My thoughts on the Wiz-Google acquisition
We need to think more like Google not like security people
Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.
I’m a bit late to the “party,” but that’s actually given me more time to reflect. One thing I noticed while reading coverage of the acquisition is that most of it comes from the typical security perspective. The goal of this blog, though, has always been to offer a different angle — blending the viewpoints of a security practitioner, VC, and engineer to add a layer of nuance.
Anyway, for those who follow my blog, I shared some thoughts when Google considered acquiring Wiz for $23B.
I re-read the newsletter, and honestly, my take hasn’t changed much. If anything, I strive for consistency! It is also not surprising given I wrote that having read several LinkedIn hot takes from the security crowd, so I definitely had my security hat on.
The original post broke things down into two parts: Why Wiz would want to be acquired and why Google might want to acquire them. My thoughts on Wiz’s side remain the same, even though it seems that they have been growing nicely to $700M up from $300M when I wrote the newsletter above. So, I don’t have much more to say there. The tl;dr for those who missed it: security GTM is expensive, so sustaining aggressive growth without deep pockets is hard. Google offers more efficient and much easier access to both talent and capital, which will give Wiz an advantage. Of course, it comes with an additional bonus: founders and employees will receive liquidity.
Last time, I focused only on one theory on why Google wants to acquire Wiz, but additional ideas have come to mind. Wiz needs capital and talent to grow and stay competitive with the public security giants, e.g., Crowdstrike and Palo Alto Networks. Google, on the other hand, has both. Although $32B might seem like a lot, it’s a blip on their balance sheet. So, what’s in it for them?
There are a few potential strategic reasons in my mind.
Theory 1: Google wants to build a security platform
In my last newsletter, I focused on one theory: that Google wants Wiz to build a comprehensive, end-to-to security platform. I go into more detail there, but the idea is that Google already owns Chronicle, Siemplify, and Mandiant. It has some endpoint technology with Chromebooks, but it can easily do what Wiz wanted to do: purchase an endpoint company, such as SentinelOne or even Tanium. It could build a powerful end-to-end security platform. This would strengthen its standing in the enterprise and cloud space, where it’s substantially behind AWS and Microsof, the latter of which already offers a more integrated, enterprise-ready security suite.
My concerns about whether Google can successfully integrate and sell Wiz as a product are rooted in this theory — and it’s the one most security folks subscribe to. Pramod Gosavi, a security-focused VC, summarizes his concerns about the Google-Wiz partnership and how it will negatively impact Wiz’s product and partnerships. But all of that hinges on the assumption that Google is looking at Wiz as a security platform play.
Lately, I’ve started to question whether that’s the full picture — or even the primary motivation. Wiz’s current run rate is $700M compared to Google’s 2024 revenue of ~$340B. At its scale, Google is growing at an impressive pace for its size, which is about ~10% annually. Any additional revenue from becoming a prominent security player will unlikely move the needle for Google. Even if Wiz reaches the scale of Crowdstrike and Palo Alto Networks combined today, which would take multiple years, it would only generate about ~$10-12B in revenue, which isn’t a game-changer for Google. On top of that, Wiz is not profitable and likely won’t contribute positively to Google's earnings, so Wiz won’t move the needle for them both in the top and bottom line.
Sure, owning Wiz could help lay a stronger foundation for Google Cloud and its broader security business. But doing so would be expensive. Large companies like Google are under pressure to balance growth with profitability. Just look at how the market reacted to Meta’s massive bet on the metaverse — Wall Street doesn’t have much patience for long-term, high-spend moonshot without clear ROI.
That said, Pramod raises another theory in his post — one that some in the security community also believe could explain Google’s interest in Wiz.
Theory 2: Google will use Wiz to convince people to switch to GCP, thus expanding its market share
The second theory is that Google sees Wiz as a “carrot” to entice companies to adopt GCP. The idea is that by making Wiz cheaper or better-integrated for GCP customers, Google could use it as a differentiator in the cloud wars — where it still lags behind AWS and Microsoft.
More importantly, security alone isn’t usually the deciding factor in cloud adoption. While it might tip the scales in a few edge cases, most companies choose their cloud provider based on what best aligns with their business needs — not the security tooling that comes with it.
