The Consolidation Play - Google's $32B Wiz Acquisition
The Deal That Changed Everything
On March 18, 2025, Google announced it was acquiring Wiz for $32 billion in cash. Let that number sink in. Thirty-two billion dollars for a company that was barely five years old, had around $500 million in annual recurring revenue, and had turned down a $23 billion offer from the same buyer just eight months earlier.
This wasn't just a big check. It was a declaration of war.
Google had already spent $5.4 billion on Mandiant in 2022. It had poured billions into its Chronicle security operations platform. But Wiz was different. Wiz had something Google desperately needed - a cloud security platform that actually worked across AWS, Azure, and GCP simultaneously, with over 40% of Fortune 100 companies as customers.
The acquisition signaled something every CISO needs to understand: the era of independent, best-of-breed security vendors is ending. The hyperscalers are consolidating the security stack, and the implications for enterprise security strategy are enormous.
Why Google Paid 64x Revenue
To understand the price tag, you need to understand what Wiz actually built. Founded in 2020 by four former members of Microsoft's Cloud Security Group - Assaf Rappaport, Ami Luttwak, Yinon Costica, and Roy Reznik - Wiz created an agentless cloud security platform that could scan an entire cloud environment in minutes without deploying any software.
Their secret was the Wiz Security Graph, a technology that correlated vulnerabilities, misconfigurations, network exposure, identities, and sensitive data across cloud providers into a single unified view. Before Wiz, cloud security meant stitching together dozens of point solutions - one for vulnerability scanning, another for IAM analysis, another for compliance, another for container security. Wiz collapsed all of that into one platform.
By early 2025, Wiz had:
- $500M+ in ARR, growing at roughly 100% year-over-year
- 40%+ of the Fortune 100 as customers
- Coverage across AWS, Azure, GCP, Oracle Cloud, and Alibaba Cloud
- Over 900 employees globally
- A valuation that had risen from $1.7B in 2021 to $12B in 2024
Google wasn't paying 64x revenue for a security tool. It was paying for the right to own the multi-cloud security layer - the single pane of glass that enterprises were increasingly depending on to secure their entire cloud footprint.
The Hyperscaler Security Land Grab
Google's Wiz acquisition didn't happen in isolation. It's part of a systematic pattern where the three major cloud providers are absorbing the security ecosystem.
| Acquirer | Target | Year | Price | Capability |
|---|---|---|---|---|
| Mandiant | 2022 | $5.4B | Threat intelligence, incident response | |
| Siemplify | 2022 | $500M | SOAR (Security Orchestration) | |
| Wiz | 2025 | $32B | Cloud security posture management | |
| Microsoft | RiskIQ | 2021 | $500M | Attack surface management |
| Microsoft | Miburo | 2022 | Undisclosed | Threat intelligence |
| Microsoft | CyberX | 2020 | $165M | IoT/OT security |
| Palo Alto Networks | QRadar SaaS (from IBM) | 2024 | Undisclosed | SIEM |
| Cisco | Splunk | 2024 | $28B | Security analytics, SIEM |
| CrowdStrike | Adaptive Shield | 2024 | Undisclosed | SaaS security |
The pattern is unmistakable. Cloud providers are building end-to-end security stacks by acquiring the best independent vendors. And once those vendors are absorbed, their incentive structure changes fundamentally.
When your security vendor becomes a division of your cloud provider, their primary goal shifts from protecting you to retaining you on that platform. This is not cynicism - it's the basic economics of platform businesses.
What Enterprises Are Actually Losing
Pricing Leverage
Before the acquisition, Wiz competed aggressively against Orca Security, Lacework, Aqua Security, and the native security tools from AWS, Azure, and GCP. That competition kept prices reasonable and drove rapid innovation. Post-acquisition, Google can bundle Wiz capabilities into GCP at a discount that no independent vendor can match - while charging a premium for the same capabilities on AWS and Azure.
This is exactly what happened with Microsoft Security. By bundling Defender, Sentinel, and Entra ID into E5 licenses, Microsoft made it economically irrational for many organizations to buy competing products. The security features were "free" if you were already paying for the productivity suite. Independent vendors like CrowdStrike and SentinelOne suddenly had to justify their existence against a $0 incremental cost alternative.
The numbers tell the story. Microsoft's security business grew to over $20 billion in annual revenue by 2024 - making it larger than any pure-play security company. Much of that growth came not from building better products, but from bundling existing products into enterprise agreements.
