ServiceNow is in advanced talks to acquire identity security startup Veza. The Information reports that the potential deal is valued at more than $1 billion. This would be another aggressive move by the cloud platform giant this year, following its earlier purchase of Moveworks.
If the talks are successful, an official announcement could be made as early as next week. A valuation in excess of one billion dollars would represent a significant premium for Vezy’s investors, more than quadrupling the total amount of capital raised by the company to date.
Strategic gap: Identity management
Veza brings technology to the ServiceNow portfolio that the Santa Clara-based giant has so far lacked. While the Now platform has modules for vulnerability management (Vulnerability Response) or threat analysis, it did not offer deep insight into who and what is accessing data. Veza solves this problem through a graph-based platform that visualises and controls access permissions.
A key strength of Veza is its ability to inventory not only employee accounts, but also machine identities (non-human identities). In an era of automated infrastructure and artificial intelligence, it is the over-authorisation of bots and services that is one of the main risks that ServiceNow wants to address directly in its platform.
A year of shopping: AI and Security
The potential acquisition is part of Bill McDermott’s broader strategy to make ServiceNow the central nervous system of the enterprise. The acquisition of Veza would be a natural complement to this year’s $2.85 billion purchase of Moveworks. While Moveworks provided an advanced conversational AI interface, Veza would provide a layer of control, ensuring that autonomous AI agents operate within safe limits of authority.
For the channel market, this signals ServiceNow’s intention to compete not only in the ITSM space, but increasingly boldly enter the territory of IGA (Identity Governance and Administration) players. The integration of Veza into the ServiceNow ecosystem will allow deployment partners to offer customers a more comprehensive approach to security, shifting the focus from incident response to preventative access management.