For this strategy to work, Google would have to go beyond just Wiz and make significant investments to bolster its overall cloud offering. But that approach doesn’t really align with Google’s typical playbook. Historically, Google has leaned into openness and ubiquity — think Chrome on every OS or Android on every phone. Its strength lies in giving users options and winning on merit, not exclusivity.
That philosophy hasn’t fully translated to the enterprise world. GCP is technically strong — especially in areas like Kubernetes — but it remains a less familiar option, and familiarity matters in enterprise buying decisions. Familiarity also matters as companies already have DevOps staff that can effectively use that cloud.
This is probably the weakest theory. This brings me to a third theory — one that might better explain Google’s thinking.
Theory 3: Google is using Wiz to improve its “standing” and capture new business.
The third theory — and the one I find most compelling — is that this acquisition is part of a broader ecosystem play. As I mentioned earlier, Google’s approach has rarely been about locking people in or “forcing” people into a solution. In this case, it wouldn’t just make Wiz cheaper or only make it work for GCP. Instead, it’s about building products that are “the best” — in some user-centric way — and making them widely accessible.
Think back to Google Search and Chrome. Neither started as market leaders, but both slowly gained traction by being faster, more convenient, and better suited for a world that was becoming increasingly connected. Google didn’t win by forcing people into its ecosystem — it won by making tools that people wanted to use. Android and Chrome worked across platforms. They weren’t designed just to support Google products — they helped drive usage of Google Search, the true engine behind Google’s revenue.
Why did I just go on a rant about previous Google products? Because I think Google knows it was late to the cloud game, and it’s not going to win by trying to rip customers away from AWS. Instead, it’s leaning on an asset AWS doesn’t have: Google Workspace.
Most high-growth startups today begin with GSuite, not Microsoft Office. Google sees an opportunity to build around that — to create a modern enterprise stack that starts with Workspace and extends into GCP. The idea isn’t to convert entrenched AWS customers, but to capture the next generation of cloud workloads by being the default for new companies, those already inside the Google ecosystem, or those wanting to expand to a multi-cloud strategy.
This is where Wiz fits in. It’s not just a security company — it’s a piece of the broader stack Google is assembling. With Wiz (and it’s other security offerings), Google can offer enterprise-grade security that plays nicely within its ecosystem, giving companies one more reason to keep their infrastructure in (or at least partially in) GCP. Over time, that could help GCP gain visibility and trust without requiring a direct head-to-head fight with AWS or Microsoft.
It may sound like a stretch, but Google has the capital — and the patience — to make long-term bets. This strategy mirrors what Microsoft has done so well: offer a fully integrated enterprise suite. Google’s version could include Workspace, Wiz, and (potentially) future acquisitions — maybe an endpoint solution like SentinelOne or Tanium, or even a company like Material Security to beef up email protection.
The broader trend also works in Google’s favor. As cloud usage grows, new workloads will emerge — and Google wants to be the landing zone for them. AWS will remain dominant, but Google doesn’t need to dethrone it. Instead, it wants to chip away at Microsoft, which has a more “legacy” enterprise customer base. Google will become the “one stop shop” for all enterprise software and solutions for the new high-growth companies.
This is a bit like what Google tried with Chromebooks — the difference is that enterprises only need one laptop OS, but they’re increasingly open to using multiple clouds. I can imagine a world where GCP becomes the anchor for infrastructure decisions and software, and AWS supplements that with raw infrastructure capacity. That is, Google provides basic infrastructure and enterprise productivity software, and AWS provides infrastructure. If Google builds state-of-the-art tools that integrate cleanly with both platforms, it could win on utility and flexibility.
Yes, this may feel a little fuzzy. But if the goal is to get to parity with Microsoft’s enterprise suite — and Google is playing a longer game — then this could be a smart move. Only time will tell.
In the end, there are a few ways to interpret Google’s rationale for acquiring Wiz. The first — the security platform play — is the most straightforward and widely accepted, but it’s hard to imagine it meaningfully moving the needle for a company of Google’s size. The second — using Wiz as a GCP incentive — feels misaligned with both how security buyers operate and how Google traditionally goes to market. The third theory, while less concrete, seems the most aligned with Google’s long-term strategy: building a modern, integrated enterprise ecosystem around Google Workspace and GCP, slowly capturing new workloads as companies grow within that stack. Whether or not this bet pays off remains to be seen, but if Google can stay patient and continue stitching together best-in-class products, it might finally carve out its own lane in the enterprise cloud market.