Multi-Cloud Neutrality
This is the deeper concern. Wiz's value proposition was built on being genuinely cloud-agnostic. It worked equally well across AWS, Azure, and GCP. That neutrality was credible because Wiz had no financial incentive to favor one cloud over another.
Under Google's ownership, that neutrality is suspect. Will Google-owned Wiz deliver the same quality of integration and feature parity on AWS as it does on GCP? Google says yes. History says probably not. When Microsoft acquired GitHub, there were similar assurances. GitHub remains excellent, but its deepest integrations - Copilot, Azure DevOps, Codespaces - all tilt toward the Microsoft ecosystem.
For enterprises running serious multi-cloud strategies (which is most large enterprises), this creates a structural problem. The best cloud security platform is now owned by one of the clouds it's supposed to neutrally evaluate.
Innovation Velocity
Independent startups innovate faster than divisions of large companies. This is not a controversial claim - it's observable reality across every technology category. Wiz's pace of innovation from 2020 to 2025 was extraordinary. They shipped major new capabilities every quarter, responded to customer feedback in weeks, and moved with a speed that large organizations simply cannot sustain.
Post-acquisition, Wiz will inevitably slow down. Key engineers will leave after their retention periods. Product decisions will require navigating Google's internal politics. Integration with GCP will consume engineering bandwidth that would otherwise go to new features.
The Vendor Lock-In Risk Assessment
Every CISO should be evaluating their vendor portfolio through a consolidation risk lens. Here's a framework for assessing how exposed you are.
Consolidation Risk Matrix
| Risk Factor | Low Risk | Medium Risk | High Risk |
|---|---|---|---|
| Cloud provider dependency | Multi-cloud with independent security tools | Multi-cloud with some provider-native security | Single cloud with provider-native security stack |
| Security vendor concentration | 5+ independent vendors across security domains | Mix of independent and platform-bundled tools | 80%+ of security from one vendor ecosystem |
| Data portability | All security data in open formats with export APIs | Some proprietary formats but export possible | Critical security data locked in vendor-specific formats |
| Contract structure | Annual contracts with 90-day termination | Multi-year with migration support clauses | Long-term ELAs with significant switching penalties |
| Team expertise | Broad skills across multiple platforms | Moderate depth in 2-3 platforms | Deep expertise in single vendor's ecosystem only |
Scoring Your Risk
Count how many "High Risk" factors apply to your organization:
- 0-1 High Risk factors: You're in reasonable shape. Monitor but don't panic.
- 2-3 High Risk factors: Start developing a diversification plan now. You're vulnerable to pricing pressure and capability changes.
- 4-5 High Risk factors: You have a strategic problem. A single vendor decision - an acquisition, a price increase, a deprecation - could materially impact your security posture.
The goal isn't to eliminate all vendor concentration. That's impractical and creates its own operational problems. The goal is to ensure no single vendor acquisition or business decision can leave you exposed.
The Multi-Cloud Security Dilemma
The Google-Wiz deal forces a practical question: if the best cloud security platforms are being acquired by cloud providers, how do you maintain multi-cloud security visibility?
There are three emerging approaches:
1. The "Best Native" Strategy
Use each cloud provider's native security tools for that provider's environment. AWS GuardDuty for AWS, Microsoft Defender for Azure, Google Security Command Center (now enhanced with Wiz) for GCP.
Pros: Deep integration, often included in existing licensing, optimized for that specific cloud.
Cons: No unified view, different alert formats, separate teams needed for each cloud, gaps at the boundaries between clouds.
2. The "Independent Overlay" Strategy
Choose an independent security platform that still operates across all clouds. Current options include Orca Security, Lacework (now part of Fortinet), and Prisma Cloud (Palo Alto Networks).
Pros: Unified view, vendor neutrality, single team can manage.
Cons: Diminishing vendor options as consolidation continues, potential feature gaps compared to native tools, additional cost.
3. The "Open Standards" Strategy
Build your security visibility layer on open-source and open-standard tools - OpenTelemetry for observability, Sigma for detection rules, STIX/TAXII for threat intelligence, and open-source SIEM platforms like Wazuh.
Pros: No vendor lock-in, full data ownership, community-driven innovation.
Cons: Significant engineering investment, requires deep expertise, integration burden falls on your team.
Most enterprises will end up with a hybrid approach. The key is to make that choice deliberately rather than drifting into concentration through convenience.
What CISOs Should Do Now
1. Audit Your Vendor Concentration
Map every security tool to its parent company. You may be surprised. That "independent" SIEM you bought might now be owned by a cloud provider or a private equity firm with very different priorities. Create a dependency map that shows which vendors, if acquired or shut down, would leave gaps in your security posture.
