Home/Glossary/Cloud-Native Application Protection Platform (CNAPP)

Cloud-Native Application Protection Platform (CNAPP)

A unified security platform that combines CSPM, CWPP, and other cloud security capabilities into a single solution.

Cloud SecurityAlso called: "cloud native application protection"

CNAPP consolidates multiple cloud security tools into one platform, reducing complexity and improving visibility across cloud environments.

What CNAPP combines

  • CSPM: Configuration and compliance monitoring.
  • CWPP: Workload protection for containers, VMs, serverless.
  • CIEM: Cloud infrastructure entitlement management.
  • IaC scanning: Security checks for Terraform, CloudFormation.
  • Container security: Image scanning and runtime protection.

Why organizations adopt CNAPP

  • Reduces tool sprawl and vendor management overhead.
  • Provides unified visibility across multi-cloud environments.
  • Correlates findings across configuration, identity, and runtime.
  • Simplifies compliance reporting with single dashboard.

Key vendors

  • Palo Alto Prisma Cloud
  • Wiz
  • Orca Security
  • Lacework
  • Microsoft Defender for Cloud

Evaluation criteria

  • Coverage across your cloud providers (AWS, Azure, GCP).
  • Agentless vs. agent-based deployment options.
  • Integration with CI/CD pipelines.
  • Attack path analysis and risk prioritization.

Related Tools

Explore More Cloud Security

View all terms

AWS Security Hub

AWS service that aggregates security findings from multiple AWS services and third-party tools, providing a unified view of security posture.

Read more →

Cloud Security Posture Management (CSPM)

Continuous monitoring and remediation of cloud misconfigurations across accounts, services, and regions.

Read more →

Cloud Workload Protection Platform (CWPP)

Security tooling that safeguards cloud-native workloads—containers, serverless functions, and VMs—across build and runtime.

Read more →

Microsegmentation

A network security technique that divides the network into isolated segments, applying granular access controls between workloads.

Read more →

Shared Responsibility Model

A framework that outlines which security tasks the cloud provider handles versus what the customer must secure.

Read more →

Virtual Private Cloud (VPC)

An isolated virtual network within a cloud provider where you can launch resources with control over IP addressing, subnets, and routing.

Read more →
Back to glossary