Google's Wiz Acquisition: What Everyone is Getting Wrong (Opinion)

By now you're probably tired of all the commentary about Google acquiring Wiz. So am I. Why bother adding more? Because frankly, most analysis I've read I think is wrong, failing to see both Wiz's true potential and Google's strategy. So I’m going to add another (likely wrong) opinion to the pile….

Wrong: Google will remove AWS & Azure support

Every acquisition I can recall where multi-cloud/multi-vendor support was stripped back has killed the tool and its momentum. There are lots of “product” reasons you can argue for this - i.e. less addressable market share, less licensing revenue per deal but there’s a simpler death spiral formula:

1. Stop listening to what customers want
2. Remove the reason the customers wanted it in the first place 
3. Watch as it becomes useless, killing new sales while existing customers exit

Google has a $32 Billion dollar reason not to follow this path.

Wiz's value comes from its ability to consolidate, deduplicate, and make sense of numerous tools and data sources. Many enterprises operate in multi-cloud environments. Wiz is actually expanding its inputs in terms of breadth (shift left, shift right) and depth (eBPF, firewall logs).

Removing multi-cloud support would also kill the direct ROI from the acquisition. Wiz licensing works on volume, reducing that makes no business sense unless you believe people will move to GCP because of Wiz. Which brings me to my next point.

Wrong: Google acquired Wiz to get more GCP growth

I don’t really understand this angle. Most customers already have established cloud footprints and the cost to replatform is massive. You'll change security tools long before changing cloud platforms.

I don't see this fundamentally altering how organisations select cloud providers. There are typically a lot of factors that are weighed up when selecting a cloud provider. A lot of them have to do with skillsets you already have, or commercial arrangements, or colour schemes.

How would you use Wiz to make GCP more compelling? Either give it away with your platform or ensure it only supports your platform. The first argument could apply to Google SecOps (which they don't give away with GCP). I've already addressed why the second point doesn't make sense.

Correct: Google acquired Wiz because they can win in security

But what a generic observation. Let me explain what I mean.

Three megatrends will drive revenue growth (particularly ARR) over the next decade: Cloud, Security, and AI. Google has solid capabilities in Cloud and AI. Security, despite some impressive recent developments and acquisitions, isn't traditionally associated with Google. So why Wiz, and why such a hefty price tag?

2024 was called "the year of the Security Platform" by Fortinet. Palo Alto made a significant announcement about dipping Wall Street results to allow them to rebuild with a platform approach. Everyone was talking about security platforms.

But my strong view is a platform is not just a collection of capabilities, maybe reskinned with a similar UI and identity broker. A platform is just that - a synergetic underlying foundation on which to build. 

The Three Types of Security Platforms

I see three emerging platform categories:

1. Network-based platforms: Leveraging the same forwarding plane that excels at moving packets at scale. Cloud-first approaches will win here.
2. Endpoint-based platforms: Great at deploying across various endpoint configurations and layering value from EDR to vulnerability discovery to patch management.
3. Infrastructure platforms: A form of aggregation platform since infrastructure encompasses many things and includes data from Network and Endpoint platforms. Maybe these are better called data platforms but I don’t want to confuse this with data security. 

Wiz falls into the third category and has the best chance of succeeding. Why? Check out some of my earlier thinking around security platforms here but it comes down to two things:

First, the data model. The Wiz security graph is second to none, allowing entity and relationship data to be layered and modeled to illustrate risk. Why has Wiz rebuilt their last two acquisitions (Gem and Dazz) to run natively as part of their platform? To preserve the integrity of their data model and platform approach. While a graph DB isn’t proprietary, nor is it net new, Wiz have put it to use brilliantly. 

Second, automation capabilities. Wiz has released AI-Powered Remediation 2.0, and Dazz brought considerable remediation capabilities to the table. Wiz will continue to evolve here, and I believe it will evolve rapidly. A quote from a friend that has stuck with me is “Don’t bring me a new security tool that just show’s me more problems, show me what you’ve done about them. Then I’ll be interested”. Maybe this is the holy grail of security.

More Than Just Cloud Security

If you think Google bought Wiz solely for its current capability, you couldn’t be more wrong.

The centricity around Cloud is even becoming a bit of a misnomer. What do you call Wiz when they roll out Windows eBPF sensors to complement their Linux sensors? When they start ingesting CheckPoint logs and other firewall data? When SaaS capabilities appear in the platform? It is far from a cloud only security tool.

It would start to resemble a SIEM as an aggregator, but it would still be fundamentally different. SIEMs function around aggregating time-series data. Of course they have advanced beyond that, but architecturally they started as log aggregation platforms, with security smarts layered on top. They’re combining rapidly with SOAR capabilities, therefore aggregating and automating across a lot of systems using a broader set of methods (for example they ingest alert sources and use APIs and Webhooks to push and pull data).

Crudely put, if we take SIEM and SOAR functionality and layer it on a graph database, we glimpse what future security platforms might look like. Maybe the closest picture to bring to mind is a sort of a digital twin for your infrastructure and applications. Entities (code, applications, data, services) and their relationships are modeled on a graph from multiple data points, then overlaid with time-series event data.

The closest parallel I can draw is that it reminds me of the shift to object oriented programming. Google caught a glimpse of the future of security in what they saw with Wiz.

But is it worth $32B?

Simply, yes, if executed well. And Wiz has executed incredibly well so far.

Look at the value and revenue of companies like Palo Alto and CrowdStrike. That's where Google is aiming.

Oh, and Wiz hasn’t just nailed the technology, they have built a go-to-market engine to rival anyone's, which frankly Google could do with, especially in Enterprise. But that’s a whole different story.