Philip Cao

Stay Hungry. Stay Foolish.

2021 Gartner Market Guide for Cloud Workload Protection Platforms

2 min read

Workload protection must span virtual machines, containers and serverless workloads in public and private clouds. Security and risk management leaders should use this Market Guide to understand the need for protection that spans development and runtime and includes cloud security posture management.

Key Findings

This document was revised on 27 July 2021. The document you are viewing is the corrected version. For more information, see the Corrections page on
  • Most enterprises are purposefully using more than one public cloud infrastructure as a service (IaaS) platform, but still have on-premises workloads to protect.
  • With cloud-native applications, workload security must start proactively during development.
  • The cloud workload protection platform (CWPP) market is increasingly overlapping with the cloud security posture management (CSPM) market and “shifting left” into development to address the full life cycle of cloud-native application protection requirements.
  • Emerging approaches, such as the use of agentless CWPPs, appeal to buyers because of their ease of deployment.
  • Enterprises using endpoint protection platform (EPP) offerings designed to protect end-user devices for server workload protection are putting their data and applications at risk.


Security and risk management leaders responsible for infrastructure security should:
  • Implement a CWPP offering that protects workloads regardless of location, size, runtime duration or application architecture.
  • Secure workloads earlier by extending workload scanning and compliance efforts into development (DevSecOps), especially for container-based and serverless function platform as a service (PaaS)-based development and deployment.
  • Consolidate CWPP and CSPM strategies over the next 12 to 24 months to reduce costs and complexity and identify risks better.
  • Design for CWPP scenarios where runtime agents cannot be used or no longer make sense. Require CWPP and CSPM vendors to support agentless deployment options.

View Report

Leave a Reply

Copyright © 2006-2022 Philip Hung Cao. All rights reserved