KPMG, which has a Top 250 MSSP business unit, has acquired Fortica, a consulting firm that specializes in Cloud Security Posture Management (CSPM) and additional services that help end-customers to properly design, configure and lock down their cloud services. Financial terms of the deal were not disclosed.
This is technology M&A deal number 387 that MSSP Alert and sister site ChannelE2E have covered so far in 2022.
Fortica, founded in 2009, provides cloud security assessment, risk evaluation and architecture services. The company has 21 employees listed on LinkedIn. The Fortica acquisition will allow KPMG Cybersecurity to expand its services in Quebec, Canada, the buyer said.
KPMG Acquires Fortica: Executive Perspectives
In a prepared statement about the acquisition, Benoit Lacoste Bienvenue, partner in charge, Province of Quebec, KPMG, said:
"Cybersecurity issues are a growing problem and affect companies of all sizes and in all sectors. The integration of Fortica to our Cybersecurity services, through KPMG's Egyde Advisory subsidiary, reaffirms our presence in the market as a leader in the field."
Added Samuel Bonneau, president and CEO of Fortica:
"We are proud to join forces with KPMG. Guided by our shared values and our desire to continuously improve our offering, we will continue to serve our clients with the same level of excellence and professionalism and will allow us to offer a full range of cybersecurity services to our clients."
KPMG has M&A experience in the Canadian market. The company in 2018 acquired continuous security testing and cybersecurity services firm Egyde. Also, KPMG acquired identity and access management (IAM) business of Cyberinc in 2018.
Cloud Security Posture Management (CSPM) Market Growth
Cloud security posture management (CSPM) is one of the fast-growing cybersecurity services offered by MSSPs, according to the Top 250 MSSP research results for 2021.
Indeed, fully 41 percent of our Top 250 MSSP survey participants now offer cloud security posture management (CSPM) to their end customers, MSSP Alert research found. (The research results and top 250 honorees will be unveiled September 16, 2021.)
CSPM tools allow MSSPs and end-customers to monitor and properly configure Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and other public cloud workloads.
Demand for CSPM solutions is surging. Among the reasons: 90 percent of organizations are susceptible to security breaches due to cloud misconfigurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security.
With those risks in mind, annual CSPM spending will reach $9 billion by 2026, up from $4 billion in 2020, according to Markets and Markets. That’s a 14.4 percent compound annual growth rate.
CSPM Mergers, Acquisitions and Product Launches
Amid that surging demand, multiple security technology companies have been acquiring CSPM tools. Example deals include:
- September 2021: Tenable acquired Accurics for approximately $160 million in cash.
- September 2021: FireMon acquired DisruptOps.
- June 2021: Deloitte acquired CloudQuest.
- April 2021: Zscaler acquired Trustdome.
- February 2021: Palo Alto Networks purchased Bridgecrew.
Moreover, Arctic Wolf and Datadog each introduced CSPM tools in August 2021. Also, Sophos has been in the CSPM market since at least 2020.
Not All CSPM Tools Are for MSSPs
Still, not all CSPM tools are created equally. Many of the options are designed specifically for corporate IT professionals to manage a single company’s cloud configurations and associated security.
In stark contrast, some CSPM software is multi-tenant — allowing MSPs and MSSPs to manage multiple customers from a single dashboard.
