* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/)
* Building a Zero Trust Fra...

# Building a Zero Trust Framework for Cloud Native Applications

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fzero-trust-cloud-native-applications%2F)  
[](https://twitter.com/share?text=Building+a+Zero+Trust+Framework+for+Cloud+Native+Applications&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fzero-trust-cloud-native-applications%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fzero-trust-cloud-native-applications%2F&title=Building+a+Zero+Trust+Framework+for+Cloud+Native+Applications&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/zero-trust-cloud-native-applications/&ts=markdown)  
\[\](mailto:?subject=Building a Zero Trust Framework for Cloud Native Applications)  
Link copied  
By [Jason Williams](https://www.paloaltonetworks.com/blog/author/jason-williams/?ts=markdown "Posts by Jason Williams")  
Jan 20, 2022  
5 minutes  
[Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown)  
[Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown)  
[Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown)  
[Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[CNAPP](https://www.paloaltonetworks.com/blog/tag/cnapp/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

Companies have entered a digital pivot: applications driving business impact are increasingly moving to the cloud. Organizations moving to the cloud are finding themselves navigating new challenges. While development and DevOps teams have modernized their applications with cloud native development workflows and modern architectures, cybersecurity teams struggle to deploy new tools and technologies every time a new security risk is highlighted. This is where Zero Trust makes a difference.

According to the Gartner *Predicts 2022: Consolidated Security Platforms Are the Future* report, "Organizations have manually stitched together DevSecOps with 10 or more disparate security tools --- some old and some new --- each with siloed responsibility and view of application risk."

Managing risk in cloud native environments becomes overwhelming based on poorly integrated solutions. Organizations need a strategic cybersecurity approach that fits their cloud transformation. [Zero Trust](https://www.paloaltonetworks.com/zero-trust?ts=markdown) is an opportunity to modernize and rebuild security.

### What is Zero Trust?

*Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction.*

The added advantage of [Zero Trust in cloud native environments](https://www.paloaltonetworks.com/cxo-perspectives/cloud-and-zero-trust?ts=markdown) is *simplicity*. Instead of deploying new point tools to address new security risks, security teams can continuously run the same security checks regardless of the situation.

At Palo Alto Networks, our framework encompasses identity, devices/workloads, access, and transactions to enable a Zero Trust enterprise for users, applications, and infrastructure.

![Palo Alto Networks provides a portfolio approach to enable a Zero Trust Enterprise](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/01/graphical-user-interface-description-automaticall-3.png)
Palo Alto Networks provides a portfolio approach to enable a Zero Trust Enterprise

#### How Can I Make Zero Trust an Integral Part of My Cloud Transformation?

To secure cloud environments and applications, organizations must remove all implicit trust and enforce cybersecurity checks across the entire application development lifecycle. Security teams need to partner with DevOps and cloud infrastructure teams to implement Zero Trust principles:

\*\*Validate all cloud identities:\*\*Always validate the identity and entitlements granted to the developers, devops, and admins who seek access to cloud infrastructure. Ensure there are no excessive or outdated permissions.

As cloud environments are increasingly deployed using Infrastructure as Code (IaC) templates, security teams must engage developers and DevOps teams to integrate security and compliance checks into development and DevOps workflows. Provide actionable feedback and guardrails to prevent misconfigurations in IaC templates from ever turning into insecure infrastructure.

**Protect the cloud workloads:** Continuously secure all hosts, containers, and serverless functions running across any private or public cloud. It is imperative that the integrity of workloads is continuously monitored for any misconfigurations, vulnerabilities, or indicators of compromise.

\*\*Apply context-based network access:\*\*Verify all network access between microservices and enforce microsegmentation. As workloads access other workloads in the cloud, they must mutually verify workload identity and, if authorized, apply least-privilege connectivity to the application.

\*\*Secure all cloud transactions:\*\*Once network access is granted, inspect all content and proactively prevent any threats or malicious behavior to ensure the transaction is safe and secure. Security can further be extended to web applications and APIs across the application lifecycle for any cloud-native architecture to protect against modern threats.

