{"id":111522,"date":"2020-05-15T06:00:28","date_gmt":"2020-05-15T13:00:28","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=111522"},"modified":"2023-09-08T05:55:31","modified_gmt":"2023-09-08T12:55:31","slug":"cloud-2020-guide-cloud-workload-protection-2","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/05\/cloud-2020-guide-cloud-workload-protection-2\/","title":{"rendered":"2021 Gartner Market Guide for CWPP: Key Takeaways"},"content":{"rendered":"

Updated July 16, 2021<\/em><\/span><\/p>\n

Cloud native development relies on workloads spread across any number of compute options \u2013 virtual machines (VMs), containers, serverless and many points in between. These components which make up cloud native applications can be created and spun down in a matter of hours or even minutes \u2013 they are surprisingly ephemeral.\u00a0<\/span><\/p>\n

Moreover, protecting these workloads can be difficult. Discovering when they have been created, determining who or what is accessing them and figuring out whether they are configured correctly is a monumental task not suited for manual security work. That's why the market has seen an influx of platforms specially designed to protect them. These so-called cloud workload protection platforms (CWPP) are evolving almost as quickly as the workloads themselves, and understanding key functionality can be overwhelming.\u00a0<\/span><\/p>\n

Gartner recently released its 2021 <\/span>Market Guide for Cloud Workload Protection Platforms, <\/span><\/i>which has annually examined the latest developments in cloud native infrastructure security and offered recommendations on how enterprises should protect these components and the continuum of compute options, including VMs, containers and serverless workloads.\u00a0<\/span><\/p>\n

You can download a copy of the 2021 \u201cMarket Guide for Cloud Workload Protection Platforms\u201d to read in full<\/span><\/a>.<\/span><\/p>\n

Palo Alto Networks is proud to be included by Gartner as a Representative Vendor for CWPP.<\/span><\/p>\n

 <\/p>\n

What Is a Cloud Workload?<\/span><\/h2>\n

First, it may be helpful to understand what these platforms can actually protect. A workload can be broadly defined as the resources and processes needed to run an application. A cloud workload typically includes an application, but it also involves things like data served to and generated by the application, as well as network resources required to connect users to the application or to connect different parts of the application together.<\/span><\/p>\n

Most organizations' workloads now typically span multiple cloud service providers (CSPs) and compute options, and a majority of organizations intentionally choose multiple types of infrastructure offerings based on business needs. <\/span>According to Gartner, \u201cWorkload protection must span virtual machines, containers and serverless workloads in public and private clouds. Security and risk management leaders should use this Market Guide to understand the need for protection that spans development and runtime and includes cloud security posture management.\u201d<\/span><\/p>\n

We've talked for a while now about how each infrastructure offering comes with individual configurations and security requirements, which we highlight in our whitepaper titled the <\/span>Continuum of Cloud Native Topologies<\/span><\/a>.\u00a0<\/span><\/p>\n

 <\/p>\n

What Is a Cloud Workload Protection Platform?<\/span><\/h2>\n

Second, Gartner defines cloud workload protection platforms (CWPP) as \"workload-centric security products that protect server workloads in hybrid, multicloud data center environments.\" Or as we simply say, these platforms help enterprises protect workloads. They also offer greater visibility and control over them, regardless of their location.<\/span><\/p>\n

These platforms need to help security leaders continuously assess risk across cloud native architectures and identify vulnerabilities and misconfigurations before deployment to runtime to minimize runtime problems. These platforms span CSPs to provide greater assurance with less manual effort.<\/span>
\n<\/span><\/p>\n

 <\/p>\n

Protection Needs to Span the Entire Application Lifecycle From Build to Runtime<\/span><\/h2>\n

We've seen that the diffusion of DevOps methodologies has led to the increasing granularity of workloads. DevOps intentionally uses small, frequent iterations, where deployments happen multiple times a week or even multiple times a day.\u00a0<\/span><\/p>\n

In order to protect these increasingly ephemeral workloads, security and risk management leaders need to understand what workloads are running where, and Cloud Workload Protection Platforms help them do that.\u00a0<\/span><\/p>\n

\"Cloud<\/span><\/div><\/p>\n

Security controls need to support public, private and hybrid clouds, while also combining full stack runtime protection with integrated DevOps security. These capabilities include vulnerability management, compliance, runtime protection and application control, and other key security controls highlighted by Gartner.<\/span><\/p>\n

Recommendations for Security and Risk Management Professionals<\/span><\/h2>\n

The report highlights key recommendations organizations should consider for securing their cloud infrastructure. Palo Alto Networks has chosen to emphasize the following for a full lifecycle, full stack security approach: <\/span><\/p>\n