[PANW![PANW](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/pan-logo.svg)](https://www.paloaltonetworks.com/?ts=markdown)[Prisma logo![prisma logo](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/prisma-cloud.svg)](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) # 5 Must Haves for Cloud Native Application Protection Platforms Secure cloud native applications across the full application lifecycle. [Explore Demos](https://www.paloaltonetworks.com/prisma/demos?ts=markdown) *** ** * ** *** ## Breaking the Divide in Cloud Native Security With the prevalence of large-scale cloud native deployments, adapting a more modern, agile and integrated cybersecurity approach is mission critical. As noted by Gartner, rather than treat development and runtime as separate problems --- secured and scanned with a collection of separate tools --- enterprises should treat security and compliance as a continuum across development and operations, plus seek to consolidate tools where possible. Enter Cloud Native Application Protection Platforms (CNAPP), a category coined by [Gartner](https://www.paloaltonetworks.com/resources/research/gartner-innovation-for-cloud-native-application?ts=markdown) and defined in the 2021 Innovation Insight for Cloud-Native Application Protect Platforms report as "an integrated set of security and compliance capabilities designed to help secure and protect cloud native applications across development and production." ### How CNAPP Works CNAPP removes the gaps in visibility and integration complexities, optimizing observability across enterprise workloads. By shifting security left to development, it also: * Reduces the risk of breaches and regulatory penalties * Lowers the total cost of fixing vulnerable applications * Helps DevSec Ops teams deliver secure cloud native applications, faster ## Gartner Market Guide for Cloud-Native Application Protection Platforms [Download the report](https://start.paloaltonetworks.com/gartner-market-guide-cnapp) *** ** * ** *** ## 5 Must Haves for CNAPP * 01Development Artifact Scanning * 02Cloud Security Posture Management * 03Infrastructure as Code Scanning * 04Cloud Identity Entitlement Management * 05Cloud Workload Protection Platforms 01 ### Development Artifact Scanning - Code to Cloud^TM^ The cloud has made containers an integral part of application development and deployment --- these must also be scanned for security threats from [code to cloud](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security?ts=markdown) including APIs, software composition analysis and exposure scanning in [CI/CD workflows](https://www.paloaltonetworks.com/prisma/cloud/cloud-workload-protection-platform?ts=markdown). \* #### Block Inbound Threats Reduce risk and block threats from entering the cloud, stop lateral movement within the cloud, and prevent critical data from leaving the cloud. \* #### Stop Lateral Attack Movement Identity-based microsegmentation helps security teams see how applications communicate and stop lateral movement of threats. \* #### Secure Outbound Traffic Next-Generation Firewalls inspect all inbound and outbound cloud network traffic for threats and high-risk content. ![frame](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/background-frame.png) 02 ### Cloud Security Posture Management [CSPM](https://www.paloaltonetworks.com/prisma/cloud/cloud-security-posture-management?ts=markdown) capabilities continuously manage cloud security risk, with automated detection, logging and reporting to aid governance and compliance. \* #### Eliminate Cloud Blind Spots Gain deep visibility into data objects stored in the public cloud as well as entitlements and user permissions. \* #### Radically Simplify Compliance Prevent misconfigurations and drift by enforcing guardrails from a library of more than 700 pre-built cloud security policies. \* #### Proactively Address Risks Allow security teams to focus their investigation and remediation efforts without the distraction of alert storms. ![frame](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/background-frame.png) 03 ### Infrastructure as Code Scanning Since infrastructure is managed and provisioned as code in many cloud environments, this code must be [continuously scanned](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security?ts=markdown) for vulnerabilities, and assessing weaknesses in configuration files. \* #### IaC Scanning Embed security into workflows with DevOps tooling for Terraform, CloudFormation, Kubernetes, Dockerfile, Serverless and ARM templates. \* #### Container Image Scanning Give developers actionable feedback and guardrails for vulnerabilities and compliance violations to keep these components secure. \* #### Policy as Code Provide controls built into code that can be replicated, version-controlled and tested against live code repositories. ![frame](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/background-frame.png) 04 ### Cloud Identity Entitlement Management [Identity and Access Management (IAM)](https://www.paloaltonetworks.com/prisma/cloud/cloud-infrastructure-entitlement-mgmt?ts=markdown) provides privileged access and governance controls for distributed cloud environments. \* #### Centrally Manage Identities Quickly audit cloud permissions and prevent security incidents that arise from improperly configured cloud entitlements. \* #### Govern Access Across Public Clouds Continuously monitor multi-cloud environments and automatically make least privilege recommendations. \* #### Integrate