant has proven to be a key component of Google’s cybersecurity product strategy, infusing Google Security Operations with Mandiant’s threat intelligence and analytics. Google has also retained many of Mandiant’s most prominent security leaders, which is a positive sign. Similarly, the 2022 Siemplify acquisition was productive for Google Security Operations — it recently fully integrated Siemplify into the platform as a full-fledged security orchestration, automation, and response offering. The success of Wiz’s acquisition will also depend on: 1) Google’s ability to navigate today’s current volatile economic environment; 2) its ability to “save some cash” to remain in the AI race with AWS and Azure; and 3) whether Google operates Wiz separately or embeds them into Google Cloud’s security portfolio.
  2. Multicloud CNAPP is indispensable for cloud infrastructure security offerings. While Google Cloud Platform (GCP) has successfully developed CNAPP capabilities (cloud security posture management and cloud workload protection) for its own platform’s native security, these tools have predominantly focused only on protecting GCP endpoints/assets. After Microsoft’s 2021 early acquisition of CloudKnox and development of Defender for Cloud (a multicloud CNAPP tool competing with Palo Alto Networks and others), Google is now feeling the pressure to offer a true, multicloud-capable CNAPP tool, given that so many organizations are multicloud today. Forrester expects that, post-acquisition, most current CNAPP capabilities in GCP (such as cloud security posture management [CSPM], cloud infrastructure entitlement management [CIEM], and agentless cloud workload protection [CWP]) will be replaced by Wiz’s offering and remain with multicloud support. Multicloud security capabilities will accelerate Google Cloud’s entry into many enterprises.
  3. App security synergies provide additional opportunities for cloud providers. While Wiz is primarily focused on CNAPP, the firm’s product offerings bleed into the application security space. Recently, Wiz expanded into app security, including software composition analysis, infrastructure as code (IaC), and secrets scanning; software bills of materials; and continuous integration and continuous delivery security posture management. These moves position Wiz to compete with application security testing vendors and other CNAPP vendors that have “shifted left.” Google has also begun extending its API management product, Apigee, into broader API security use cases. While there are still gaps to fill, such as static application security testing, dynamic application security testing, and API attack detection, adding Wiz to the Cloud Armor, reCAPTCHA, and Apigee offerings moves Google closer to being a holistic cloud application security provider.
  4. The acquisition will provide competitive pressures and drive consolidation for independent CNAPP suite vendors. Fortinet, Palo Alto Networks, Sysdig, Rapid7, Trend Micro, and others now face fierce competition from cloud infrastructure providers (Google and Microsoft). This planned acquisition, plus Microsoft’s continued investments in CNAPP and app security, will drive independent CNAPP providers to innovate and seek differentiation in comparison to the cloud infrastructure providers and could lead to further consolidation within the CNAPP space. Cloud customers must consider whether these independent CNAPP vendors have sufficient capabilities to maintain themselves as a trusted third-party platform that mitigates reliance on a single cloud provider — a pattern that has benefited vendors in the observability and AIOps space, for example.
  5. Other CNAPP vendors must integrate cloud detection and response. Wiz’s cloud detection and response offering, Wiz Defend (formerly Gem Security), takes a different approach to cloud detection and response. Instead of relying on built-in detection capabilities in its own cloud protection tools exclusively, Wiz Defend offers a unified tool solely for detection and response that takes in alerts and data from other tools (identity tools, Google Cloud audit logs, Azure activity logs, AWS CloudTrail logs, etc.) and does detection engineering on them. This reduces alert volumes from the cloud at a critical time — clients are struggling with cloud alert volumes more than ever given the disparate products. With this acquisition, it puts pressure on other vendors to consolidate their CNAPP and cloud detection and response (CDR) offerings in a similar way and provide explicit CDR capabilities in their CNAPP solution: a big win for security operations teams.
  6. Wiz’s cluster optimization and cost considerations raise questions on Google’s cloud management ambitions. Although traditionally a CNAPP solution, Wiz — driven by customer requirements — developed a Cost Optimization framework, with Cloud Configuration Rules being its latest capability. It optimizes Kubernetes costs in Amazon’s Elastic Kubernetes Service by identifying cluster optimization opportunities. Though this capability starts with AWS, Wiz earlier had stated plans to extend its next generation of Wiz Cloud Cost to other public clouds. Since Google Cloud has its own cost management capabilities, the question remains whether Wiz Cloud Cost will be deprecated or folded into Google’s native management suite, or perhaps Google will continue its FinOps ambitions and expand to ingesting and managing its competitors’ cloud costs.
  7. AWS will need to react to these CNAPP trends. While Amazon Web Services has been providing GuardDuty and Config, these solutions are not as strong as other CNAPP solutions in areas of best practices, compliance template breadth and depth, and, more importantly, multicloud coverage. While AWS WAF (web application firewall) supports hybrid and multicloud deployments, many Forrester clients tell us that they still limit AWS WAF to the AWS environment. To respond to Google’s acquisition of Wiz, AWS will need to beef up its productized, multicloud CNAPP offering (with coverage for CSPM, CIEM, agent-based and agentless CWP, container security, and IaC scanning). If AWS chooses to go the buy vs. build route, likely CNAPP acquisition targets would include smaller players such as Aqua Security, Orca Security, and Sysdig.