![Graphical user interface, website Description automatically generated](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/01/graphical-user-interface-website-description-aut.png)

### How We Can Help

At Palo Alto Networks we've designed [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown), our Cloud Native Application Platform (CNAPP), to reliably secure your cloud transformation with a Zero Trust architecture, while also positioning across the portfolio to further enable zero trust principles.

![Timeline Description automatically generated](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/01/timeline-description-automatically-generated.png)

To secure identities, we've developed [Cloud Identity Security](https://www.paloaltonetworks.com/prisma/cloud/cloud-identity-security?ts=markdown) to continuously monitor cloud permissions and entitlements across multiple cloud service providers and apply least-privileged access to cloud infrastructure. And our [Cloud Code Security](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security?ts=markdown) functionality helps security teams identify and fix vulnerabilities in cloud native application code and ensure only secure code is deployed in the cloud. This results in a full lifecycle approach to security that ultimately secures applications by design.

To secure workloads, Prisma Cloud offers [Cloud Workload Protection](https://www.paloaltonetworks.com/prisma/cloud/cloud-workload-protection-platform?ts=markdown) which comprehensively secures workloads across private and public clouds by applying vulnerability management, compliance monitoring, and runtime protection. We've integrated these capabilities with CI/CD pipelines to enforce security checks across the entire application lifecycle. To further enable Zero Trust workload security, [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) offers threat prevention, detection, and response capabilities on workloads. The Cortex XDR agent proactively blocks cyberattacks such as malware and ransomware, as well as the exploits that lead to compromise. The agent gathers rich data to power detection and response across all assets, including cloud workloads.

To secure access, we've engineered [Cloud Network Security](https://www.paloaltonetworks.com/prisma/cloud/cloud-network-security?ts=markdown) to enforce least-privileged microsegmentation between workloads. As workloads communicate with other workloads, Prisma Cloud ensures all connectivity is verified for authenticity before granting network access to application data. In addition to microsegmentation, [VM-Series](https://www.paloaltonetworks.com/prisma/vm-series?ts=markdown) and [CN-Series](https://www.paloaltonetworks.com/network-security/cn-series?ts=markdown) software next-generation firewalls (NGFWs) bolster access controls with industry-leading App-ID, which classifies and restricts traffic based on application context.

To secure transactions, our software NGFWs and Prisma Cloud [Web Application and API Security (WAAS)](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security?ts=markdown) deliver complimentary protections. VM-Series and CN-Series inspect all content in network traffic to proactively block known threats, zero-day attacks, and data loss across private and public clouds. The WAAS functionally built into Prisma Cloud secures all your web applications and APIs on any cloud native architecture.

Whether you're lifting and shifting applications or adopting a cloud-native approach in your cloud transformation, Palo Alto Networks is uniquely positioned to deliver on the promise of Zero Trust.

If you want to get your hands on Prisma Cloud to see how we can secure your clouds and enable Zero Trust principles, then request a [30-day trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Prisma Cloud at Ignite '21: What to Know](https://www.paloaltonetworks.com/blog/cloud-security/prisma-cloud-ignite-21/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Palo Alto Networks Shifts Left with Prisma Cloud 3.0](https://www.paloaltonetworks.com/blog/2021/11/shift-left-with-prisma-cloud-3-0/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Shift Happens, Be Ready With Code-to-Cloud CNAPP](https://www.paloaltonetworks.com/blog/2022/09/code-to-cloud-cnapp/)

### [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Supply Chain Security Reduces Code Complexity and Risk](https://www.paloaltonetworks.com/blog/2022/03/cloud-software-supply-chain-security/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### 6 Common Kubernetes and Container Attack Techniques and How to Prevent Them](https://www.paloaltonetworks.com/blog/cloud-security/6-common-kubernetes-attacks/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### The Role of Zero Trust for Cloud Identities and Infrastructure](https://www.paloaltonetworks.com/blog/cloud-security/identities-and-infrastructure/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language