Google Recognizes Critical Role of Security in Acquisition of Wiz

Wiz may be getting more expensive, but so is its strategic relevance

Back in August, Google was in talks to buy cloud security company Wiz for $23 billion, but the deal quickly fell through due to Google’s antitrust baggage and Wiz’s goal to remain independent ahead of an IPO. But a lot has changed in the last seven months, including a new U.S. government administration that broadly supports Big Tech when it comes to AI investments and the ability to push M&A through regulatory hurdles.

With the business environment changing and cybersecurity perhaps more relevant than ever, Google saw an opportunity to repursue the Wiz acquisition, and a $32 billion offer, marking a major uptick in valuation, was simply too good for Wiz to ignore. Should the deal close in 2026 as expected, Wiz — with roughly 1,800 employees and ties to half the Fortune 500 — will join the Google Cloud division, offering synergies with Mandiant, an added layer of protection for the Google Security Operations platform, and the potential to help Google Cloud formalize cybersecurity as an agentic AI use case.

Wiz’s play in hybrid-multicloud and cloud-native security makes it a good fit for Google Cloud

In our view, there are two overarching attributes of Wiz that make it a natural fit for Google Cloud: multicloud and born in the cloud. Supporting hybrid and, to an extent, multicloud environments with services like BigQuery Omni has always been one of Google Cloud’s strengths, given the company’s unique ties to Kubernetes and broader support for open-source communities.

Recent data-sharing alliances and integrations with ISVs like Oracle and Salesforce (a Wiz investor) are another reaffirmation that Google Cloud accepts the multicloud reality and the fact that cloud ecosystems are becoming more influenced by two of Google Cloud’s biggest competitors, Amazon Web Services (AWS) and Microsoft. But as customers continue to employ multiple clouds — with TBR’s 2H24 Cloud Infrastructure & Platforms Customer Research suggesting that 68% of customers are leveraging two or more clouds — and data integrations become tighter, security concerns are mounting, particularly when it comes to utilizing this data to build generative AI (GenAI) applications.

“A lot of Microsoft’s core solutions, they’re born out of a legacy product, and you’re going to get some issues with security and the code versus something that’s built completely from the ground up, which is the case of Google. So, I think with Microsoft, you have to take a more active approach to managing your security.”
— CIO, Manufacturing

Google Cloud’s ability to integrate Wiz, which can connect to not only AWS, Microsoft Azure and Oracle Cloud Infrastructure (OCI) but also legacy VMware environments, as well as data and AI platforms like Snowflake and OpenAI, will be important as the cloud market continues to evolve around open data ecosystems and GenAI. The other big attribute of Wiz is not just that it supports multiple environments, but that it was born in the cloud and can thus support security in a modern way with capabilities like IaC (Infrastructure as Code) scanning for modern parts of the cloud stack, such as containers, serverless and PaaS environments.

The ability to support security in a modern way directly aligns with Google Cloud’s “ground-up” approach to security, which is one of the ways Google Cloud differentiates from its peers. Should the deal close, we expect the Wiz brand to greatly complement Google Cloud’s when it comes to security. But to be clear, this is not just a point of messaging Google Cloud uses with clients; it is a sentiment often shared by C-Suite decision makers we speak with, as highlighted in the quote to the right.

Wiz would bring IP and talent at the crucial modern app dev layer

There are a couple of obvious synergies that will take shape between Wiz and Google Cloud. First, Google Cloud plans to integrate Wiz into the Google Security Operations platform (formerly Chronicle) to add another piece of protection at the application development layer. Unlike some other security ISVs, Wiz is concerned with selling to not only security operations teams but also DevOps teams.

Wiz’s platform is designed to secure every stage of the software development life cycle, supporting the underlying infrastructure and runtimes, as well as everything from the CI/CD (continuous integration/continuous deployment) pipelines up to the actual code. With the company’s scanning tools, security attacks are identified preemptively, so developers have an opportunity to understand and fix the threat before deploying their applications.

Google has already taken some big steps to support clients’ security operations teams by integrating SOAR (Security Orchestration, Automation and Response) and SIEM (Security Information and Event Management) capabilities as part of Google Security Operations, so Wiz’s prowess at the development layer should help round out a key piece of the platform. It will also align with the company’s goal to boost developer mindshare and win more applications. According to TBR’s research, most new applications will be hosted disproportionately in the cloud and have an AI component, so having a tool that can help embed security natively into the developer workflow would likely be well received.

Second, through Mandiant, Google Cloud already has a team of security experts, including roughly 600 Mandiant consultants, which should be a nice complement to Wiz’s platform, supporting tasks like incident response, technical assurance, strategic readiness and managed defense. With Wiz and Mandiant, we see Google Cloud increasingly addressing customers’ preference for “one hand to shake” when it comes to security. But Google Cloud services partners should still be assured of their critical role in helping Google Cloud establish trust with clients and selling more business-led outcomes centered on GRC (governance, risk and compliance).

Solidifying security as a GenAI use case

As is the case in multiple facets of IT such as data management, security and GenAI are two sides of the same coin: Enterprises need effective security practices to run GenAI, but GenAI can also help improve security. From the evolution of the Sec-PaLM model to the rollout of Gemini in Google Security Operations, Google has already taken some big steps to establish security as a top GenAI use case. Google Cloud was also pretty early in its shift around agentic AI, particularly in letting customers build their own agents, so we expect the Wiz acquisition to drive new uses for cybersecurity support AI agents that could act as extensions for cybersecurity teams, closing the massive skills gap that continues to exist in the field.

Conclusion

A lot has changed since Google first eyed Wiz as an acquisition prospect, but Google’s strategy of using cloud-native security as a differentiator to grow within the large enterprise base is unwavering. And one could argue that over the past seven months, security concerns have only increased as new GenAI applications come into play and the data ecosystems supporting those apps have become more integrated.

Wiz’s ability to identify and support security threats at every layer of the stack and do so in a hybrid multicloud fashion is certainly in step with the market. Meanwhile, if Google Cloud can use Wiz to ease concerns when it comes to developing new AI-based applications, supported by new security AI agents, this deal could handily elevate Google Cloud’s competitive standing in the market.