2. Negotiate Exit Clauses
If you're signing or renewing contracts with any security vendor, negotiate explicit provisions for acquisition scenarios. Key terms to include:
- Data export rights: The right to export all data in open formats within 90 days of an acquisition announcement
- Pricing protection: Caps on price increases for 2-3 years post-acquisition
- Feature parity guarantees: Contractual commitment to maintain feature parity across all supported platforms for a defined period
- Termination rights: The ability to terminate without penalty if the product is materially changed or deprecated
3. Invest in Data Portability
Ensure your security data - logs, alerts, policies, configurations - exists in formats you can move. If your detection rules are written in a proprietary query language, start translating them to Sigma. If your security data lake is locked in a vendor's format, establish regular exports to an open format.
4. Build Cross-Platform Expertise
Don't let your team's skills concentrate on a single vendor's ecosystem. Invest in training across multiple platforms. When hiring, prioritize candidates with experience across cloud providers. The organizations that navigate vendor consolidation best will be those with teams that can evaluate and operate multiple tools.
5. Engage with Open-Source Security
Open-source security tools have matured significantly. Projects like Falco (runtime security), Wazuh (SIEM/XDR), OpenTelemetry (observability), and Trivy (vulnerability scanning) provide genuine alternatives to commercial products. You don't need to go all-in on open source, but having familiarity and operational experience with these tools gives you options.
For a deeper analysis of how cloud provider consolidation affects enterprise security strategy, see my detailed breakdown: The Security Vendor Landscape After Google-Wiz
The Private Equity Factor
It's not just hyperscalers driving consolidation. Private equity firms have been aggressively rolling up cybersecurity companies, creating mega-platforms through acquisition rather than organic innovation.
Thoma Bravo alone owns or has acquired stakes in SailPoint, Ping Identity, Proofpoint, Sophos, and ForgeRock. Vista Equity Partners owns Ping Identity (before its merger), KnowBe4, and several other security companies. These PE-backed consolidations operate on a different logic than hyperscaler acquisitions - they're optimizing for margin expansion, not platform lock-in. But the effect on customers is similar: fewer independent choices, higher prices, and declining innovation as engineering teams get cut to improve EBITDA.
The PE playbook is predictable: acquire a security company, reduce R&D spending from 25-30% of revenue to 15-18%, consolidate support teams, raise prices 10-15% annually, and prepare for resale or IPO within 3-5 years. Customers get a product that works today but is slowly degrading as the investment shifts from building to extracting.
For CISOs evaluating vendors, understanding ownership structure is now a critical due diligence step. A company owned by PE will behave differently than a founder-led startup, which will behave differently than a division of a hyperscaler. Your vendor's ownership determines its incentive structure, and its incentive structure determines how it will serve you over time.
Lessons from History: What Past Consolidation Tells Us
This isn't the first time the security industry has consolidated. In the mid-2000s, Symantec, McAfee, and CA Technologies absorbed dozens of point security products into massive "suites" that promised unified management and cost savings. The result was bloated, slow products that security teams hated but procurement departments loved because they simplified vendor management.
It took a decade for the next generation of independent vendors - CrowdStrike, SentinelOne, Zscaler, Wiz itself - to displace those consolidated suites with focused, superior products. The current wave of consolidation risks repeating that cycle. The best security products of 2020-2025 may become the bloated legacy platforms of 2030 if their acquirers prioritize integration and margin over continued innovation.
The difference this time is the speed. Previous consolidation cycles played out over 10-15 years. Today's hyperscaler acquisitions can shift the competitive landscape in months. Organizations that wait to diversify may find the alternatives have already been acquired.
The Bigger Picture
The Google-Wiz deal is a symptom of a broader transformation in enterprise security. The industry is moving from a fragmented ecosystem of hundreds of point solutions toward a consolidated landscape dominated by a handful of platform players.
This consolidation has genuine benefits. Integration between security tools has historically been terrible, and platforms that work seamlessly together provide real operational value. The problem is that consolidation also reduces competition, concentrates risk, and gives enormous pricing power to a small number of vendors.
For CISOs, the strategic imperative is clear: plan for a world where your cloud provider is also your primary security vendor, but build the optionality to change course if that relationship stops serving you.
The $32 billion Google paid for Wiz will be recouped through platform retention, competitive displacement, and pricing power. The question is whether your organization will be on the paying end of that equation - or whether you'll have built the strategic flexibility to choose the best tools regardless of who owns them.
The game has changed. Your move.