Why Cloud Security Demands a Platform Approach PDF Free Download
1 / 13/13
100%
Why Cloud Security Demands a
Platform Approach
Shift to a proactive stance with a solid CNAPP strategy
A guidebook for enterprise security teams
eBook | Why Cloud Security Demands a Platform ApproachPage 2 of 13
Cloud flexibility makes it easier for businesses
to do what they need to do,
and harder for security
teams to protect them.
Hybrid and multi-cloud environments maximize
convenience and scalability but fragment
visibility and complicate responsiveness to threats.
A platform approach to cloud security can
turn those challenges around, empowering you
to manage cloud risks proactively and overcome
complexity without slowing down business innovation.
This guide looks at some of the cloud hurdles
security teams face today and how a strategy
built around a cloud-native application protection
platform (CNAPP) can address them. This includes:
> Common cloud security challenges
> Why a risk-based approach is key
> How CNAPP meets the need
> The CNAPP maturity journey
Page 3 of 13 eBook | Why Cloud Security Demands a Platform Approach
Gartner predicts 90% of organizations will be using hybrid cloud solutions by the end of 2027,
driven by business demands and the uptick of generative AI (GenAI).* This mass hybrid and multi-
cloud trend has clear implications, and real consequences, for cybersecurity teams.
Enterprises were originally drawn to the cloud because it promised better economics and
the benefits of virtualization, decentralization, and scale. Those are all still valid, but as cloud
technology has matured, so have the use cases. Today’s organizations have sophisticated strategic
ideas about what they want cloud to do for them. They have a mix of public, private, hybrid, and
multi-cloud configurations to achieve their goals.
> For security teams, that means:
How cloud security gets complicated
More complexity New threats More intensity
* Gartner Forecasts Worldwide Public Cloud End-User Spending to Total $723 Billion in 2025 , November 2024
Page 4 of 13 eBook | Why Cloud Security Demands a Platform Approach
To navigate complexity, you need a cloud security approach that surfaces and prioritizes critical risks.
Many analyst organizations agree that risk-based prioritization is essential to minimize alert
fatigue, speed up incident response times, and improve overall security posture. Assessing the
relative severity, urgency, and relevance of threats and vulnerabilities allows security teams to make
better choices about where to first focus their efforts, and when.
> This risk-based approach needs to be backed up with:
Outcomes >
Security, from code to cloud Real-time threat detection Cross-platform/environment coverage Holistic lifecycle security
Fight the right threats
End-to-end cloud
infrastructure visibility
Visualization of risks across hybrid
and multi-cloud environments
Discovery of risky cloud assets
Visibility into misconfiguration
and vulnerabilities with real-time
threat detection
Insight into overprivileged, unused,
and compromised cloud identities
Proactive cloud
risk management
Continuous risk assessment
and prioritization
Early risk detection and mitigation
Visualization of potential attack
paths to pre-empt attacks
Inclusion of rich contextual
threat intelligence
Streamlined security
operations
Automated actions
through playbooks
Reduced tool sprawl
(with associated cost savings)
Simplified security policies
and enforcement activities
Streamlined compliance
maintenance
Page 5 of 13 eBook | Why Cloud Security Demands a Platform Approach
CNAPPs deliver end-to-end cloud security by replacing siloed point products with a
unified, comprehensive protection solution.
Enterprises seem to have gotten the message about the importance of risk visibility, judging by
the fact that the CNAPP market shot beyond US$3.4 billion in 2024. Gartner has noted that
many Fortune 500 companies are abandoning siloed, multi-tool security approaches in favor of
CNAPPs that give them unified visibility.
The CNAPP market’s rapid growth, surpassing $3.4 billion in 2024, reflects a broader enterprise
shift toward risk visibility. According to Gartner’s 2025 Market Guide for Cloud Native CNAPPs,
“The most significant [driver of CNAPP adoption] is the need to unify risk visibility across IaaS
and PaaS cloud environments and the entire application development life cycle. This simply
cannot be achieved using separate and siloed security and legacy application testing offerings.”
Proactive cloud security needs risk-based visibility
Page 6 of 13 eBook | Why Cloud Security Demands a Platform Approach
How full CNAPPs work
CNAPP capability What it should include
Visibility and
control over
cloud risk
Cloud security posture management (CSPM):
Helps prevent misconfigurations that lead to breaches, enabling continuous compliance across
cloud environments
External attack surface management (EASM):
Reduces public exposure and helps eliminate internet-facing risks before attackers can find and exploit them
Data security posture management (DSPM):
Protects sensitive data and helps organizations meet regulatory requirements by uncovering hidden risks
Attack path analysis:
Proactively blocks attacker routes and prioritizes remediation where it matters most
Cloud infrastructure entitlement management (CIEM):
Reduces identity-based risk by eliminating excessive permissions and enforcing the principle of least privilege
AI security posture management (AI–SPM):
Secures emerging AI workloads and prevents misuse of AI infrastructure
Attack surface management (ASM):
Provides centralized visibility that helps prioritize and remediate risks quickly across cloud assets
Agentless detection:
Delivers fast, scalable threat coverage without the complexity of deploying agents
Teams can assess, prioritize, and address cloud risks without having to
toggle between multiple tools, automating basic tasks for efficiency
and to relieve strain.
> A complete CNAPP will provide:
A CNAPP helps you bring compliance monitoring, reporting, and threat detection into a single
unified view for greater risk visibility and faster security responses.
Page 7 of 13 eBook | Why Cloud Security Demands a Platform Approach
CNAPP capability What it should include
AI-powered
threat detection
and response
Extended detection and response (XDR):
Reduces alert noise and accelerates threat response by correlating signals across cloud and endpoint
environments into actionable insights
Cloud detection and response (CDR):
Helps detect and contain cloud-native threats in real time, improving security outcomes without manual
investigation delays
Protection for
virtual machines,
servers, and
hybrid workloads
Multi-cloud support:
Key to consistent protection across diverse cloud platforms without operational silos
Centralized policy management:
Simplifies governance and security policy enforcement of at scale
Firewalls:
Blocks unauthorized access and enforce perimeter controls
Cloud intrusion prevention systems (IDPS):
Detects and stop malicious activity before it affects workloads
Anti-malware scanning:
Prevents malware infections through continuous scanning across environments
Behavioral monitoring:
Helps detect anomalies and insider threats with real-time behavior analysis
Predictive machine learning (ML):
Identifies trends and patterns to help you detect threats earlier and stay ahead of evolving attacks
Page 8 of 13 eBook | Why Cloud Security Demands a Platform Approach
CNAPP capability What it should include
End-to-end
protection for
containerized
applications
Container image scanning:
Ensures container images are free of vulnerabilities and misconfigurations before deployment, reducing risk early
in the continuous integration/continuous delivery (CI/CD) pipeline
Vulnerability scanning:
Identifies exploitable weaknesses in containers to prevent breaches and maintain compliance with standards like
CIS and NSA
Malware scanning:
Blocks malicious code embedded in containers. Protect workloads during build to runtime
Secrets scanning:
Enables the elimination of hardcoded credentials and sensitive data in containers to prevent unauthorized access
and data leakage
Runtime scanning:
Provides continuous monitoring of container behavior in production to detect anomalies and respond to threats
in real time
Policy enforcement:
Supports consistent governance across container environments to prevent misconfigurations and enforce security
standards during deployment and runtime
Container detection and response (DR):
Automates threat detection and accelerates remediation to minimize the impact of attacks on
containerized workloads
Kubernetes security posture management (KSPM):
Provides visibility into Kubernetes configurations and workloads to prevent privilege escalation and ensure secure
orchestration across clusters
Page 9 of 13 eBook | Why Cloud Security Demands a Platform Approach
CNAPP capability What it should include
Real-time
malware scanning
for cloud files and
storage
File security storage:
Protects cloud file repositories like Amazon Simple Storage Service (Amazon S3) without moving data, ensuring
real-time scanning and compliance while maintaining performance
File security software development kit (SDK):
Enables flexible integration of malware scanning into applications and workflows—whether on-premises or in the
cloud—for custom protection at scale
File security virtual appliance:
Allows for local scanning of network file systems to maintain control and reduce latency, especially in
hybrid environments
File security containerized scanning:
Provides scalable, Kubernetes-based scanning across CI/CD pipelines, cloud storage, and network file systems to
ensure consistent protection across dynamic environments
Multi-format support:
Enables scanning of all file types without limitations to ensure comprehensive coverage and avoid blind spots
in threat detection
Advanced threat detection:
Uses predictive machine learning and real-time scanning to catch sophisticated malware and zero-day threats
before they cause harm
Cloud integration:
Enables seamless file scanner deployment into cloud-native environments for rapid protection without disrupting
operations or requiring complex setup
Data sovereignty:
Requires scanning solutions that respect regional data residency laws by keeping files within their original cloud
buckets during inspection
Page 10 of 13 eBook | Why Cloud Security Demands a Platform Approach
CNAPP capability What it should include
Early stage
integration of
security during
development
Secret scanning:
Prevents unauthorized access and data leaks by identifying hardcoded credentials and secrets early in the
development lifecycle
Malware scanning:
Detects and eliminates malicious code embedded in source files before it reaches production, reducing the risk of
supply chain attacks
Detect open-source vulnerabilities:
Provides visibility into third-party libraries and dependencies to avoid known vulnerabilities and maintain secure
software composition
Policy engine:
Automates enforcement of secure coding practices and compliance requirements, ensuring consistent governance
across development teams
Infrastructure-as-code (IaC) scanning:
Allows you to identify misconfigurations and risky deployments in IaC templates before provisioning, reducing
cloud risk and enabling secure-by-design infrastructure
SILOS
> Your team relies on loosely
stitched-together tools to
provide different aspects of
cloud security.
