The actual story: Pace and Safety at DevOps scale
The actual story behind Google buying Wiz is how badly the necessity for velocity dominates each enterprise’s DevOps cycles constructing apps, fashions and platforms with out sacrificing safety.
By buying Wiz, Google will get an AI-infused Cloud Native Software Safety Platform (CNAPP) designed to get rid of DevSecOps bottlenecks, stop assaults by and on fashions in growth, stop cloud breaches and scale multi-cloud safety in actual time. The Wiz CNAPP platform has earned a world fame through the use of AI to reinforce its risk detection, predictive analytics, automated remediation, and discount of false positives.
Wiz will combine Google’s threat detection, risk intelligence and automatic remediation, which all are desk stakes for shielding each stage of cloud-based app and mannequin growth. That’s a strong contribution to Wiz’s graph-based safety engine designed to seek out and comprise assault paths immediately, prioritize precise dangers and assist safety groups establish and repair vulnerabilities earlier than they’re exploited.
Google paying $32 billion in money alerts simply how pressing the necessity for velocity is throughout DevOps cycles which have been asking for an AI-driven CNAPP platform that may flex and scale to maintain up with extra complicated DevOps cycles.
“While Google Cloud Platform (GCP) has been investing in built-in CNAPP capabilities for their own platform’s native security with success, these tools have predominantly focused only on protecting GCP endpoints/assets,” says Andras Cser, VP and Principal Analyst at Forrester.
Cser added, “after Microsoft’s 2021 early acquisition of CloudKnox and development of Defender for Cloud, Google is feeling the pressure to offer a true, multicloud-capable CNAPP tool given that so many organizations are multi-cloud today. Forrester expects that, post-acquisition, most current CNAPP capabilities in GCP (CSPM, CIEM, agentless CWP) will be replaced by Wiz’s offering and remain with multi-cloud support.”
Google simply made CNAPP the Components 1 of Cloud Safety
In skilled racing, as in DevOps, groups obsess over squeezing the final ounce of velocity features out of their engines or code. Figuring out that only a few milliseconds gained by decreasing the drag on a Components 1 automobile or making slight engine enhancements imply the distinction between a successful season or not.
CNAPP is likely one of the engines DevOps and DevSecOps groups depend on to scale back dangers, block intrusions and breaches, and supply a 360 view of CI/CD pipelines to verify they’re safe. Having a CNAPP that’s AI-driven delivers extra correct remediation and steerage, contextual risk intelligence and blocks intrusion makes an attempt on CI/CD pipelines defending code.
“While Wiz is most focused on CNAPP, the firm’s product offerings bleed into the traditional application security space, with container and Kubernetes security pieces. Recently Wiz expanded into security in the software development phases with software composition analysis (SCA), IAC scanning, and secrets scanning, as well as diving into the software supply chain use case with software bill of materials (SBOM) and CI/CD security posture. These are moves that put Wiz in a position to compete with application security testing vendors and other CNAPP vendors who have ‘shifted left,” defined Forrester Senior Analyst Janet Worthington.
DevOps groups are beneath fixed, rising stress to ship. With bonuses usually driving on if a supply date for code is met, safety is tacked on to the tip of a CI/CD cycle or product schedule. VentureBeat discovered that the standard Fortune 1,000 IT division has over 175 energetic, concurrent DevOps initiatives operating without delay, with many having no constant cloud utility safety. In different phrases, these 175 initiatives are operating in quite a lot of unprotected cloud environments and not using a frequent CNAPP platform to guard them. That’s jeopardizing the complete DevOps pipeline which is a transfer made to scale back time-to-market that leaves dozens of initiatives in danger.
Why Google doubled down on Wiz
Google’s ambitions to develop Google Cloud Platform (GCP) wanted a cybersecurity platform that might go end-to-end, shield DevOps and strengthen DevSecOps whereas leveraging AI to ship real-time risk detection, automated remediation and full-stack cloud safety.
The actual purpose of this acquisition is to have a unified CNAPP answer able to securing every thing from code to cloud to runtime, making certain that safety now not slows down growth however accelerates it. Wiz’s AI-driven threat evaluation, assault path visualization and multi-cloud safety give GCP a aggressive edge, making it a viable competitor in an more and more crowded market pushed by enterprises needing velocity, scale and resilience in cloud safety.
This diagram visually explains how CNAPP integrates safety into the complete DevSecOps lifecycle, one in every of Google’s key motivations in buying Wiz to achieve an end-to-end, AI-driven safety platform. Supply: Gartner, 5 Methods CNAPP Will Enhance Your Cloud Safety, Sept. 21, 2023.
