What Is a Cloud Workload Protection Platform (CWPP)?

The security services industry is rife with a lot of vendor classifications right now. You’re likely familiar with some of them, but for others you may be wondering what they are and how they help you address your security and compliance needs or desired outcomes. In this post, we’ll talk about Cloud Workload Protection Platforms, or CWPPs, what they are, where they play in the security services space, and what value they may have to your organization.

So, What Is a Cloud Workload Protection Platform or CWPP?

Per Gartner,

“The market for Cloud Workload Protection Platforms CWPPs is defined by workload-centric security protection solutions, which are typically agent-based. They address the unique requirements of server workload protection in modern hybrid data center architectures that span on-premises, physical, and virtual machines (VMs), and multiple public cloud infrastructure as a service (IaaS) environments. Ideally, they also support container-based application architectures.”

Some of the capabilities CWPPs provide:

  • Workload configuration and vulnerability management
  • Network segmentation, firewalling, and traffic visibility
  • Workload behavior monitoring—essentially endpoint detection and response (EDR) for servers—also referred to as host-based intrusion detection system (HIDS)
  • Anti-malware scanning
  • System integrity measurement, attestation, and monitoring
  • Application control
  • Log management and monitoring

How We Got Here

It’s important to get a little context on what Armor sees as the development of the managed security services space. In years past, we saw the growth and dominance of Managed Security Service Providers (MSSPs), who provided managed and monitored security infrastructure services to organizations of all sizes. Though many of these providers have in their roots a focus on small to medium-sized businesses (SMBs), the fact is that they succeeded in selling effectively into enterprise markets.

However, over time, many customers of these organizations, from small businesses to midsized organizations, felt overwhelmed by the volume of alerts coming from these providers and how to investigate and resolve each one effectively. That gave rise to Managed Detection and Response (MDR) providers, which went beyond simple alerting to instead provide more response and remediation guidance for organizations. These companies often deployed a proprietary security stack and/or leveraged an existing Endpoint Detection and Response solution with a managed layer on top.

Fast-forward to the past 3-4 years, and we’ve seen the cloud reach a critical mass in services and capabilities offered, as well as the levels of adoption taking place. The cloud has finally emerged into the mainstream in terms of IaaS and PaaS. It’s no secret that securing applications and data in the cloud and meeting compliance in the cloud were two of the biggest issues holding organizations back from going beyond dipping their toes into the cloud. However, those concerns are no longer founded, and we see aggressive adoption taking place to capitalize on the advantages such as scale, speed, cost, and flexibility that the public cloud provides.

Security-as-a-Service (SECaaS) as a delivery model was born out of the need for services delivery that aligned with the cloud’s key attributes of scale, speed, cost, flexibility, and consumption. Think of SECaaS as the “how” services are delivered rather than the “what.”

Cloud Workload Protection Platforms represent the “what” being delivered in a SECaaS model. CWPPs came about because of the Shared Responsibility Model across the different cloud providers and the need for public cloud customers to secure their portion of that Shared Responsibility Model.

CWPPs provide host-based protections for your “workload,” which is another way to refer to your applications, databases, and/or functions running in instances, nodes, virtual machines, or whatever nomenclature the cloud provider uses. The solutions are usually agent-based, deployed very easily and quickly, and can be deployed across any public cloud, private cloud, virtualized, and on-premise environment. This reach enables unified visibility of your security and compliance controls across your environments.


  • Provide provision-integrated security capabilities at the host-level to protect your cloud workloads
  • Provide unified visibility and control for cloud-based workloads for public cloud, private cloud, containers, and virtualized environments
  • Integrate with could native services
  • Help organizations address many key compliance controls in the cloud
  • Help organizations secure their portion of the Shared Responsibility Model
  • Turn up services rapidly with no hardware overhead
  • Scale up and down with the need for cloud workloads
  • Provide flexible billing options, including consumption-based pricing
  • Provide a cloud solution that addresses IT, IT Security, and DevOps needs (run-time)


How Does CWPP Play in the Alphabet Soup of MSSPs, MDRs, CSPMs, and the Like?

It’s best to think of each category as having a distinct strength or value proposition. The table below was created to help you understand that rather than the categories solely being competitive, they are very much complementary at times based on the needs of organizations. For instance, it’s entirely possible an organization may leverage the managed services of a MSSP for their on-premise security infrastructure while using a CWPP for securing their workloads in AWS, Azure, Google Cloud Platform, or even in a private cloud.

Where Do We See Cloud Workload Protection Platforms Headed?

  • Integration with CSPM Tools: From a Cloud Security Posture Management perspective, we already see CWPPs pulling in CSPM tools as part of a broader, more powerful solution to address the full range of cyber risk for workloads across environments on a global scale.
  • Integration with Cloud Access Security Broker (CASB) Capabilities: We expect to see some level of integration with CASB tools in the future given CASBs’ visibility and policy-based governance features. We already see some integration of CASB and CSPM tools in the marketplace. CASBs help companies secure their employees’ usage of SaaS applications and the data within those applications.
  • Increased Automation and Orchestration: We also see CWPPs deploying greater automation and orchestration into detection and response workflows to accelerate alert handling and remediation with minimal to no human intervention required.
  • Bridging through Log Management: We expect to see CWPPs leverage Log Management solutions to provide threat detection and response services that bridge existing customer security infrastructure.
  • CWPPs Will Innovate to Address Serverless Architectures: CWPPs are already exploring how to extend protections at value to serverless cloud environments.

CWPPs Are Ready for a Multi-Cloud World

As CWPPs continue to expand their reach into containers and containerized applications, it’s clear that CWPPs provide future-proof protection as organizations adopt multi-cloud and cloud-agnostic strategies. CWPPs unify visibility and control through a standardized approach to workload security in the cloud. The use of a CWPP across cloud environments also helps organizations avoid redundant security efforts associated with turning on, configuring, and managing security and compliance controls across each public cloud environment they use. In the end, CWPPs provide an elegant solution for organizations to pursue multi-cloud strategies while also hedging against over-reliance on a cloud services provider if the organization pursues a cloud-agnostic policy.

If you need help with securing your cloud workloads, check out our  Armor Anywhere and Armor Automated Security and Compliance solutions for combined CWPP and CSPM coverage. Learn more about how our cloud security platform works.

For more information on CSPM tools and whether you should be considering them, check out our white paper, “Naked Data.”

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals