IT research firm Gartner defines cloud workload protection platform (CWPP) as a solution “primarily used to secure server workloads in public cloud infrastructure as a service environment.”
CWPPs allow for multiple public cloud providers and customers to ensure a workload remains secure. They protect various types of workloads, regardless of location, across multiple providers.
CWPPs are security products that focus on workloads in hybrid, and multi-cloud data center environments. They provide visibility and control for virtual machines, physical machines, containers, and serverless workloads. CWPPs can also scan workloads during the development pipeline through a combination of integrity protection, behavioral monitoring, application control, intrusion prevention, and anti-malware protection,
Protecting workloads with CWPP is accomplished via two methods:
- Micro-segmentation allows for security architects to divide data into defined security segments on a workload segment. They can then define security controls for each segment. Rather than relying on physical firewalls, micro-segmentation uses network virtualization to define flexible security policies that protect workloads. This process prevents malware from hopping server-to-server within the environment
- Bare Metal Hypervisor offers additional cloud workload protection. Hypervisor is a type of virtualization software that allows for the creation and management of virtual machines through the separation of a machine's hardware and software. Hypervisor is installed as an additional hardware component on the machine between the hardware and operating system. It then creates a virtual machine isolated from other virtual machines. If one machine suffers an attack, the issue stays contained within that server.