Channel investors, Content

KPMG Acquires Cloud Cybersecurity Consultancy Fortica

BERLIN, GERMANY – JANUARY 22: The logo of KPMG, a multinational tax advisory and accounting services company, hangs on the facade of a KPMG offices building on January 22, 2021 in Berlin, Germany. KPMG has come under the spotlight in Germany due to the company’s role in the current Wirecard scandal.  (Photo by Sean Gallup/Getty Images)

KPMG, which has a Top 250 MSSP business unit, has acquired Fortica, a consulting firm that specializes in Cloud Security Posture Management (CSPM) and additional services that help end-customers to properly design, configure and lock down their cloud services. Financial terms of the deal were not disclosed.

This is technology M&A deal number 387 that MSSP Alert and sister site ChannelE2E have covered so far in 2022.

Fortica, founded in 2009, provides cloud security assessment, risk evaluation and architecture services. The company has 21 employees listed on LinkedIn. The Fortica acquisition will allow KPMG Cybersecurity to expand its services in Quebec, Canada, the buyer said.

KPMG Acquires Fortica: Executive Perspectives

In a prepared statement about the acquisition, Benoit Lacoste Bienvenue, partner in charge, Province of Quebec, KPMG, said:

"Cybersecurity issues are a growing problem and affect companies of all sizes and in all sectors. The integration of Fortica to our Cybersecurity services, through KPMG's Egyde Advisory subsidiary, reaffirms our presence in the market as a leader in the field."

Added Samuel Bonneau, president and CEO of Fortica:

"We are proud to join forces with KPMG. Guided by our shared values and our desire to continuously improve our offering, we will continue to serve our clients with the same level of excellence and professionalism and will allow us to offer a full range of cybersecurity services to our clients."

KPMG has M&A experience in the Canadian market. The company in 2018 acquired continuous security testing and cybersecurity services firm Egyde. Also, KPMG acquired identity and access management (IAM) business of Cyberinc in 2018.

Cloud Security Posture Management (CSPM) Market Growth

Cloud security posture management (CSPM) is one of the fast-growing cybersecurity services offered by MSSPs, according to the Top 250 MSSP research results for 2021.

Indeed, fully 41 percent of our Top 250 MSSP survey participants now offer cloud security posture management (CSPM) to their end customers, MSSP Alert research found. (The research results and top 250 honorees will be unveiled September 16, 2021.)

CSPM tools allow MSSPs and end-customers to monitor and properly configure Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and other public cloud workloads.

Demand for CSPM solutions is surging. Among the reasons: 90 percent of organizations are susceptible to security breaches due to cloud misconfigurations, according to the “2021 Cloud Security Report: Cloud Configuration Risks Exposed” from application lifecycle security company Aqua Security.

With those risks in mind, annual CSPM spending will reach $9 billion by 2026, up from $4 billion in 2020, according to Markets and Markets. That’s a 14.4 percent compound annual growth rate.

CSPM Mergers, Acquisitions and Product Launches

Amid that surging demand, multiple security technology companies have been acquiring CSPM tools. Example deals include:

Moreover, Arctic Wolf and Datadog each introduced CSPM tools in August 2021. Also, Sophos has been in the CSPM market since at least 2020.

Not All CSPM Tools Are for MSSPs

Still, not all CSPM tools are created equally. Many of the options are designed specifically for corporate IT professionals to manage a single company’s cloud configurations and associated security.

In stark contrast, some CSPM software is multi-tenant — allowing MSPs and MSSPs to manage multiple customers from a single dashboard.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.