At a glance
Wiz was founded in 2020 by Assaf Rappaport (CEO), Yinon Costica, Roy Reznik, and Ami Luttwak — all former members of Microsoft's Cloud Security team. The company grew from zero to over $500M ARR faster than any enterprise software startup in history. In Q1 2026, Google completed its $32 billion acquisition of Wiz — the largest cybersecurity acquisition in history and the largest acquisition in Google's history. Wiz operates as a unit within Google Cloud, with Assaf Rappaport remaining as CEO.
Wiz entered the DSPM market through its acquisition of Dig Security (Israel) in 2023, integrating Dig's data security capabilities into the Wiz platform. The DSPM capability is marketed as Wiz Data Security, covering data discovery, classification, access risk, and data detection and response across cloud environments.
What Wiz DSPM actually is
Wiz DSPM is a DSPM module within a CNAPP platform, not a standalone data security product. The distinction is important for buyers. Wiz's architecture starts with cloud infrastructure context — its security graph connects cloud workloads, identities, network configurations, and data assets into a unified risk model. The DSPM capability adds data discovery and classification to this graph, enabling correlated risk analysis: "this S3 bucket contains PII AND is publicly accessible AND has a misconfigured IAM policy." This combined context is genuinely powerful and is Wiz's most compelling differentiator over pure-play DSPM tools.
The limitation is the mirror of that strength: Wiz DSPM is built for cloud infrastructure environments and has limited depth in SaaS data stores, unstructured file shares, on-premises databases, and hybrid environments. For organisations whose data risk is primarily cloud infrastructure (AWS S3, Azure Blob, GCP Cloud Storage), the Wiz DSPM integration makes excellent sense. For organisations whose risk extends into Microsoft 365, ServiceNow, Workday, or on-premises file servers, a pure-play DSPM is better suited.
Capability assessment
Strengths: Unified infrastructure and data risk context is Wiz's unique advantage. No pure-play DSPM has the infrastructure graph that Wiz does; correlating a sensitive data finding with its infrastructure exposure level (public access, misconfigured IAM, lateral movement paths) produces prioritised findings that pure-play DSPM cannot match. The Google acquisition materially improves AI capabilities and integration with Google Cloud services. Post-acquisition, Wiz bundles DSPM access at discounted rates for existing Wiz CNAPP customers — significant commercial leverage for existing Wiz users. Agent Commander (Wiz's AI governance module, developed jointly with Securiti prior to the Veeam acquisition) extends coverage to AI agent security.
Weaknesses: The Dig Security acquisition was less than three years ago; integration depth into the Wiz platform varies by capability area. SaaS data source coverage is narrower than BigID, Cyera, or Sentra. For non-Wiz customers evaluating standalone DSPM, there is no commercial incentive for Wiz to offer competitive pricing. The Google acquisition introduces the standard post-acquisition risks: integration uncertainty, product roadmap reorientation, and the possibility that Wiz DSPM evolves toward Google Cloud-native use cases at the expense of multi-cloud coverage.
Company health
Google parent — existential risk is zero. The $32B acquisition price at approximately 64x ARR reflects Google's strategic investment in cloud security rather than a current-period financial return. The integration period (typically 18–36 months for acquisitions at this scale) carries execution risk. Google's track record with acquisitions is mixed: Mandiant (acquired by Google in 2022 for $5.4B) has been successfully integrated into Google Security Operations; other acquisitions have stalled. Early indicators from Wiz suggest Rappaport has operational autonomy — which is the best-case post-acquisition structure.
Strengths and weaknesses
Best for: Existing Wiz CNAPP customers seeking integrated data security — the combined Wiz platform (CNAPP + DSPM) delivers unique infrastructure-correlated data risk context. Cloud-native enterprises running primarily on AWS, Azure, or GCP where cloud infrastructure risk and data risk need unified visibility. Google Cloud customers where the Google acquisition creates preferential commercial terms.
Worst for: Organisations without existing Wiz investment evaluating standalone DSPM — pure-play alternatives offer more depth at comparable cost. Hybrid or on-premises environments where infrastructure context does not apply. Buyers whose data risk is primarily SaaS (Microsoft 365, Salesforce, ServiceNow) rather than cloud infrastructure.
Negotiation and buying considerations
If you are an existing Wiz customer, the post-acquisition pricing for DSPM access is your strongest leverage point — Google has commercial incentive to consolidate wallet share. If you are not a Wiz customer, evaluating Wiz DSPM in isolation against Cyera or Sentra will produce an unfavourable result for Wiz in most environments. The integrated CNAPP+DSPM value proposition requires the full Wiz platform to materialise. Get a written statement of post-acquisition product roadmap commitments — including the DSPM module development cadence — before signing any multi-year contract.