“Google has invested heavily in application security tooling that protects apps deployed not only in GCP but in other clouds (and on-premises). Google’s investment in its Cloud Armor platform has added web application firewall functionality that is competitive not just with Microsoft and AWS but with other WAF providers. reCaptcha Enterprise has expanded from a Captcha provider into a fuller bot management platform that addresses a range of business logic attacks,” says Forrester Principal Analyst Sandy Carielli.
“In recent months, Google has begun extending its API management product, Apigee, into broader API security use cases. While there are still gaps to fill, adding Wiz to the combined Cloud Armor, reCaptcha, and Apigee offerings moves Google closer to a holistic defense story for cloud applications,” Carielli continued.
Google wanted a unified AI-driven CNAPP to turbocharge its cybersecurity enterprise. One which brings collectively safety posture administration, workload safety, superior risk detection right into a excessive efficiency safety engine. Challenged by having a siloed strategy to safety previously, Google is trying to now have a adaptive, versatile platform that may present safety on the velocity of cloud app growth.
Previous to this deal, GCP’s safety toolkit was sturdy, but siloed as evidenced by its Chronicle SIEM, Mandiant risk intel and all kinds of associate options that created roadblocks throughout clients’ CI/CD pipeline. Buying Wiz closes a serious hole of their cybersecurity technique by offering an built-in AI-driven platform that scans cloud environments in minutes and establish dangers in actual time.
CNAPP has a quick observe with AI savvy opponents
The worldwide CNAPP market was valued at roughly $9.79 billion in 2023 and is projected to achieve $38.01 billion by 2030, rising at a compound annual development charge (CAGR) of about 21.8% through the forecast interval. Gartner notes that end-user calls on CNAPPs rose 29% from 2023 to 2024, with an emphasis on Cloud Safety Posture Administration (CSPM) pushed by compliance and simple API deployment, with expectations of runtime visibility and management.
“Wiz’s key detection and response offering Wiz Defend takes a different approach to cloud detection and response. Instead of relying on built-in detection capabilities in its own cloud protection tools, it offers a unified tool solely for detection and response that takes in alerts and data from other tools and does detection engineering on them,” says Forrester Principal Analyst Allie Mellen.
“This reduces alert volumes from the cloud at a critical time. With this acquisition, it will put pressure on other vendors to consolidate in a similar way — a big win for security operations teams,” Mellen continued.
The CNAPP market is more and more changing into the Components 1 of cloud safety, with Google, Microsoft, Palo Alto Networks, CrowdStrike and Examine Level main the cost.
Examine Level CloudGuard: A CNAPP answer designed for multi-cloud safety, runtime safety and automatic compliance enforcement. CloudGuard’s agent-based and agentless safety helps shield workloads, Kubernetes environments, and serverless purposes.
CrowdStrike Falcon Cloud Safety: Increasing from endpoint safety to cloud, CrowdStrike brings its risk intelligence management into CNAPP. Falcon Cloud Safety offers code-to-cloud visibility, IaC scanning, and runtime risk detection, reinforcing proactive breach prevention.
Microsoft Defender for Cloud: A deeply built-in CNAPP that extends throughout Azure, AWS, and GCP, providing runtime safety, identification safety, and AI-driven risk intelligence. With Safety Copilot, Microsoft is leveraging generative AI to automate risk detection and remediation.
Different CNAPP distributors out there embody Aqua Safety, Lacework, Orca Safety, Palo Alto Networks, SentinelOne, Sysdig and Development Micro all providing options for cloud safety, workload safety and posture administration.
Gartner ranks CNAPP distributors primarily based on buyer suggestions, offering a data-driven comparability of how enterprises understand the leaders on this market. Supply: Gartner, Voice of the Buyer for Cloud-Native Software Safety Platforms, Dec. 27, 2024
The AI-enabled CNAPP race is simply starting
Google’s resolution to make their single largest acquisition in its historical past says they see the ache of siloed gradual processes in enterprises they’ll shortly flip right into a worthwhile new a part of their cybersecurity enterprise. CNAPP is the racing engine their prosects and present clients are on the lookout for.
For CISOs and safety leaders, the important thing takeaway is evident: the way forward for cloud safety belongs to platforms that combine AI, automate threat detection, and supply full-stack visibility throughout multi-cloud environments. Whether or not Google’s Wiz-powered CNAPP takes the lead will rely on how effectively it integrates with Google’s AI-driven risk intelligence and safety operations suite.
Backside line: Enterprises want AI-powered CNAPP options to streamline CI/CD safety and cut back the cloud safety burden on DevOps groups. The competitors amongst distributors—led by Google’s Wiz-powered push—might be received by those that greatest combine AI, automate threat detection, and supply full-stack visibility throughout multi-cloud environments.
Every day insights on enterprise use circumstances with VB Every day
If you wish to impress your boss, VB Every day has you coated. We provide the inside scoop on what corporations are doing with generative AI, from regulatory shifts to sensible deployments, so you possibly can share insights for max ROI.
An error occured.