> Those tools lack integration,
requiring team members
to toggle between consoles
and dashboards.
UNIFIED
DASHBOARDS
> You have one or more
dashboards that present
a consolidated view of
intelligence and analytics
across your toolset.
> Your security team still has
to manually prioritize and
respond to threats
and vulnerabilities.
FULL CNAPP
> You have a single, integrated
platform that provides all
the cloud security functions
you need, radically reducing
the number of discrete tools
you require.
> With intelligence, analytics,
and automation, you can
prioritize risk effectively,
optimize resource usage,
and implement advanced
proactive security measures.
PARTIAL
INTEGRATION
> You have engineered solutions
to allow some security tools to
work together.
> Your security team still lacks a
complete, all-in-one view of risk
in your cloud infrastructure.
Page 11 of 13 eBook | Why Cloud Security Demands a Platform Approach
Few organizations can expect to jump straight to proactive, platformized cloud security overnight.
For most, becoming ‘CNAPP mature’ is a staged progression that begins with identifying
where your organization sits on the curve today.
What’s your CNAPP maturity?
Page 12 of 13 eBook | Why Cloud Security Demands a Platform Approach
Reaching stage four of the maturity journey with an intelligent, integrated CNAPP
provides comprehensive protection and significant advantages for both cybersecurity
teams and corporate business units alike.
A strategy centered on a fully-featured CNAPP improves visibility and accelerates threat
detection and response. It also simplifies management while ensuring strong compliance with
corporate policies, industry standards, and regulatory requirements. You gain the advantage of:
> Comprehensive visibility across all hybrid cloud environments
> End-to-end protection for all cloud assets, from data storage to application deployment
> Operational efficiency through orchestration and automation of security processes
> Streamlined security policy management
> Scalable security that can meet the evolving cloud needs of the organization over time
> Seamless integration with existing infrastructure to optimize costs
A secure multi-cloud environment empowers businesses to drive frictionless innovation, enhance
agility and scalability through seamless DevOps and adopt AI with confidence, unlocking greater
opportunities for growth.
Security from end to end
Page 13 of 13 eBook | Why Cloud Security Demands a Platform Approach
Trend Micro is a confirmed leader in the CNAPP solution space, with multiple recognitions from
Gartner, IDC, and Forrester. Trend Vision One™ Cloud Security is a complete solution for proactive
cloud security.
Cloud Security uses AI-powered threat prediction and real-time response capabilities to help
you reap the full benefits of CNAPP and stay ahead of evolving risks.
Traditional cloud security tools are reactive, responding to detected anomalies or suspected
breaches. Analysts such as Gartner and IDC have spotlighted the need for CNAPPs to also
incorporate predictive analytics and AI. That’s exactly what Trend Vision One does, correlating signals
across workloads, identities, and configurations to identify critical risks early and prevent them from
escalating—all within a comprehensive CNAPP offering.
A proven CNAPP partner
Trend is named a 2024
Gartner Peer Insights™ Customers’
Choice for Cloud-Native Application
Protection Platforms (CNAPP)
A Leader in the IDC MarketScape for
Worldwide CNAPP 2025 Vendor
Assessment, doc #US53549925,
June 2025
The Forrester Wave™:
Cloud Wordload Security,
Q1 2024 strong performer with the
largest market presence
Advance your CNAPP journey with Trend Vision One™
Visit trendmicro.com/cloudsecurity
Copyright ©2025 Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, the t-ball logo, and Trend Vision One are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained
in this document is subject to change without notice. Trend Micro, the Trend Micro logo, and the t-ball logo Reg. U.S. Pat. & Tm. Off. TrendMicro.com [EBK00_CNAPP_Global_Campaign_eBook_251120US]
