{"id":715,"date":"2025-03-20T18:14:53","date_gmt":"2025-03-20T18:14:53","guid":{"rendered":"https:\/\/violethoward.com\/new\/google-just-made-cnapp-the-fastest-formula-1-in-cloud-security\/"},"modified":"2025-03-20T18:14:53","modified_gmt":"2025-03-20T18:14:53","slug":"google-just-made-cnapp-the-fastest-formula-1-in-cloud-security","status":"publish","type":"post","link":"https:\/\/violethoward.com\/new\/google-just-made-cnapp-the-fastest-formula-1-in-cloud-security\/","title":{"rendered":"Google just made CNAPP the fastest Formula 1 in cloud security"},"content":{"rendered":" \r\n<br><div>\n\t\t\t\t<div id=\"boilerplate_2682874\" class=\"post-boilerplate boilerplate-before\">\n<p><em>Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More<\/em><\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n<\/div><h2 class=\"wp-block-heading\" id=\"h-the-real-story-speed-and-security-at-devops-scale\"><strong>The real story: Speed and Security at DevOps scale<\/strong><\/h2>\n\n\n\n<p>The real story behind Google acquiring Wiz is how badly the need for speed dominates every enterprise\u2019s DevOps cycles building apps, models and platforms without sacrificing security.<\/p>\n\n\n\n<p>By acquiring Wiz, Google gets an AI-infused Cloud Native Application Protection Platform (CNAPP) designed to eliminate DevSecOps bottlenecks, prevent attacks by and on models in development, prevent cloud breaches and scale multi-cloud security in real time. The Wiz CNAPP platform has earned a global reputation by using AI to enhance its threat detection, predictive analytics, automated remediation, and reduction of false positives. \u00a0<\/p>\n\n\n\n<p>Wiz will integrate Google\u2019s risk detection, threat intelligence and automated remediation, which all are table stakes for protecting every stage of cloud-based app and model development. That\u2019s a solid contribution to Wiz\u2019s graph-based security engine designed to find and contain attack paths instantly, prioritize actual risks and help security teams identify and fix vulnerabilities before they\u2019re exploited.<\/p>\n\n\n\n<p>Google paying $32 billion in cash signals just how urgent the need for speed is across DevOps cycles that have been asking for an AI-driven CNAPP platform that can flex and scale to keep up with more complex DevOps cycles.<\/p>\n\n\n\n<p>\u201cWhile Google Cloud Platform (GCP) has been investing in built-in CNAPP capabilities for their own platform\u2019s native security with success, these tools have predominantly focused only on protecting GCP endpoints\/assets,\u201d says Andras Cser, VP and Principal Analyst at Forrester.<\/p>\n\n\n\n<p>Cser added, \u201cafter Microsoft\u2019s 2021 early acquisition of CloudKnox and development of Defender for Cloud, Google is feeling the pressure to offer a true, multicloud-capable CNAPP tool given that so many organizations are multi-cloud today. Forrester expects that, post-acquisition, most current CNAPP capabilities in GCP (CSPM, CIEM, agentless CWP) will be replaced by Wiz\u2019s offering and remain with multi-cloud support.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-google-just-made-cnapp-the-formula-1-of-cloud-security-nbsp\"><strong>Google just made CNAPP the Formula 1 of Cloud Security \u00a0<\/strong><\/h2>\n\n\n\n<p>In professional racing, as in DevOps, teams obsess over squeezing the last ounce of speed gains out of their engines or code. Knowing that just a few milliseconds gained by reducing the drag on a Formula 1 car or making slight engine improvements mean the difference between a winning season or not.<\/p>\n\n\n\n<p>CNAPP is one of the engines DevOps and DevSecOps teams rely on to reduce risks, block intrusions and breaches, and provide a 360 view of CI\/CD pipelines to make sure they are secure. Having a CNAPP that\u2019s AI-driven delivers more accurate remediation and guidance, contextual threat intelligence and blocks intrusion attempts on CI\/CD pipelines protecting code.<\/p>\n\n\n\n<p>\u201cWhile Wiz is most focused on CNAPP, the firm\u2019s product offerings bleed into the traditional application security space, with container and Kubernetes security pieces. Recently Wiz expanded into security in the software development phases with software composition analysis (SCA), IAC scanning, and secrets scanning, as well as diving into the software supply chain use case with software bill of materials (SBOM) and CI\/CD security posture. These are moves that put Wiz in a position to compete with application security testing vendors and other CNAPP vendors who have \u2018shifted left,\u201d explained Forrester Senior Analyst Janet Worthington.<\/p>\n\n\n\n<p>DevOps teams are under constant, growing pressure to deliver. With bonuses often riding on if a delivery date for code is met, security is tacked on to the end of a CI\/CD cycle or product schedule. VentureBeat learned that the typical Fortune 1,000 IT department has over 175 active, concurrent DevOps projects running at once, with many having no consistent cloud application security. In other words, those 175 projects are running in a variety of unprotected cloud environments without a common CNAPP platform to protect them. That\u2019s jeopardizing the entire DevOps pipeline which is a move made to reduce time-to-market that leaves dozens of projects at risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-google-doubled-down-on-wiz\"><strong>Why Google doubled down on Wiz<\/strong><\/h2>\n\n\n\n<p>Google\u2019s ambitions to grow Google Cloud Platform (GCP) needed a cybersecurity platform that could go end-to-end, protect DevOps and strengthen DevSecOps while leveraging AI to deliver real-time threat detection, automated remediation and full-stack cloud security.