The Gartner® Market Guide for Cloud Workload Protection Platforms 1 (CWPP) is an independent evaluation published by Gartner. We feel this guide provides an excellent look at the current challenges faced in securing workloads in complex hybrid- and multi-cloud environments and discusses strategies and solutions to best address them.
An Important Read for InfoSec and DevOps
With the increasing granularity of workloads, and the distributed and ephemeral nature of cloud assets, CWPP addresses pressing challenges faced by both InfoSec and DevOps. We believe this report offers compelling reasoning and actionable steps to:
- “Implement a CWPP offering that protects workloads regardless of location, size, runtime duration or application architecture.”
- “Consolidate CWPP and CSPM strategies over the next 12 to 24 months to reduce costs and complexity and identify risks better.”
- And much more
Workload Protection for Complex Environments
In the Market Guide, Gartner noted that “76% of enterprises indicated they are using multiple IaaS providers.” They also stated, “in the same survey, the top challenge identified by respondents when using multiple public IaaS providers was increased security risk.”
We believe the report covers the evolution of workload abstractions, showing how the move from physical servers to serverless architectures has increased the granularity of workloads while greatly decreasing workload life spans at runtime. This dynamic and rapidly changing workload runtime environment poses new security challenges, especially as application stacks are distributed across IaaS, PaaS, on-premises, containerized, and virtualized environments—all of which need to be secured uniformly. To address the challenge of workload protection in complex environments and dynamic runtime conditions, the Market Guide for Cloud Workload Protection Platforms recommends ways that you can ensure your CWPP implementation “protects workloads regardless of location, size, runtime duration or application architecture.”
The Importance of Unified CWPP and CSPM
As environmental complexity increases, consolidated CWPP and CSPM help reduce risk by ensuring visibility and inventory across hybrid- and multi-cloud environments, along with vulnerability and configuration scanning. The synergy between CWPP and CSPM is identified in the report as a foundational component of core workload protection strategies for the purpose of reducing risk. It shows where in the priority hierarchy this unification stands and makes a strong argument for using a single-vendor approach. You’ll also learn why Gartner recommends agentless deployments of both CSPM and CWPP whenever possible.
Shifting Workload Protection Left
A key trend noted in the Gartner Market Guide for Cloud Workload Protection Platforms is the move toward a shift-left workload protection strategy. By incorporating security testing into workload build and deployment, enterprises can better address the full lifecycle of workload protection requirements. It is noted in the report that the convergence of shift-left deployment, CSPM, CWPP, and workload-scanning capabilities has created a new category of cloud-native application protection platforms (CNAPP).
As you read the report, you’ll want to identify how you can unify these capabilities, so you are better prepared to stay ahead of risk. This strategy is especially critical for containerized and Kubernetes environments, where it’s imperative to catch potential security issues and risks as early as possible in the deployment lifecycle of cloud-native applications and their runtime environments.
Additional Considerations and Resources
The report includes many other considerations that we feel are important for developing a CWPP strategy, including:
- Network segmentation best practices
- The benefits of identity-based policies in the cloud
- OS and application log monitoring as part of your extended detection and response (XDR) effort
You’ll also find a list of representative vendors, including Fidelis and Fidelis CloudPassage, and an extensive set of recommendations for evaluating CWPP and CSPM vendors.
At the end of the report, you’ll find recommended Gartner publications and outside resources that are recommended as further reading by the report authors.
Download the 2021 Gartner Market Guide for Cloud Workload Protection Platforms
You can download your complimentary copy of the Market Guide for CWPP from Fidelis. Once you’ve had a chance to read through the report, give us a call so we can show you how the Fidelis CloudPassage Halo® and Fidelis Elevate® XDR platforms provide CWPP, CSPM, and Active XDR solutions for your public, private, hybrid, and multi-cloud environments.
1. Gartner, “Market Guide for Cloud Workload Protection Platforms, By Neil MacDonald, Tom Croll 12 July 2021