* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Native Application Protection Platform](https://www2.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/)
* Addressing the Need for I...

# Addressing the Need for Integrated Cloud Native Security with CNAPP

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fthe-future-of-cloud-native-security-is-cloud-native-application-protection-platforms-2%2F)  
[](https://twitter.com/share?text=Addressing+the+Need+for+Integrated+Cloud+Native+Security+with+CNAPP&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fthe-future-of-cloud-native-security-is-cloud-native-application-protection-platforms-2%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fthe-future-of-cloud-native-security-is-cloud-native-application-protection-platforms-2%2F&title=Addressing+the+Need+for+Integrated+Cloud+Native+Security+with+CNAPP&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/the-future-of-cloud-native-security-is-cloud-native-application-protection-platforms-2/&ts=markdown)  
\[\](mailto:?subject=Addressing the Need for Integrated Cloud Native Security with CNAPP)  
Link copied  
By [Ankur Shah](https://www.paloaltonetworks.com/blog/author/ankur-shah/?ts=markdown "Posts by Ankur Shah")  
Dec 16, 2021  
6 minutes  
[Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown)  
[Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[CNAPP](https://www.paloaltonetworks.com/blog/tag/cnapp/?ts=markdown)  
[Integrated Cloud Native Security](https://www.paloaltonetworks.com/blog/tag/integrated-cloud-native-security/?ts=markdown)

[Cloud native application development](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native) has matured to the point where certain assumptions can be taken more or less as facts. One early realization was that cloud environments are inherently diverse, disparate and distributed. For the professionals responsible for managing these dynamic, complex environments, a natural response was to turn around and impose consistency and uniformity. The logic is that managing risk in these environments would be made more difficult when coordinating a large set of point products suited to a specific set of requirements.

This line of reasoning is why forward-thinking members of the security community---including those of us at Prisma Cloud---have been focused on integrated cloud native security platforms since the beginning. With the recent introduction of the [Cloud Native Application Protection Platform (CNAPP)](https://start.paloaltonetworks.com/gartner-report-cloud-native-application-protection.html) category from Gartner, this trend is finally becoming the mainstream approach.

[Cloud Native Application Protection Platforms (CNAPP)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform) combine functionality for [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management), [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cyberpedia/what-is-cwpp-cloud-workload-protection-platform), Cloud Infrastructure Entitlement Management (CIEM), and [CI/CD security](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security) into a single, seamless solution to secure the full cloud native application lifecycle. These integrated capabilities allow DevOps, cloud infrastructure, and security teams to effectively and efficiently achieve successful cloud security outcomes amid the complex, shifting cloud environments.

#### **Why Do You Need a Platform Like CNAPP?**

The problem we have seen at many organizations is that responses to cloud native security have been reactive, rather than proactive---they are often forced to deal with issues as one-off problems, rather than addressing cloud security more holistically. They have adopted individual solutions or tools for each issue that comes up, and end up with a patchwork approach that introduces even more problems, like:

* **Point solutions create more work:** Managing a growing stack of tools eventually becomes its own workstream. And because most solutions don't communicate with each other without yet more work, teams get limited visibility and protection.
* **You can't apply consistent protections:** Dozens of security tools can perform a check at single points in the application lifecycle. But without consistent controls across development, deployment and runtime, security and risk teams are stuck comparing disparate vulnerability and misconfiguration findings.
* **Separation creates blind spots:** Most cloud security teams need to analyze threats across cloud services, workloads or applications, networks, data, and permissions. Without a single tool, [blind spots emerge](https://www.paloaltonetworks.com/resources/whitepapers/prisma_cloud-security-blind) in the gaps between solutions.

For all these reasons, integrated cloud native security platforms like CNAPPs offer a number of clear benefits.

#### **Distributed Problems Need Integrated Solutions**

One of the primary drivers for a [comprehensive, integrated security platform](https://www.paloaltonetworks.com/blog/2021/11/shift-left-with-prisma-cloud-3-0/) is that cloud security requires multiple teams to navigate a difficult combination of both granular and overlapping duties across functional areas:

**Infrastructure**

Teams need to understand where their responsibilities begin and end regarding the shared responsibility model---[data consistently shows](https://www.paloaltonetworks.com/resources/ebooks/esg-evolution-of-cloud-native-security) that organizations tend to overestimate the protections and alerts that their CSP will provide on their behalf. In addition, there are overlapping needs from networking, storage, and compute instances for CSPM, but each of those environments also need controls for access and permissions that stem from CIEM (highlighted just below).

**Workloads and Applications**

Similarly, the workloads and applications on that infrastructure require vulnerability management, compliance monitoring, policy enforcement, and runtime protection. These are traditionally areas where either security teams or DevOps teams are expected to ensure protections are in place. However, those tools must be integrated with the data coming from CI/CD pipelines and extending into runtime for web applications and APIs.

