Securing multi-cloud environments: How CNAPP is changing the game

Decoding CNAPP

A cloud-native application protection platform (CNAPP) is a unified security solution designed to protect cloud-native applications across the full lifecycle — from development to production.

Earlier CNAPPs primarily focused on cloud security posture management (CSPM) and cloud workload protection platform (CWPP) capabilities. In 2025, mature CNAPPs have added cloud infrastructure entitlement management (CIEM), API security, data security posture management (DSPM), AI-security posture management (AI-SPM), and attack path visualization to their armor to secure cloud. CNAPPs’ infrastructure-as-a-code (IaC) scanning helps integrate these deeply into developer environments, thereby offering shift-left security capability in the early development life cycle by adding integrations for IDE plugins, CI/CD pipeline and ticketing system workflows.

Let’s take a brief look at each CNAPP feature.

Cloud security posture management (CSPM)

CSPM still remains the core capability of CNAPP. It continuously scans cloud environments for misconfigurations, overly permissive roles, and compliance violations against frameworks like CIS, ISO 27001 and NIST.

Cloud workload protection platform (CWPP)

CWPP provides insights into runtime behavior, detecting anomalies, malware and unauthorized access attempts across VMs, containers and serverless workloads. Managed service providers integrate with cloud-native telemetry like AWS CloudTrail and Azure Monitor to offer behavioral analytics and proactive threat hunting.

Infrastructure-as-code (IaC) scanning

IaC helps to deploy and manage multi-cloud infrastructure at speed. Mistakes in code can lead to insecure configurations. IaC scanning looks for misconfigured resources, non-compliant settings and hardcoded secrets or credentials. It also enables shift-left security approach by integrating with CI/CD pipelines to block risky changes.

Cloud infrastructure entitlement management (CIEM)

When organizations are trying to implement zero trust, managing identities, roles and permissions across multi-cloud can become overwhelming for IT and security teams. CIEM simplifies this by providing identity visibility, contextual analysis across cloud platforms and guided remediation of overprivileged identities. It also helps identify toxic combinations of permissions with workloads and misconfigurations.
API security
API security provides a discovery of APIs, vulnerability scanning, runtime protection and access controls. Combined with CIEM it can help to assess and enforce least privilege access for API calls in your cloud.

Data security posture management (DSPM)

DSPM complements CSPM, CNAPP and your DLP solutions by providing visibility into data risks and posture of your cloud. It can do data discovery into cloud services, storages, databases, containers and images. It can help classify data based on sensitivity, compliance requirements and business impacts such as productive vs non-productive.

AI security posture management (AI-SPM)

AI-SPM increases your cloud visibility by discovering AI/ML models consumed by the organizations in the cloud, dependencies of such AI assets. It can identify misconfigurations in AI services like unencrypted models, open endpoints and flag risky permissions and access to sensitive training data. Combined with DSPM and DLP, it can monitor data flows in and out of AI models.

Gathering momentum in 2025

There are several other reasons why CNAPP adoption has accelerated in 2025:

1. Increased cloud maturity: Global cloud market size in 2025 is $912.77 billion compared to $600 billion in 2022. 94% of enterprises use some form of cloud services. As organizations mature in their cloud adoption, they realize the need for consolidated, scalable security models that can handle sprawling multi-cloud estates.
2. Evolving threat landscape: Sophisticated attacks now often involve chained misconfigurations across accounts, services, and identities—exploits that are hard to detect with traditional security tools. Contextualized attack path visualization simplifies investigation of issues and reduces resolution time.
3. Regulatory pressure: Rising geopolitical tensions and regulatory mandates around digital sovereignty, data residency, and encryption key control are forcing enterprises to re-evaluate their cloud security posture.

Taking it up a notch with managed CNAPP services

While CNAPP platforms offer a powerful toolkit, managed CNAPP services take it a step further by outsourcing the operational burden to specialized providers. Enterprises gain access to 24/7 monitoring, threat intelligence, configuration management, and incident response — delivered by experts who understand both the tools and the regulatory context.

Managed CNAPP services take this further by delivering contextualized and actionable insights. Instead of drowning in dashboards, cloud and applications teams receive clear remediation steps with business context with prioritized risks and compliance impact. Additionally, managed CNAPP services, along with enterprises who are adept at providing managed Cloud services, can help enforce security by design, integrating directly with DevOps pipelines to detect issues before they reach production.

Adopting CNAPP – A strategic necessity

Securing a multi-cloud environment is no longer about stitching together dozens of tools. It’s about adopting a cohesive, cloud-native strategy that spans workloads, data, and infrastructure. If your organization is expanding across multiple clouds, CNAPP is not just a good idea — it is a strategic necessity.

Read more about Atos’ offerings in the hybrid cloud security and infrastructure domain

Posted 17/11/25