A Year On: Is Palo Alto Networks’ Platformization Strategy Here to Stay?

At its annual Ignite on Tour event in London last week, Palo Alto Networks presented its complete Artificial Intelligence (AI)-fueled suite of products, securing in-house Generative Artificial Intelligence (Gen AI) applications within enterprises via its AI Security Posture Management (AI-SPM) solution and guaranteeing enterprise visibility of internal AI usage by employees through its AI Access tool. Yet, the event chiefly served as a channel for Palo Alto Networks to provide an update on its platformization strategy, first announced in February 2024, which involves consolidating its cybersecurity services into an integrated Cortex IAM platform, encompassing network, application, and cloud security within a unified data plane that pulls contextual cloud data through to the Security Operations Center (SOC).

As during its 2024 event, platformization quickly cemented itself as word of the day, referring to integrating the host of network, endpoint, application, and cloud security tools currently being used to protect enterprise systems into a natively integrated platform. Palo Alto Networks’ mantra is that transitioning beyond various security solutions that separately secure each portion of enterprise security to a single User Interface (UI) platformized security approach boosts the efficiency and performance of enterprise security setups. Pre-integrated tech stacks allow enterprises to focus on security optimization, rather than interoperability and management of various security solutions. Building on the common governance delivered via its Cortex offerings, Palo Alto Networks plans to deliver AI capabilities across the enterprise ecosystem, notably AI-enhanced alert systems and risk prioritization scores.

System consolidation is not an entirely new concept. Yet, many consolidated systems that are being marketed as “platforms” (e.g., Microsoft’s suite) lack the native interoperability boasted by Palo Alto Networks’ Cortex offerings. Given this interoperability, true platformization boasts a cheaper solution with a quicker sale period than consolidated systems, minimizing enterprise costs associated with migrating away from legacy solutions. So far, Palo Alto Networks’ strategic shift toward platforms has paid off in the year since its announcement: during fiscal 4Q 2024, revenue was up by 12% compared to 4Q 2023, while Palo Alto Networks’ strong sales results from 1Q 2025 reflect the continuing success of its revamped sales approach. Yet, Palo Alto Networks’ platformization strategy is vulnerable to short-term disruptions. For example, enterprises’ existing contractual obligations to different security providers will slow and impede the migration of legacy systems to platformized solutions, particularly given those contracts’ varying termination conditions and dates. Further, vendor lock-in with the organization providing the platformized services inhibits enterprises’ agility in the long term, particularly in light of the prospect of post-quantum computing. Leading quantum-resistance strategies revolve around product-agnosticism and flexible offerings. Although Palo Alto Networks has integrated the relevant post-quantum protections into its solutions, any degree of lock-in has the potential to interfere with enterprises’ future crypto-agility.

Whether Palo Alto Networks can fend off these potential disruptions, it is too early to say. Yet, it is clear from the continuing persistence of platformization language—not only from Palo Alto Networks, but spreading across the industry—that platformization is the direction in which the industry is heading, particularly in the cloud and SOC spaces. This is best showcased by the increasing merging of cloud and SOC security teams across organizations. Thus, to best capitalize on this trend, vendors should consider:

• The Importance of “Shifting Left” for Security Solutions at the Forefront of Innovation: Detecting potential vulnerabilities at the earliest possible opportunity is an increasingly necessary part of comprehensive, platformized solutions. This includes integrating security at the Continuous Integration (CI)-Continuous Delivery (CD) level and incorporating AI or Machine Learning (ML)-fueled functionalities to detect anomalies as early as the coding stage of application development, as within Palo Alto Networks’ offerings.
• The Opportunities for Enhanced Return on Investment (ROI) from Platformized Offerings: Interestingly, the bulk of Palo Alto Networks’ revenue generated for 1Q 2025, thus far, is composed of subscription and service sales, rather than products. This can be explained, in part, by its revamped platformization strategy. Offering modular platformized solutions opens up new revenue opportunities with additional add-ons or advanced functionalities offered as subscriptions and services.
• The Emerging Opportunities for Consulting and Advisory Services Around Enterprise Security Platformization: Given the extensive effort and expertise required to migrate entire enterprises’ security solutions, from code to cloud to SOC, there are ample revenue opportunities for consultancy services here. For example, IBM Consulting plays a key role in supporting enterprises’ migration, adoption, and deployment of Palo Alto Networks’ products.

On the other hand, enterprises seeking to adopt a platformized approach should:

• Select Platformized Solutions That Prioritize Modularity: Modular platformized solutions like those from Palo Alto Networks enable organizations to transition slowly to a consolidated offering, easing disruptions caused by existing contracts.
• Consider the Varying Degrees of Interoperability and Consolidation Offered by Platformized Solutions: While vendors claim to have optimally interoperable platformized solutions, many of these platforms rely on acquisitions. Thus, within the platforms themselves, varying degrees of interoperability exist, which can impact the operation of those systems once integrated into enterprises’ environments. Pre-testing such platforms with enterprises’ existing systems and processes before committing to such platforms will help to identify potential challenges in this regard.
• Weigh the Potential Efficiency Gains and Both the Practical and Financial Costs Associated with Overhauling Entire Security Approaches: In particular, determining whether consolidation is aligned with in-house use cases is key. In this regard, enterprises must ensure that crypto-agility remains at the forefront of their security agendas, particularly in highly regulated industries where guidance pertaining to post-quantum measures is likely to be ever evolving. Considering carefully whether platformized solutions that lock enterprises into specific vendors that are compatible with their post-quantum security strategies will be necessary to ensure that enterprises future-proof their security for the post-quantum era.