IDC's Quick Take

Cybersecurity solutions are usually a mixture of three components: people, processes, and technology. In real estate, you hear the phrase "location, location, location" repeated over and over. IDC believes that Wipro's acquisition of Edgile breaks the rules of physics by combining the people, process, and technology pieces with the expanded location opportunities into a value chain where the combined parts are worth more than the components that went into it.

M&A Announcement Highlights

Wipro announced its intention on December 20, 2021, to acquire Austin, Texas-based Edgile, a cybersecurity consulting provider that focuses on risk and compliance, information and cloud security, and digital identity for a purchase consideration of $230 million, according to regulatory filings. The announcement also disclosed the joint development of Wipro CyberTransform, an integrated suite that enhances boardroom governance of cybersecurity risk by investing in robust cyberstrategies and reaping the value of practical security in action.

IDC's Point of View

Wipro's announcement of its acquisition of cybersecurity firm like Edgile fits its mantra of "CyberSecurity by CyberSecurists." IDC sees positive outcomes for both organizations as a result of this transaction.

Wipro's security team has a strong bench of over 8,000 practitioners that support a wide range of security services such as security and risk advisory, digital trust (identity and access services), application security, managed security services, and other various capabilities. Arguably its strongest play has been in the managed security space that has been benefited by strong partnerships with hyperscale cloud providers such as AWS and Microsoft.

Edgile brings to the table some overlapping competencies in cloud security and identity and access management (IAM), as well as other offerings. The largest item that it brings to the table, and the key that unlocks its value to being acquired by Wipro, lies in its security strategy capabilities. Edgile's strategy-led cybertransformation capabilities with SailPoint, Microsoft, and ServiceNow allows Edgile to set the strategy and direction for its clients. The jointly developed Wipro CyberTransform platform between Edgile and Wipro shall soon be available in the market as a demonstration of their cybertransformation capabilities

It is hardly a secret to reveal that there is a large shortage of trained cybersecurity practitioners in the field today. What is often missed when talking about this shortage is that a cybersecurity practitioner is not a monolithic body. Threat hunters, security engineers, SOC analysts, security architects, and other technical expertise are hard to find because, quite frankly, they are hard to train and it takes time to 2 build up the experience to become good at their craft. More importantly, after they're trained, they seek to increase their salaries by moving to different providers willing to pay more for their talents.

Security consultants take time and seasoning to become proficient at their craft, but the really good ones require something a bit different. To understand this, all you have to do is look at a board meeting, observe a tabletop exercise, or look at the headlines in a news website. The difference today from say 5–10 years ago is that cybersecurity is no longer a pure technical discipline. The discussions and reactions to the attacks that organizations face today, as well as the need to follow more fluid and complicated compliance standards, has morphed cybersecurity discussions more into business discussions than the prior technical realm that it resided in.

Want to train a tier I SOC analyst into a tier II SOC analyst? There is a road map that can take them there. Train a security engineer to be a security architect? There is a process to follow for that as well. The skills required to be a security consultant for a consulting organization or security service provider requires a mix of technical, business, and communication skills and acumen that are very hard to acquire. Hence, the secret sauce that Wipro acquires in this announcement is it gains access to Edgile's transformational security consultants, StrategyFirst toolkits, QuickStart methodologies, and related intellectual property. 

Edgile's team should be happy about this announcement as well. It's one thing to go through the process of landing business for a security project. Especially in this COVID-19 environment where conducting business is more hybrid than in person, no one should underappreciate the complexity of landing consulting or security transformation projects. The sweet spot for Edgile's consultants is they now have at their fingertips the resources that can scale and implement the projects, as well as the managed security services that so many of these projects end up adding to the deals.

In addition, the synergy between Wipro and Edgile includes an already established foundation of customers through Wipro that these consultants can be involved in and make a difference beyond the current Wipro solutions suite. Conversely, Wipro now has access to a broader set of Edgile's consulting solutions, methodologies, partnerships, people, and customers that can take advantage of the solutions offerings from Wipro.