Google is reportedly near a $23 billion deal to acquire the enterprise cloud security business Wiz.
In what would be the tech giant’s largest-ever acquisition, The Wall Street Journal is reporting that Google’s parent company, Alphabet, is eyeing an acquisition of the cloud cybersecurity startup whose current partners include Oracle and Amazon.
The New York Times reports the transaction is in the advanced stages of discussion but remains uncertain and is subject to potential scrutiny by US regulatory bodies. The same publication also suggested that the head of Google Cloud, Thomas Kurian, is the key catalyst behind the acquisition plan.
Wiz claims it secures corporate cloud infrastructure “by creating a normalising layer between cloud environments,” enabling businesses to “rapidly identify and remove critical risks”. Google acquiring such a specialist cloud cybersecurity business and integrating its tools and solutions across its portfolio could have a seismic impact on the industry at a time when Microsoft is consistently coming under fire for its own security vulnerabilities.
A $23 billion acquisition would be almost double Google’s previous largest acquisition when it bought Motorola Mobility for $12.5 billion in 2012.
Cybersecurity is clearly top of mind for Google in 2024. In May, Google introduced Google Threat Intelligence, which combines an in-depth view of threats with Gemini’s AI capabilities to “supercharge” the process. Gemini, formerly Bard, is Google’s multimodal large language AI model created to identify security threats and generate summaries of its findings.
While Google appears to be prioritising cloud security this year, it’s also a long-term strategy. In 2022, the tech giant acquired two security firms, buying Israeli security startup Siemplify for $500 million and Mandiant for $5.4 billion.
What Could This Mean For The Industry?
A Google acquisition of Wiz could significantly impact the tech space.
Firstly, integrating Wiz’s advanced security technologies into Google’s cloud infrastructure would provide a momentous boost to Google Cloud Platform (GCP). This would bolster its appeal to businesses prioritising robust cybersecurity, an area where Google has historically trailed behind Microsoft Azure and Amazon Web Services (AWS).
With its dominance in enterprise cloud products and services via Azure and thorough security offerings like Microsoft Defender, a more comprehensive Google and Wiz solution would see Microsoft face increased competition. Wiz’s capabilities could enable Google to offer more secure and comprehensive cloud solutions, potentially attracting customers from Microsoft’s base.
Moreover, this acquisition could accelerate Google’s portfolio and innovation in AI-driven security, an area where Microsoft has been investing heavily, as illustrated by the launch of Copilot for Security in April.
What About The UC and Collaboration Space Specifically?
If the acquisition goes through, Google could integrate Wiz’s advanced security features into its Google Workspace platform to offer greater protection for comms and collaboration tools like Gmail, Google Meet, and Google Drive. This would address growing concerns about data security and privacy in remote work environments, making Google Workspace more attractive to enterprise customers.
The acquisition would also allow Google to differentiate its collaboration tools from competitors like Microsoft Teams and Slack by placing an emphasis on superior security. Elite security features and protections could culminate in increased adoption of Google Workspace in highly regulated industries, such as finance and healthcare, where data protection is critical.
The knock-on effects of Wiz’s features being integrated across Workspace could be compelling, too. It could spur innovation across the UC space, incentivising competitors to strengthen their own security measures to maintain competitiveness in the crowded market.
A Security Boost For Google At A Time Of Concerns Over Microsoft Security
Google’s mooted acquisition of Wiz would arrive at a challenging time for Microsoft, which was criticised by the US Cyber Safety Review Board (CSRB) in April. The CSRB castigated Microsoft for “deprioritising” enterprise security, galvanising Microsoft executives to tie fulfilling the company’s security objectives to their compensation packages.
The CSRB suggested that Microsoft should have been better equipped for Chinese hackers breaching US government emails through its Microsoft Exchange Online software in July 2023 in the Storm-0558 cyberattack.
Meanwhile, in October, compromised Skype accounts were hacked to spread the DarkGate malware, while Microsoft Teams was also targeted. In November, Russian hackers breached Microsoft’s defences, accessing the email accounts of several senior leadership team members and stealing source code. The attack went undetected by Microsoft for nearly two months and was only discovered in January.
Google has pinpointed Microsoft’s supposed security weaknesses as an area to one-up them in recent months. In May, Google published a blog post implicitly criticising Microsoft‘s “security failures” in recent years while urging reform around security in the US public sector.
Google, without explicitly naming Microsoft and only referring to it as “the vendor” in its blog, advises public sector bodies to use “systems and products that are secure-by-design.” This recommendation aligns with new principles that Google has recently adopted.
Google also suggests governments avoid “using the same vendor for operating systems, email, office software, and security tooling” to “mitigate monoculture.” Microsoft provides all these services to its enterprise customers, including the US government and the wider public sector.
Notably, Google ended its blog by announcing a new Google Workspace solution to offer US public sector organisations more options. To say it is going on the offensive around cybersecurity would be something of an understatement.
