Cloud Security
CNAPP (Cloud-Native Application Protection)
Also known as: Cloud-native application protection platform
Definition
An integrated security platform that combines CSPM, CWPP, CIEM, IaC scanning, and runtime detection to protect cloud-native applications from build to runtime.
Examples
- Wiz, Prisma Cloud, Orca Security, and Lacework competing as flagship CNAPP suites.
- An attack-path graph showing internet-facing pod → CVE → IAM role with S3 admin access.
Related terms
CSPM (Cloud Security Posture Management)
A category of tools that continuously assess cloud accounts against best-practice and compliance baselines to detect and remediate misconfigurations.
CWPP (Cloud Workload Protection Platform)
A platform that protects cloud workloads — virtual machines, containers, and serverless functions — across their entire lifecycle, from build to runtime.
CIEM (Cloud Infrastructure Entitlement Management)
A discipline and tooling category that discovers, analyzes, and right-sizes the identities and permissions that exist inside cloud environments.
Cloud Security
The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in public, private, or hybrid cloud environments.
Container Security
The practice of securing container images, registries, orchestrators, and the runtime in which containers execute.
Kubernetes Security
The protection of a Kubernetes cluster — its API server, control plane, nodes, workloads, and network — from misconfiguration, compromise, and lateral movement.