Mauricio Sanchez

Research Director

As enterprises experienced a faster pace of business and a need to be more digital during the COVID pandemic, getting the correct data to the right stakeholder with speed, agility, efficiency, and scale has become a vital need. Consequently, this has led enterprises to embrace the cloud and refactor enterprise applications to gain greater speed, agility, and efficiencies than what the traditional on-premises approach offers. However, against the promises of the more modern, cloud-centric architecture is a new looming set of security challenges, such as cloud misconfiguration, software supply chain, inability to assert compliance, poor identity control of cloud assets, and lack of visibility, analytics, and automation.

For the past decade, the security vendor community has been evolving and iterating a new class of security solutions we refer to as cloud workload security solutions that are tuned to the new cloud-based environment. These solutions emphasize data and application security outcomes, deemphasizing classical perimeters and protecting IT infrastructure. Security is integrated at all levels and points in the application architecture.

Cloud Workload Security is the basket of technologies and solutions that comprise a comprehensive set of capabilities to secure all vital points in the cloud-based application architecture and across its entire lifecycle (development, deployment, and runtime). Moreover, these solutions foster a more collaborative mindset between the development, security, and infrastructure teams.

There are several industry terms in use today to denote solutions that are part of the cloud workload security space, including cloud workload protection platform (CWPP), cloud security posture management (CSPM), and cloud-native application protection platform (CNAPP).

To take advantage of the opportunities in this market, vendors and financial institutions need to answer critical business questions, including:

  • What technologies are in cloud workload security? Which ones is it replacing and complimenting?
  • How large is the cloud workload security market? How significant will it be in five years?
  • How fast are enterprises adopting cloud workload security? What percentage of total enterprise spend on public cloud services will cloud workload security represent?
  • Who are the vendors in the cloud workload market?
  • Do public service providers own the market today for cloud workload security? Where are the pure-play (startup) and branded portfolio vendors?
  • What is and what is expected to be the regional revenue for cloud workload security?
  • What are the inhibitors to growth? What are the accelerators?


The report includes a 5-year forecast for the following areas:

  • Cloud workload security by technology (CWPP, CSPM, and CNAPP technologies)
  • Cloud workload security by region (North America, EMEA – Europe, Middle East, and Africa, Caribbean and Latin America, and Asia Pacific)
  • Total enterprise spend on public cloud services


Vital context also provided in the report includes an annual retrospective on:

  • Spend on cloud network security technologies and services such as virtual firewalls, segmentation, WAFs, and DDoS

Latest Reports

Table of Contents

Advanced Research

Advanced Research Report