What is CNAPP?
Cloud-Native Application Protection Platforms (CNAPP), a new cloud security approach defined by Gartner, emphasizes the need for unified lifecycle security as opposed to a patchwork of solutions. CNAPP encompasses a wide set of overlapping tools, spanning development and production, including but not limited to: Infrastructure as Code (IaC) scanning, cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM).


Gartner, Inc, Innovation Insight for Cloud-Native Application Protection Platforms Report August 2021Organizations have manually stitched together DevSecOps with 10 or more disparate security tools — some new and some old — each with siloed responsibilities and a limited view of application risk.
Cloud-Native Application Security Challenges
Gartner made CNAPP a popular security category when they released the Innovation Insight report for Cloud-Native Application Protection Platforms. The analyst group identifies the need for a consolidation of tools and security platforms, and for organizations to approach security and compliance as a continuous process. However, en route to pursuing CNAPP adoption, organizations face multiple complexities and business challenges:
- Lack of visibility: Silos, gaps and other complexities make it difficult to gain visibility and insights into all cloud assets and applications, extending from development to runtime.
- Inadequate risk monitoring: The lack of centralized cloud security management makes it difficult to holistically assess, prioritize and mitigate risk across the full product lifecycle.
- Siloed roles and responsibilities: Security and DevOps teams independently using multiple stitched-together tools can negatively impact the journey to cloud-native security at scale.Ermetic offers a strong starting point on your path to CNAPP. Our industry-unique combination allows organizations of all sizes to manage access risk (CIEM) and continuously improve compliance (CSPM).
See how Ermetic’s holistic identity-first platform can help you understand and reduce your cloud-native security risks.
Continuously Manage Access Risk
The Ermetic platform provides a strong entry point to CNAPP by delivering cloud native, context-aware security for AWS, Azure and GCP – achieved via a unique combination of cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM). Ermetic provides deep visibility and actionable risk intelligence, automated remediation, real-time anomaly detection and compliance across your multicloud environment.
With Ermetic, Security, DevOps, DevSecOps and IAM stakeholders can work together to govern access, improve cloud security posture and achieve least privilege, without impact to application continuity or speed to market.
- Deep visibility & full inventory
- Anomaly & threat investigation
- Auto-remediate & shift left
- Governance & compliance




Maintain Compliance and Access Governance
A cloud environment can be compliant with industry standards and best practices yet not be secure. Ermetic enables organizations to proactively detect and automatically remediate both compliance and security risks. Security stakeholders can ensure compliance with industry standards, audit and investigate access on evolving threats, and generate fully customized reports.
- Carry out continuous compliance audit including for CIS, GDPR, HIPAA, ISO, NIST, PCI and SOC2
- Generate detailed reports for asset inventory, network configurations and activity audits
Enable Shift-left Cloud-Native Security
Ermetic allows to shift-left by defining and enforcing automated guardrails for cloud identities, resources and network configuration. Security and DevOps can effectively achieve identity-centric security strategies like least privilege and zero trust at scale.
The platform uniquely remediates detected risks via auto-generated least privilege access policies sent through standard workflows, including ticketing systems, CI/CD pipelines and CloudFormation and Terraform snippets – all to reduce the cloud attack surface and blast radius in case of a breach.
- Enforce automated guardrails for identities, resources and network configuration
- Facilitate workflows integrations with customizable policy templates
- Define just-in-time access for developers and DevOps


Learn How AppsFlyer is Remediating Risk Using Ermetic
“With Ermetic, we immediately saw the risks to our environment and could quickly remediate them. No other solution provided this type of deep visibility into access entitlements and publicly accessible resources.”
CNAPP Related Content

Why Everyone Is Talking About CNAPP
For his latest Forbes Technology Council article, Shai Morag takes a look at cloud-native application protection platforms and their potential…

Cloud Native Application Protection Platform (CNAPP): An Evolving Approach to Cloud Security
A closer look at the newest Cloud Security category as defined by Gartner: Cloud Native Application Protection Platform (CNAPP).

Ermetic Data Sheet
Holistic, multi-cloud protection across identities, data, network and compute resources.