Cloud Workload Protection Platforms (CWPP) provide a workload-centric security solution for all types of workloads, including physical servers, virtual machines (VMs), containers, and serverless workloads. CWPP provides a single pane of glass for visibility and protection across on-premises and cloud environments.
CWPP makes it possible to identify vulnerabilities earlier in the development lifecycle, and can also detect exploits and active threats in live environments, providing improved context and investigation for incident responders.
Cloud Security Posture Management (CSPM) protects workloads “from the outside”, by monitoring the security configuration of the cloud platform control plane, while CWPP protects workloads “from the inside”, identifying how workloads themselves are configured.
In this sense, CWPP has a greater focus on application security, while CSPM can help ensure the cloud environment as a whole follows security and compliance best practices. Increasingly, organizations are using both CWPP and CSPM to holistically secure cloud environments.
In 2021, Gartner introduced a new solution category, called Cloud Native Application Protection Platform (CNAPP), which includes both CSPM and CWPP in a single platform.