See What Gartner® Says About CNAPP in New Market Guide

There’s no debate that organizations are moving their workloads to the cloud. For developers, the cloud is an opportunity to accelerate application development. According to the Palo Alto Networks 2023 Cloud-Native Security survey, respondents reported that application deployment frequency has increased by 67% in the past twelve months.

Security professionals, on the other hand, say that complexity is impeding security. Many attribute this complexity to the proliferation of tools they adopt to protect their cloud environments. In fact, 76% of respondents say that their collection of point-product security tools create blind spots.

Gartner^® recently published its 2023 Market Guide for Cloud-Native Application Protection Platforms. Security and risk management leaders responsible for cloud security strategies should use this research to analyze and evaluate emerging CNAPP offerings.

You can get complimentary access to the 2023 “Market Guide for Cloud-Native Application Protection Platforms” to read in full.

The Market Need for Security Consolidation

Organizations adopt 30+ products to address their security needs, according to Palo Alto Networks research. This is partly due to organizations racing toward solutions that solve only an immediate problem without considering long-term goals. Organizations that manage multiple vendors and point solutions face several challenges, including:

• Fragmented visibility creates blind spots: Siloed tools lack data unification. As new misconfigurations or vulnerabilities arise, security teams lack the context they need to identify and address the most urgent risk. This enables adversaries to exploit weaknesses before security teams can identify them.
• Excessive overhead becomes overburdening: Because siloed tools don’t natively integrate with each other, security practitioners spend more time performing systems integrations than they do monitoring for threats.

Gartner states, “By 2026, 80% of enterprises will have consolidated security tooling for the life cycle protection of cloud-native applications to three or fewer vendors, down from an average of 10 in 2022.”

What Is a Cloud-Native Application Protection Platform?

Cloud-native application protection platforms integrate and centralize disparate security functions into a single user interface.

As defined by Gartner, “Cloud-native application protection platforms (CNAPPs) are a unified and tightly integrated set of security and compliance capabilities designed to secure and protect cloud-native applications across development and production. CNAPPs consolidate a large number of previously siloed capabilities, including:

• Container scanning
• Cloud security posture management
• Infrastructure as code scanning
• Cloud infrastructure entitlement management
• Runtime cloud workload protection
• Runtime vulnerability/configuration scanning.”

Recommendations for Security Leaders

The Gartner Market Guide offers several recommendations for security leaders evaluating CNAPP solutions. Palo Alto Networks has excerpted a few recommendation we consider paramount in terms of securing applications:

Reduce complexity and improve the developer experience by choosing integrated CNAPP offerings that provide complete life cycle visibility and protection of cloud-native applications across development and staging and into runtime operation.

Ensure the right person/team is tasked with remediating an identified risk, by requiring CNAPP offerings to understand ownership and provenance of development artifacts. At a minimum, the CNAPP offering must understand what developer/development team created the artifact, when it was scanned, when it was deployed, and who has since changed or modified it.

Use adoption of a CNAPP offering to consolidate vendors to cut complexity, simplify security policy enforcement, provide better context and prioritization, and improve the developer experience. There is also the potential to reduce duplicative costs of point solutions as contracts renew for CWPP, CSPM, SCA and container security offerings.

Prisma Cloud: A Single-Vendor CNAPP for Code-to-Cloud Security

At Palo Alto Networks, we’ve designed Prisma Cloud to secure applications from code to cloud across multicloud environments. The platform delivers comprehensive security with continuous visibility, risk prioritization, and proactive threat prevention throughout the application lifecycle. Prisma Cloud enables security and DevOps teams to effectively collaborate to accelerate secure cloud native application development and deployment.

With code-to-cloud coverage that encompasses code, infrastructure, workloads, data, networks, web applications, and APIs security, Prisma Cloud is the platform that addresses your security needs at every step in your cloud journey. With over 7 billion cloud assets secured and 1 trillion cloud events processed daily, you can trust Prisma Cloud to protect your cloud environments at any scale.

Palo Alto Networks is included in the Gartner Market Guide as a Representative Vendor for CNAPP. As a single-vendor CNAPP, we believe Prisma Cloud supports core, recommended and optional capabilities listed in the report.

If you’re interested in learning more about Gartner research on CNAPP, you can download a complimentary copy of the report.

Gartner, Market Guide for Cloud-Native Application Protection Platforms, by Neil MacDonald, Charlie Winckless, Dale Koeppen, 14 March 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.