**Data Security**

Every team in the organization has data somewhere, much of it stored across cloud storage accounts. Data owners and security teams both share responsibility for securing this data, and need to be able to scan it, and understand where sensitive data resides, if there is inappropriate public exposure, and whether there is malware present.

**Networks**

These applications require a network that delivers reliable and safe connectivity. Securing network communications requires least-privilege access for workloads accessing other workloads and inline threat prevention.

**Identity and Permissions**

Underlying all of these areas, entitlements and permissions for cloud infrastructure and services must balance the need for distributed access with risk management to ensure there aren't excessive or outdated permissions that undermine all of your other efforts.

**Coding and Development**

Developers and DevOps teams are responsible for delivering high-quality code, which in most cases also means secure code. But it's up to security teams to provide the insights that DevOps needs to create secure code. Injecting security guardrails as early as possible requires cohesive tools that can cross the entire application lifecycle.

![Blurred boundaries of responsibilities for various security duties. Figure courtesy of Gartner’s 2021 Innovation Insight for Cloud-Native Application Protection Platforms.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/table-description-automatically-generated.png)
Blurred boundaries of responsibilities for various security duties. Figure courtesy of Gartner's 2021 Innovation Insight for Cloud-Native Application Protection Platforms.

Each team needs to work closely to ensure these protections are consistently enforced, and CNAPPs are the integrated tools that help break down the silos that currently separate them.

#### **Prisma Cloud Has Always Been a Platform**

However, we also know from working with customers that most of today's teams are not integrated like this yet---enterprise teams reflect the needs of yesterday's problems. We understand that different teams often have their own objectives, but organizations still need comprehensive security.

So while Prisma Cloud combines code security, workload protections, security posture management, network security, and identity security in a single, unified platform, we also provide unmatched flexibility to deploy protections that fit your specific needs, no matter your tech stack, cloud provider, or cloud maturity level.

Our extensible platform is built around APIs, which lets you configure custom integrations for your cloud security needs. It ingests cloud data from flow logs, configuration logs, and audit logs over an encrypted connection to provide more granular telemetry and maintain historical context for incident investigation and forensics. Teams can then use the console or APIs to interact with this data to configure policies, investigate and resolve alerts, set up external integrations and forward alert notifications.
![The Prisma Cloud platform covers the full application lifecycle.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/timeline-description-automatically-generated-with.png)
The Prisma Cloud platform covers the full application lifecycle.

While other solutions might only cover a few hundred cloud services or only work for a few of the larger public cloud providers, Prisma Cloud provides granular coverage for nearly 1,000 distinct services, across major providers including AWS, Azure, Google Cloud, Oracle Cloud Infrastructure, and Alibaba Cloud. In addition, we protect a wide range of environments including Docker and Kubernetes, Red Hat OpenShift, VMWare Tanzu and more.

And when it comes to workload protection across those environments, [Prisma Cloud is the only solution that offers both agentless scanning and agent-based protection within the same console](https://www.paloaltonetworks.com/blog/prisma-cloud/better-together-agentless-agent-based-security/). As a platform must be comprehensive, it's important that actual CNAPPs provide both visibility *and* proactive protections. Several platforms on the market provide quick visibility but offer nothing when it comes time to operationalize protection.

#### **Exploring Security Platforms in Depth**

You can learn more about the industry trends that highlight the needs for CNAPPs by downloading the [2021 Gartner® Innovation Insight for Cloud-Native Application Protection Platforms](https://start.paloaltonetworks.com/gartner-report-cloud-native-application-protection.html).

For an in-depth exploration of the ways Prisma Cloud helps enterprises secure better outcomes in their cloud security, you can [request a free trial.](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial)

*** ** * ** ***

## Related Blogs

### [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

[#### How CSPM Will Shape the Future of Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/cspm-shapes-future-cloud-security/)

### [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Agent Vs Agentless: Determining the Right Deployment Option for Cloud Workload Protection (CWP)](https://www2.paloaltonetworks.com/blog/cloud-security/agent-vs-agentless-cwp/)

### [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Forrester Names Prisma Cloud a Leader in Cloud Workload Security](https://www2.paloaltonetworks.com/blog/cloud-security/forrester-wave-cloud-workload-security-leader-2024/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### 10 Cloud Security Risks Organizations Should Address](https://www2.paloaltonetworks.com/blog/cloud-security/10-cloud-security-risks/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Prisma Cloud Adds Support for Agentless Security on Azure and GCP](https://www2.paloaltonetworks.com/blog/cloud-security/agentless-for-azure-and-gcp/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Containers, Assemble: What Cloud Threat Actors Don't Want You to Know](https://www2.paloaltonetworks.com/blog/2022/06/cloud-threat-actors/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language