In fact, 80% of companies reported cloud security incidents over the last year. It’s a mind-blowing problem in both scope and price. In 2025, cybercrime is expected to cost the global economy $10.5 trillion. Needless to say, traditional security measures are falling short.
The bumpy road to CNAPP
Initially, cloud security relied on specialized products like cloud workload protection, cloud security posture management, cloud infrastructure entitlement management and artifact scanning tools. Each addressed specific security objectives but operated independently, leading to fragmented security efforts.
We’ve been watching these separate solutions converge into what’s now known as cloud-native application protection platforms (CNAPP).
A CNAPP simplifies cloud security with a comprehensive, integrated solution that secures cloud-native environments more effectively than traditional approaches. It provides a unified answer to the diverse demands of modern cloud security.
Components of a CNAPP
In the past, security practitioners were tasked with implementing and managing an array of security tools to protect their assets and infrastructures. This often involved developing or deploying separate solutions for monitoring, threat detection, vulnerability management, compliance and more, leading to complex and disintegrated security operations.
The convergence of these components into a central threat detection platform ensures that organizations adopting a CNAPP can maintain a strong security posture across cloud infrastructures with greater efficiency and control.
Fig 1: Core components of a CNAPP
Factors to consider when evaluating a CNAPP solution
In fact, no two CNAPP solutions are exactly alike, and each vendor has areas where it excels and where other complimentary security solutions or controls are needed.
We strongly advise assessing your current security posture to identify gaps a CNAPP could fill. Conducting an inventory of existing tools and processes helps to determine potential overlaps or integration opportunities. For this reason, it is necessary not to just involve the security engineering team, but also leadership, cloud platform and development teams to ensure alignment with existing workflows.
These are the key features to look for when assessing a CNAPP for your organization:
Scalability and adaptability: It is essential that the CNAPP can scale with your cloud infrastructure and adapt to evolving security requirements.
Interoperability: A CNAPP solution must support across containers, serverless functions and multicloud environments.
Integration: The ability to integrate with your existing security tools and workflows is essential.
Automation and AI: Leveraging automation and AI can only boost efficiency.
Best in class: We recommend looking for solutions with context-aware risk prioritization, focusing on severity and business impact, not just vulnerabilities. Robust compliance support for standards like PCI DSS, HIPAA, and GDPR is also key.
Reliable vendors: Consider the vendor’s reputation, support offerings, and roadmap not just as a quick fix but for future development too. Creating a detailed list of requirements to share with vendors may be helpful.
However, we urge caution.
Not all vendors deliver on their CNAPP promises, and many interpret features differently. You’ll have to do your homework. Consult industry reports and research, conduct a formal analysis and evaluation, and review product vendor catalogs to determine the right fit. A thorough evaluation helps avoid security control gaps, reduces sprawl of costly security solutions and ensures the solution enhances your security team workflows rather than disrupts it.
Next, let’s look at Google as an emerging player in the CNAPP space and assess its flagship product.
Aiming for the sky with Google’s Security Command Center Enterprise
The CNAPP space is rapidly evolving, with various providers focusing on different aspects of cloud and application security. Besides other major CNAPP vendors like CrowdStrike and Wiz, Google is another rising star.
Following Google’s unsuccessful Wiz acquisition deal, Google is now focused on utilizing its flagship product Security Command Center Enterprise to break into the CNAPP market. This differentiates itself from other CNAPP vendors by having multicloud risk management support for AWS and Google, combined with deep integration into the Google SecOps stack (Chronicle SIEM and SOAR). It also provides frontline threat investigation and threat intelligence through its integration with Mandiant products and services.
Fig. 2: Security Command Center Enterprise and its CNAPP plus additional SecOps capabilities
Additionally, Security Command Center Enterprise offers artifact analysis through Assured Open-Source Software to reduce supply chain security risks. By combining cloud security posture management and cloud workload protection via the Event Threat Detection and Web Security Scanner features, this product enables near real-time threat detection for workloads across Google Cloud and AWS. The Risk Engine is another key component, enabling an attack path analysis to deliver contextual insights in Google and AWS cloud environments.
However, the Security Command Center Enterprise has some limitations. Currently, Microsoft Azure support for the Security Command Center Enterprise is limited. It also lacks data security posture management features like data discovery, classification, and protection. This means it may not fully meet the needs of organizations looking for comprehensive data security management.
The road ahead with CNAPP
CNAPPs offer a significant leap in securing cloud-native environments by unifying security features into a single pane of glass. They scale cloud infrastructure through better analysis and automation, rather than relying on increasing human resources. As the threat landscape becomes more complex, we can’t overburden our cybersecurity teams. We need solutions that provide better analysis, enhanced automation, and greater flexibility. The right CNAPP solution should create less work for security teams, not more.
With that in mind, Google’s Security Command Center Enterprise is a promising solution that stands out from the rest. With its integration of Mandiant threat intelligence, AI-powered analytics with Gemini, and focus on multicloud environments across AWS and GCP, it addresses many of the modern security challenges organizations face.
Choosing the right CNAPP solution with a strong partner is an important first step. It is even more important to ensure a successful implementation and long-term value realization of your organization’s cloud security investment.