<\/p>\n\n\n\n<p>The real goal of this acquisition is to have a unified CNAPP solution capable of securing everything from code to cloud to runtime, ensuring that security no longer slows down development but accelerates it. Wiz\u2019s AI-driven risk analysis, attack path visualization and multi-cloud security give GCP a competitive edge, making it a viable competitor in an increasingly crowded market driven by enterprises needing speed, scale and resilience in cloud security.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"839\" height=\"643\" src=\"https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg?w=783\" alt=\"\" class=\"wp-image-3001155\" srcset=\"https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg 839w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg?resize=300,230 300w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg?resize=768,589 768w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg?resize=783,600 783w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg?resize=400,307 400w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg?resize=750,575 750w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-8.jpg?resize=578,443 578w\" sizes=\"(max-width: 839px) 100vw, 839px\"\/><figcaption class=\"wp-element-caption\"><em>This diagram visually explains how CNAPP integrates security into the entire DevSecOps lifecycle, one of Google\u2019s key motivations in acquiring Wiz to attain an end-to-end, AI-driven security platform. <strong>Source:<\/strong> Gartner, 5 Ways CNAPP Will Improve Your Cloud Security, Sept. 21, 2023.<\/em><\/figcaption><\/figure>\n\n\n\n<p>\u201cGoogle has invested heavily in application security tooling that protects apps deployed not only in GCP but in other clouds (and on-premises). Google\u2019s investment in its Cloud Armor platform has added web application firewall functionality that is competitive not just with Microsoft and AWS but with other WAF providers. reCaptcha Enterprise has expanded from a Captcha provider into a fuller bot management platform that addresses a range of business logic attacks,\u201d says Forrester Principal Analyst Sandy Carielli.<\/p>\n\n\n\n<p>\u201cIn recent months, Google has begun extending its API management product, Apigee, into broader API security use cases. While there are still gaps to fill, adding Wiz to the combined Cloud Armor, reCaptcha, and Apigee offerings moves Google closer to a holistic defense story for cloud applications,\u201d Carielli continued. \u00a0<\/p>\n\n\n\n<p>Google needed a unified AI-driven CNAPP to turbocharge its cybersecurity business. One that brings together security posture management, workload protection, advanced threat detection into a high performance security engine. Challenged by having a siloed approach to security in the past, Google is looking to now have a adaptive, flexible platform that can provide security at the speed of cloud app development.<\/p>\n\n\n\n<p>Prior to this deal, GCP\u2019s security toolkit was strong, yet siloed as evidenced by its Chronicle SIEM, Mandiant threat intel and a wide variety of partner solutions that created roadblocks across customers\u2019 CI\/CD pipeline. Acquiring Wiz closes a major gap in their cybersecurity strategy by providing an integrated AI-driven platform that scans cloud environments in minutes and identify risks in real time.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cnapp-has-a-fast-track-with-ai-savvy-competitors\"><strong>CNAPP has a fast track with AI savvy competitors<\/strong><\/h2>\n\n\n\n<p>\u200bThe global CNAPP market was valued at approximately $9.79 billion in 2023 and is projected to reach $38.01 billion by 2030, growing at a compound annual growth rate (CAGR) of about 21.8% during the forecast period. Gartner notes that end-user calls on CNAPPs rose 29% from 2023 to 2024, with an emphasis on Cloud Security Posture Management (CSPM) driven by compliance and easy API deployment, with expectations of runtime visibility and control.<\/p>\n\n\n\n<p>\u201cWiz\u2019s key detection and response offering Wiz Defend takes a different approach to cloud detection and response. Instead of relying on built-in detection capabilities in its own cloud protection tools, it offers a unified tool solely for detection and response that takes in alerts and data from other tools and does detection engineering on them,\u201d says Forrester Principal Analyst Allie Mellen.<\/p>\n\n\n\n<p>\u201cThis reduces alert volumes from the cloud at a critical time. With this acquisition, it will put pressure on other vendors to consolidate in a similar way \u2014 a big win for security operations teams,\u201d Mellen continued.<\/p>\n\n\n\n<p>The CNAPP market is increasingly becoming the Formula 1 of cloud security, with Google, Microsoft, Palo Alto Networks, CrowdStrike and Check Point leading the charge.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Check Point CloudGuard:<\/strong> A CNAPP solution designed for multi-cloud security, runtime protection and automated compliance enforcement. CloudGuard\u2019s agent-based and agentless security helps protect workloads, Kubernetes environments, and serverless applications.