Best Practices To Implement a Cloud Workload Protection Platform (CWPP)

August 13, 2021

Gartner defines a cloud workload protection platform (CWPP) as a technology solution “primarily used to secure server workloads in public cloud infrastructure as a service environments.” CWPPs allow multiple public cloud providers and customers to ensure that workloads remain secure when passing through their domain.

As developers leverage cloud workloads as part of DevOps development cycles, applications are built and deployed quickly with little regard for security. At the same time, these applications are often public-facing and deployed over multiple cloud environments, making them difficult to monitor and secure.

Workload-centric security offerings that target the unique protection requirements of workloads in modern hybrid, multi-cloud data center architectures. These platforms need to help security leaders continuously assess risk across cloud native architectures and identify vulnerabilities and misconfigurations before deployment to runtime to minimize runtime problems.

How Does Cloud Workload Protection Platform (CWPP) Work?

A Cloud Workload Protection Platform solution discovers workloads that exist within an organization’s cloud-based deployments and on-premises infrastructure. Once these workloads have been discovered, the solution will perform a vulnerability assessment to identify any potentially exploitable security issues with the workload based on defined security policies and known vulnerabilities.

Based on the results of the vulnerability scan, the CWPP solution should provide the option to implement security controls to fix the identified issues. This can include solutions such as implementing allowlists, integrity protection, and similar solutions.

Why is Cloud Workload Protection Platform (CWPP) Relevant?

The transformation from legacy to cloud-native applications isn’t automatic. Organizations can’t “copy and paste” to the cloud an application that is currently on-premise. Here are four reasons why Cloud Workload Protection Platform (CWPP) is important:

  • Most companies have legacy applications and infrastructure that prevent a complete movement of functionality to the cloud.
  • Most organizations are deliberately using multiple cloud vendors, depending on their specific needs. As a result, most enterprises—by circumstance or design—are working in a hybrid, multi-cloud environment. This makes it difficult for security professionals to know, see, and manage where applications and data are in a fragmented environment.

  • Today, application developers grab code from a variety of places like GitHub, leverage workloads to create an application and publish it directly to their target audience of consumers. This approach is called Development Operations (DevOps) and is a cycle of “continuous innovation and continuous development” (CI/CD) where they can quickly respond to customers and improve that response and experience for their customers and partners in weeks or days.
  • The tradeoff of process for speed and the constant improvement of applications means that security is no longer a strict gate for application production. Security professionals can’t apply controls at application run time as they used to be able to do.

The risk to data and applications due to the changing nature of workloads, lack of visibility and control, and the rise of the “always on” DevOps environment makes CWPP an important security solution in the modern enterprise.

10 Best Practices on How to Use Cloud IaaS More Securely Than a Data Center?


  • Cloud workload protection, especially for containers, is an essential ingredient to offering an agile DevOps-oriented enterprise infrastructure with the most robust security.
  • Roughly half of the providers are at feature parity with each other, leaving a great deal of uncertainty around which providers will lead this emerging technology category in the future.
  • Emerging features in the cloud workload protection platform (CWPP) are focused on their extensibility to power the future of DevSecOps along with security response automation between the development, test and production of cloud workload environments.

Gartner recommends engaging certified cloud partners early on in your cloud planning process, to ensure that loopholes are identified early and plugged in before it turns out to be a disaster.

Talk to Our Migration Experts

Subscribe to our blog

Related Posts