Glossary term
CWPP
Also: Cloud Workload Protection Platform
Software category for protecting cloud workloads (VMs, containers, serverless) at runtime. Combines vulnerability scanning, config review, runtime monitoring, container and K8s security.
Functions: image scanning before deployment, runtime protection (eBPF-based), microsegmentation, compliance checks, K8s posture. CWPP differs from CSPM by workload depth (inside the VM, inside the container).
Market leaders: Wiz, Palo Alto Prisma Cloud, CrowdStrike Falcon Cloud Security, Sysdig Secure, Aqua Security. Platform vendors are increasingly bundling CWPP into CNAPP.
Trend 2026: CSPM, CWPP, CIEM, KSPM and DSPM are converging into CNAPP. Stand-alone CWPP tools are being displaced by consolidated platforms.
Related terms
CSPM
Software category for continuous review of cloud configurations against security benchmarks (CIS, NI…
CNAPP
Gartner platform category that combines CSPM, CWPP, CIEM, KSPM, DSPM and IaC scanning into one tool.…
CASB
Security layer between users and SaaS providing visibility (shadow IT discovery), data protection (D…
Compliance mapping
The explicit link between a decision (vendor, architecture, control) and the specific regulatory art…
Confidential Computing
Hardware-based isolation that keeps data encrypted during processing (data-in-use). Complements encr…
Critical ICT Third-Party Provider (CTPP)
ICT third-party provider designated critical by the European Commission under DORA Art. 31, falling …
CVE
Global identifier for publicly known security vulnerabilities in software and hardware. Format CVE-Y…
CVSS
Standardised scoring system for vulnerabilities with a 0-10 score. Current version CVSS v4.0 (2023).…