<\/li>\n\n\n\n<li><strong>CrowdStrike Falcon Cloud Security<\/strong>: Expanding from endpoint security to cloud, CrowdStrike brings its threat intelligence leadership into CNAPP. Falcon Cloud Security provides code-to-cloud visibility, IaC scanning, and runtime threat detection, reinforcing proactive breach prevention\u200b.<\/li>\n\n\n\n<li><strong>Microsoft Defender for Cloud<\/strong>: A deeply integrated CNAPP that extends across Azure, AWS, and GCP, offering runtime protection, identity security, and AI-driven threat intelligence. With Security Copilot, Microsoft is leveraging generative AI to automate threat detection and remediation\u200b.<\/li>\n<\/ul>\n\n\n\n<p>Other CNAPP vendors in the market include Aqua Security, Lacework, Orca Security, Palo Alto Networks, SentinelOne, Sysdig and Trend Micro all offering solutions for cloud security, workload protection and posture management.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"544\" height=\"619\" src=\"https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-2.jpg?w=527\" alt=\"\" class=\"wp-image-3001156\" srcset=\"https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-2.jpg 544w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-2.jpg?resize=300,341 300w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-2.jpg?resize=527,600 527w, https:\/\/venturebeat.com\/wp-content\/uploads\/2025\/03\/figure-2.jpg?resize=400,455 400w\" sizes=\"auto, (max-width: 544px) 100vw, 544px\"\/><figcaption class=\"wp-element-caption\"><em>Gartner ranks CNAPP vendors based on customer feedback, providing a data-driven comparison of how enterprises perceive the leaders in this market. Source: Gartner, Voice of the Customer for Cloud-Native Application Protection Platforms, Dec. 27, 2024<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-ai-enabled-cnapp-race-is-just-beginning\"><strong>The AI-enabled CNAPP race is just beginning<\/strong><\/h2>\n\n\n\n<p>Google\u2019s decision to make their single largest acquisition in its history says they see the pain of siloed slow processes in enterprises they can quickly turn into a profitable new part of their cybersecurity business. CNAPP is the racing engine their prosects and current customers are looking for. \u00a0<\/p>\n\n\n\n<p>For CISOs and security leaders, the key takeaway is clear: the future of cloud security belongs to platforms that integrate AI, automate risk detection, and provide full-stack visibility across multi-cloud environments. Whether Google\u2019s Wiz-powered CNAPP takes the lead will depend on how well it integrates with Google\u2019s AI-driven threat intelligence and security operations suite.<\/p>\n\n\n\n<p><strong>Bottom line:<\/strong> Enterprises need AI-powered CNAPP solutions to streamline CI\/CD security and reduce the cloud security burden on DevOps teams. The competition among vendors\u2014led by Google\u2019s Wiz-powered push\u2014will be won by those who best integrate AI, automate risk detection, and provide full-stack visibility across multi-cloud environments.<\/p>\n\n\n\n\n<div id=\"boilerplate_2660155\" class=\"post-boilerplate boilerplate-after\"><div class=\"Boilerplate__newsletter-container vb\">\n<div class=\"Boilerplate__newsletter-main\">\n<p><strong>Daily insights on business use cases with VB Daily<\/strong><\/p>\n<p class=\"copy\">If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n<p class=\"Form__newsletter-legal\">Read our Privacy Policy<\/p>\n<p class=\"Form__success\" id=\"boilerplateNewsletterConfirmation\">\n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n<p class=\"Form__error\">An error occured.<\/p>\n<\/p><\/div>\n<div class=\"image-container\">\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\" alt=\"\"\/>\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n<br>\r\n<br><a href=\"https:\/\/venturebeat.com\/security\/googles-32b-wiz-bet-ai-driven-cnapp-will-finally-eliminate-devsecops-bottlenecks\/\">Source link <\/a>","protected":false},"excerpt":{"rendered":"<p>Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More The real story: Speed and Security at DevOps scale The real story behind Google acquiring Wiz is how badly the need for speed dominates every enterprise\u2019s DevOps cycles building apps, models and platforms without sacrificing security. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":716,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[33],"tags":[],"class_list":["post-715","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-automation"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/violethoward.com\/new\/wp-content\/uploads\/2025\/03\/2025-03-19_16-19-34.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/posts\/715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/comments?post=715"}],"version-history":[{"count":0,"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/posts\/715\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/media\/716"}],"wp:attachment":[{"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/media?parent=715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/categories?post=715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/violethoward.com\/new\/wp-json\/wp\/v2\/tags?post=715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69e302c146fa5c92dc28ac12. Config Timestamp: 2026-04-18 04:04:16 UTC, Cached Timestamp: 2026-04-28 23:16:43 UTC -->