Container security vendor Aqua Security has acquired CloudSploit, a developer of cloud security posture management (CSPM) technology. Omdia identifies a trend for CSPM to merge into broader product offerings and sees Aqua expanding to cover the full spectrum of cloud workload formats, including virtual machines (VMs), containers, and serverless.
This acquisition highlights a trend in which CSPM vendors are increasingly acquired so that their technologies can be folded into larger portfolios that offer a broader set of cloud security capabilities.
CSPM has quickly become a vital capability to ensure security in the cloud. It involves checking whether a workload’s security posture might lead to either a security risk or a lack of compliance with a range of regulatory requirements because it is out of alignment with established corporate policy. The technology emerged to provide security and compliance for virtual machines (VMs) in the cloud, with a second, complementary capability, cloud workload protection platforms (CWPP), growing up to deliver runtime protection for VMs. It makes sense for the two fields to merge for the sake of simplicity, reducing the number of vendor relationships enterprises need to maintain.
The first move in this direction came in 2018, when Palo Alto Networks bought two compliance monitoring vendors (Evident.io and RedLock), while Check Point acquired Dome9. In October this year Trend Micro, a leader in CWPP, acquired Cloud Conformity.
Aqua, despite its origins in container security, has been backfilling its offering with VM security features, so this acquisition furthers this broader initiative. It is also developing security for serverless environments, which are the next stage in microservices beyond containers. It is therefore building out its capabilities into a full suite of infrastructure- as-a-service and platform-as-a-service (IaaS and PaaS) security. Its archrival in the container space was TwistLock, acquired in May this year by Palo Alto Networks, which is itself engaged in building a broad cloud security portfolio.
Omdia suspects that Aqua might also be an acquisition target for bigger firms, and the broader its product offering, the higher its eventual price tag will go.