What is it?
According to Gartner, CWPPs are workload-centric security offerings that target the unique protection requirements of workloads in modern hybrid, multi-cloud data center architectures. In plain English, CWPPs help organizations protect their capabilities or workloads (applications, resources, etc.) running in a cloud instance.
CWPP capabilities vary across vendor platforms, but typically include functions like system hardening, vulnerability management, host-based segmentation, system integrity monitoring, and application allow lists. CWPPs enable visibility and security control management across multiple public cloud environments from a single console.
Gartner divides CWPP vendors into eight categories:
In the Market Guide for Cloud Workload Protection Platforms, Gartner states that workloads are becoming more granular — with shorter life spans — as organizations continue to adopt DevOps-style development patterns, with multiple iterations deployed per week or even per day.
The best way to secure these rapidly changing and short-lived workloads is to take a proactive approach. By incorporating security via DevSecOps through the use of Infrastructure as Code templates, pre-deployment vulnerability management and code scanning, workloads are protected from the very beginning.
In what context is it best used?
Gartner states that the best possible context for a CWPP is a single provider IaaS, particularly where there are requirements for additional security capabilities to protect workloads.