ServiceNow is reportedly in advanced negotiations to acquire Veza — the identity security and permissions management startup — in a deal valued at more than $1 billion.
The acquisition would mark one of the largest exits in identity-centric security in recent years, signaling how critical authorization, entitlements, and access governance have become across cloud environments.
According to reports, ServiceNow sees Veza’s identity-access platform as a foundational layer for unifying permissions across SaaS, cloud, and on-prem systems — a capability enterprises have been struggling to piece together on their own.
Who Is Affected
-
Enterprises with complex multi-cloud architectures relying on AWS, Azure, GCP, and fragmented SaaS ecosystems.
-
Organizations facing difficulties mapping “who has access to what” across hybrid infrastructure.
-
Security and IT teams working to enforce least-privilege models at scale.
-
ServiceNow customers who may soon see native identity-permissions features integrated directly into the Now Platform.
Why CISOs Should Care
Identity is increasingly the control plane of security, and Veza has been one of the leading players in permissions intelligence — giving teams visibility into roles, entitlements, and privilege escalation risks across the entire environment.
If the acquisition closes:
-
ServiceNow would instantly become a major identity-security vendor, extending its reach beyond IT workflows into deep access governance.
-
CISOs could gain centralized visibility into permissions across cloud resources, SaaS applications, data stores, and internal systems.
-
Organizations struggling with fragmented IAM stacks (Okta + CSP IAM + homegrown access policies) could see a clearer consolidation path.
-
It signals that identity governance is now considered foundational, not optional — especially with AI agents and automated workflows increasing the number of machine-to-machine permissions.
Three Practical Actions for Security Leaders
1. Re-evaluate your identity-access architecture
Conduct an internal review of how your organization currently manages:
-
Role definitions
-
Privileged accounts
-
Shadow access
-
SaaS entitlements
-
Cloud IAM policies
This acquisition suggests the market is converging toward unified permissions governance — prepare to streamline your stack.
2. Map your critical “toxic combinations” before automation expands them
Access sprawl is accelerating thanks to AI agents, automated tasks, and no-code tools.
If ServiceNow integrates Veza, it may enable automated least-privilege enforcement — but you need a clean baseline first.
Start identifying:
-
High-risk role overlaps
-
Orphaned accounts
-
Over-privileged service accounts
-
Excessive SaaS permissions
3. Prepare for a potential shift in vendor consolidation
If you are a ServiceNow customer — or rely on ServiceNow workflows — expect identity governance to become more deeply embedded.
Security leaders should:
-
Ask vendors how this acquisition could change integrations
-
Anticipate budget reallocation toward identity governance
-
Watch for roadmap updates around access certifications, entitlement management, and automated remediation