* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* 2021 Gartner Market Guide...

# 2021 Gartner Market Guide for CWPP: Key Takeaways

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F05%2Fcloud-2020-guide-cloud-workload-protection-2%2F)  
[](https://twitter.com/share?text=2021+Gartner+Market+Guide+for+CWPP%3A+Key+Takeaways&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F05%2Fcloud-2020-guide-cloud-workload-protection-2%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F05%2Fcloud-2020-guide-cloud-workload-protection-2%2F&title=2021+Gartner+Market+Guide+for+CWPP%3A+Key+Takeaways&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/05/cloud-2020-guide-cloud-workload-protection-2/&ts=markdown)  
\[\](mailto:?subject=2021 Gartner Market Guide for CWPP: Key Takeaways)  
Link copied  
By [Keith Mokris](https://www.paloaltonetworks.com/blog/author/keith-mokris/?ts=markdown "Posts by Keith Mokris") and [Adrian Chan](https://www.paloaltonetworks.com/blog/author/adrian-chan/?ts=markdown "Posts by Adrian Chan")  
May 15, 2020  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[CNAPP](https://www.paloaltonetworks.com/blog/tag/cnapp/?ts=markdown)  
[Gartner](https://www.paloaltonetworks.com/blog/tag/gartner/?ts=markdown)  
[Workload protection](https://www.paloaltonetworks.com/blog/tag/workload-protection/?ts=markdown)

*Updated July 16, 2021*

Cloud native development relies on workloads spread across any number of compute options -- virtual machines (VMs), containers, serverless and many points in between. These components which make up cloud native applications can be created and spun down in a matter of hours or even minutes -- they are surprisingly ephemeral.

Moreover, protecting these workloads can be difficult. Discovering when they have been created, determining who or what is accessing them and figuring out whether they are configured correctly is a monumental task not suited for manual security work. That's why the market has seen an influx of platforms specially designed to protect them. These so-called cloud workload protection platforms (CWPP) are evolving almost as quickly as the workloads themselves, and understanding key functionality can be overwhelming.

Gartner recently released its 2021 *Market Guide for Cloud Workload Protection Platforms,* which has annually examined the latest developments in cloud native infrastructure security and offered recommendations on how enterprises should protect these components and the continuum of compute options, including VMs, containers and serverless workloads.

[You can download a copy of the 2021 "Market Guide for Cloud Workload Protection Platforms" to read in full](https://start.paloaltonetworks.com/gartner-market-guide-cwpp.html).

Palo Alto Networks is proud to be included by Gartner as a Representative Vendor for CWPP.

## What Is a Cloud Workload?

First, it may be helpful to understand what these platforms can actually protect. A workload can be broadly defined as the resources and processes needed to run an application. A cloud workload typically includes an application, but it also involves things like data served to and generated by the application, as well as network resources required to connect users to the application or to connect different parts of the application together.

Most organizations' workloads now typically span multiple cloud service providers (CSPs) and compute options, and a majority of organizations intentionally choose multiple types of infrastructure offerings based on business needs. According to Gartner, "Workload protection must span virtual machines, containers and serverless workloads in public and private clouds. Security and risk management leaders should use this Market Guide to understand the need for protection that spans development and runtime and includes cloud security posture management."

We've talked for a while now about how each infrastructure offering comes with individual configurations and security requirements, which we highlight in our whitepaper titled the [Continuum of Cloud Native Topologies](https://www.paloaltonetworks.com/resources/whitepapers/continuum-cloud-native-topologies).

## What Is a Cloud Workload Protection Platform?

Second, Gartner defines cloud workload protection platforms (CWPP) as "workload-centric security products that protect server workloads in hybrid, multicloud data center environments." Or as we simply say, these platforms help enterprises protect workloads. They also offer greater visibility and control over them, regardless of their location.

These platforms need to help security leaders continuously assess risk across cloud native architectures and identify vulnerabilities and misconfigurations before deployment to runtime to minimize runtime problems. These platforms span CSPs to provide greater assurance with less manual effort.

## Protection Needs to Span the Entire Application Lifecycle From Build to Runtime

We've seen that the diffusion of DevOps methodologies has led to the increasing granularity of workloads. DevOps intentionally uses small, frequent iterations, where deployments happen multiple times a week or even multiple times a day.

In order to protect these increasingly ephemeral workloads, security and risk management leaders need to understand what workloads are running where, and Cloud Workload Protection Platforms help them do that.

![Cloud Workload Protection Platforms involve Development Scanning (covering vulnerable components, cloud configuration, secrets, malware and API discovery) and runtime protection (covering workload vulnerability, workload configuration, workload segmentation, integrity monitoring, application control, behavioral monitoring, host IPS and anti-malware). The graphic shows how this allows DevOps to maintain consistent visibility and control, including over bare metal, VMs, containers, serverless, on-premises, colocation, AWS, Azure, Alibaba Cloud, Tencent, GCP and Kubernetes. Source: Gartner.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/05/CWPP-figure-1.png)

Security controls need to support public, private and hybrid clouds, while also combining full stack runtime protection with integrated DevOps security. These capabilities include vulnerability management, compliance, runtime protection and application control, and other key security controls highlighted by Gartner.

## Recommendations for Security and Risk Management Professionals

The report highlights key recommendations organizations should consider for securing their cloud infrastructure. Palo Alto Networks has chosen to emphasize the following for a full lifecycle, full stack security approach:

* Implement a CWPP offering that protects workloads regardless of location, size, runtime duration or application architecture.
* Secure workloads earlier by extending workload scanning and compliance efforts into development (DevSecOps), especially for container-based and serverless function platform as a service (PaaS)-based development and deployment.
* Consolidate CWPP and CSPM strategies over the next 12 to 24 months to reduce costs and complexity and identify risks better.

As an integrated Cloud Native Security Platform, we believe Prisma Cloud aligns strongly to this consolidation trend across CSPM and CWPP.

To read the report in full, including further in-depth exploration of these best practices and recommendations, download your copy of "[Market Guide for Cloud Workload Protection Platforms](https://start.paloaltonetworks.com/gartner-market-guide-cwpp.html)."

Gartner, Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, Tom Croll, 12 July 2021

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from [https://start.paloaltonetworks.com/gartner-market-guide-cwpp.html](https://start.paloaltonetworks.com/gartner-market-guide-cwpp.html).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### A New Era of Protection --- Multicloud Security](https://www2.paloaltonetworks.com/blog/2025/01/multicloud-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Recognized by Gartner as a Leader in SSE Report](https://www2.paloaltonetworks.com/blog/2024/04/gartner-leader-in-sse-report/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP)](https://www2.paloaltonetworks.com/blog/2024/01/palo-alto-networks-recognized-as-a-leader-in-the-2023-gartner-magic-quadrant-for-endpoint-protection-platforms-epp/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Recognized in Critical Capabilities Report](https://www2.paloaltonetworks.com/blog/2023/05/recognized-in-critical-capabilities-report/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Is a CNAPP Leader According to Frost \& Sullivan](https://www2.paloaltonetworks.com/blog/2022/11/prisma-cloud-is-a-cnapp-leader/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Shift Happens, Be Ready With Code-to-Cloud CNAPP](https://www2.paloaltonetworks.com/blog/2022/09/code-to-cloud-cnapp/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language