Wiz negotiation, the workload count is the contract.

Wiz prices on billable cloud workloads, a definition that quietly includes VMs, containers, serverless functions, and data stores, and the buyer who audits that count controls the deal.

How does Wiz pricing actually work?

Wiz licenses on billable workloads, averaged over the term, with the platform described on the Wiz platform page. A workload is not a server: VMs, container hosts, serverless functions, and data resources each convert to the meter at defined ratios.

There is no public rate card. Every enterprise deal is a custom quote, which makes the counting rules and the competitive quote your only published prices.

• Workload conversion: each resource type converts to billable workloads at ratios fixed in the order form, not in marketing material.
• Averaging window: whether the count is a peak, a monthly average, or a term average changes the bill materially in elastic estates.
• Module stack: CSPM core, runtime sensors, DSPM, CDR, and code security price separately and bundle differently in every quote.
• Term repricing: one year deals reprice at renewal against a rising price book; multi year locks the rate.

Why does the workload count need an audit?

Because the first proposal almost always counts more workloads than you run. Autoscaling groups, short lived containers, and abandoned dev accounts inflate the estimate, and the inflation compounds at renewal.

How to build the defensible count

Pull resource inventories from your cloud cost tool, not from the vendor's connector scan. Average across at least 90 days. Separate production from non production, and flag everything ephemeral.

• Cloud bill as source: your billing data is the neutral inventory; a vendor scan during a busy week is not.
• Ephemeral ratios: agree explicitly how spot nodes and short lived containers convert to billable workloads.
• Dev and test: negotiate reduced rates or exclusion for non production before signature, not at true up.
• Decommission drift: dead accounts and orphaned resources stay in scans long after they leave the bill.

The averaging clause

In elastic estates, a peak based count can run double the term average. Write the averaging method into the order form. One sentence of contract language is worth more than two discount points here.

Which Wiz modules should actually be in scope?

Core posture management belongs estate wide; the expensive add ons rarely do. Scope runtime sensors and data security to the accounts where the risk justifies the rate.

Bundle pressure and how to resist it

The platform bundle discount looks generous until you price the modules you would not otherwise buy. Anchor on the modules with a named owner and a use case; let the rest be the vendor's problem to justify.

What buyer side levers move a Wiz deal?

The defensible count, scoped modules, and a live competitive quote are the three levers, and they stack. Wiz competes hard against Palo Alto Prisma Cloud and the native cloud options, and the account team knows it.

• Bring your own count: open with the 90 day averaged inventory and make the proposal conform to it.
• Scope the add ons: runtime and DSPM on crown jewels only; expand later at pre agreed rates.
• Lock the rate: multi year term with a fixed price book beats a deeper one year discount in a rising market.
• Quote the competition: Prisma Cloud, Defender for Cloud, or CrowdStrike scoped to the same estate, in writing.
• Pre agree expansion: fix the workload rate for growth now, while you still have leverage.

Where the common advice on Wiz deals is wrong

The standard line is that Wiz is the category leader in hypergrowth, so discounts are thin and buyers should just secure budget. We disagree. In roughly 7 of the 10 to 14 CNAPP deals Fredrik Filipsson advised in 2024 to 2025, the combination of a defensible workload count and one written competing quote moved the Wiz proposal 20 to 35 percent. The buyer side move is to negotiate the counting rules and the expansion rate while the vendor is still chasing logo growth. Market leaders discount too; they just do not volunteer it.

In consumption security pricing, the definition of a workload is worth more than the discount percentage. Negotiate the meter first.

What to do next

The moves below turn this analysis into a lower CNAPP invoice this cycle.

A sequence you can run this quarter

1. Build a 90 day averaged workload inventory from your cloud billing data this week.
2. Classify production, non production, and ephemeral resources, and document the conversion ratios you will accept.
3. Map each proposed Wiz module to a named owner and use case; cut the rest from scope.
4. Request a scoped competing quote from at least one alternative CNAPP vendor.
5. Negotiate the averaging clause, dev environment treatment, and expansion rates into the order form.
6. Take the consolidated position into the negotiation at least 90 days before signature or renewal.

White Paper · Security

Wiz Cloud Security Negotiation 2026. The buyer side framework

Six buyer side levers cut a Wiz CNAPP renewal in 2026: module scope across CSPM, CWPP, and DSPM, the per workload math, and the recovery move. Read it free.

Read the white paper

Frequently asked questions

How is Wiz priced?

Wiz licenses per average billable cloud workload, with VMs, container hosts, serverless functions, and data resources converting to the meter at defined ratios. There is no public rate card; every enterprise quote is custom, which makes counting rules the real price.

What counts as a workload in a Wiz contract?

Whatever the order form says. VMs, container hosts, serverless functions, and PaaS data stores convert at ratios that should be written explicitly, including how autoscaling and ephemeral resources are averaged. Unverified counts ran 20 to 40 percent high in deals we reviewed.

How much discount is realistic on a Wiz deal?

Deals we advised in 2024 to 2025 moved 20 to 35 percent between first proposal and signature when the buyer brought a defensible workload count and a written competing quote. Without either, proposals barely moved.

Do we need every Wiz module estate wide?

No. Posture management makes sense estate wide; runtime sensors, DSPM, and code security usually justify themselves only on production crown jewels, regulated data accounts, and active development orgs respectively.

Should we sign a one year or multi year Wiz deal?

Multi year with a locked price book usually wins while CNAPP list prices are rising. A deeper one year discount that reprices against next year's price book is frequently a worse three year cost.

Who competes with Wiz in a negotiation?

Palo Alto Prisma Cloud, CrowdStrike Cloud Security, Microsoft Defender for Cloud, and Orca all quote against Wiz. A scoped written quote from any of them is the single fastest way to move the Wiz rate.