with Identity Providers View permission roles of IdP users and correlate results with cloud identities, such as IAM users and machine identities. ![frame](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/background-frame.png) 05 ### Cloud Workload Protection Platforms This type of security solution focuses on [protecting workloads](https://www.paloaltonetworks.com/prisma/cloud/cloud-workload-protection-platform?ts=markdown) in cloud data center architectures, including VMs, hosts, containers, Kubernetes® or serverless architectures. \* #### Multi-Cloud Security A centralized dashboard to help prioritize risks in real time across public cloud, private cloud and on-premises environments. \* #### Agentless and Agent-Based Protection Only Prisma Cloud offers the flexibility to use agentless scanning and agent-based protections to suit your needs. \* #### Integrate with DevOps Workflows A consolidated platform integrates vulnerability scanning and hardens checks into the CI/CD workflow. ![frame](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/background-frame.png) *** ** * ** *** ## Prisma Cloud is the Industry's Most Complete CNAPP Achieve cloud compliance, detect and prevent vulnerabilities, and secure running applications with the industry's only comprehensive Cloud Native Application Protection Platform (CNAPP). With support for hosts, containers and Kubernetes®, and serverless functions, Prisma Cloud protects all your modern applications. ![GartnerPeer Insights Logo](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/gartner_image.svg) "Prisma Cloud helped us to start raising alerts and vulnerabilities... We were able to help a team that was totally vulnerable to have a security solution." [Read the review](https://www.peerspot.com/products/prisma-cloud-by-palo-alto-networks-reviews/page-2#review_127904) "Prisma Cloud provides risk clarity across the entire pipeline, showing issues as they are resolved... We have been able to detect things faster and remedy them faster." [Read the review](https://www.peerspot.com/products/prisma-cloud-by-palo-alto-networks-reviews/page-2#review_1912225) "I liked how simple the console was and how simple the API was... The API documentation was also very good, so it was easy to scale. You could automate pretty much everything." [Read the review](https://www.peerspot.com/products/prisma-cloud-by-palo-alto-networks-reviews/page-2#review_127904) *** ** * ** *** ## The Prisma Cloud Difference Integrated The power and advantage of the Prisma Cloud platform are in its simplified onboarding, correlated alerting and joint use cases. By combining visibility and remediation of the posture of your cloud infrastructure with the vulnerability exposure and protection of your hosts and containers, you gain complete coverage for your cloud native environment. Flexible Prisma Cloud gives security teams the flexibility to expand use cases all within a single solution and managed from a single dashboard. It's the industry's only CNAPP to offer both agentless and agent-based security built into the same platform. Prisma Cloud provides the coverage needed to keep up with today's ephemeral, containerized and serverless environments. Effective With Prisma Cloud, DevOps teams can deliver complete security across the development lifecycle on any cloud and implement methodologies with security tools integrated within their CI/CD workflows. In addition, its automated infrastructure decreases attack risks, accelerates time to market, and reduces the burdens on compliance teams. *** ** * ** *** ## Tested, Trusted and Proven ROI Forrester: The Total Economic Impact of Prisma Cloud, June 2021 [Read the Full Study](https://www.paloaltonetworks.com/prisma/forrester-tei-study-prisma-cloud-2021?ts=markdown) ![ROI](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/roi__animatev2_v2.svg) ROI ### 276% ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/growth_v2.svg) BENEFITS PV ### $7.91M ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cnapp/icon.svg) PAYBACK ### \<6 months ![Forrester Report](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/environments/Forrester_300x260.svg) ## Forrester Total Economic Impact of Prisma Cloud, June 2021 [Download the full study](https://www.paloaltonetworks.com/prisma/forrester-tei-study-prisma-cloud-2021?ts=markdown) ## Speak With a Prisma Cloud Specialist Fill out the form below and we'll reach out to schedule a meeting. {#must-have-contact-form} ## Request your Personal Prisma Access Demo ![laptop](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/prismaaccessvszscaler/prisma-access-request-demo-laptop-mock.png) Fill out the form below and we'll reach out to schedule a meeting. {#must-have-contact-form} ## Request your Personal Prisma Access Demo See what ZTNA combined with the best user experience in a unified security product can do for your organization. First Name \* Last Name \* Email \* Company \* Job Level \*Job Level Job Function/Focus Area \*Job Function/Focus Area Phone \* Country \*Country State State Zip Code \* recaptcha Email me exclusive invites, research, offers, and news By submitting this form, you agree to our [Terms](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown). View our [Privacy Statement.](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) Submit ### THANK YOU! A Palo Alto Networks specialist will reach out to you shortly. We look forward to connecting with you! {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language