Cloud Security Outlook: From Compliance to Real-Time Protection (Pt.1 - CWP)
Summary
- The standard for cloud security has become a comprehensive platform, where vendors integrate posture, workload, and runtime protection to solve the “cloud security trilemma.”
- As enterprises race to deploy AI across their operations, cloud infrastructure becomes essential — amplifying demand for scalable, real-time cloud security solutions.
- Part 1 focuses on CWP (Cloud Workload Protection), the runtime layer of CNAPP, largely out-of-favor vs. agentless approaches 2-3 years ago, but now seeing a revival as the demand for real-time protection grows.
- The rise of LLM-Ops, copilots, and the early emergence of AI agents suggest that CWP is entering a new chapter defined by automation and runtime intelligence.
Introduction and Overview
Cloud security has become defined by the rise of Cloud-Native Application Protection Platforms (CNAPPs) — unified solutions that combine multiple cloud security capabilities under one roof. This convergence addresses the long-standing “cloud security trilemma” (introduced in our previous Cloud Security Series): balancing comprehensive protection, ease of deployment, and real-time responsiveness.
Source: Convequity
Now, in 2025, a major new chapter has opened. On March 18, 2025, Google announced the $32bn acquisition of Wiz — the largest acquisition in Google's history — signaling the end of the standalone CNAPP era. With Wiz absorbed, all major cloud security contenders are now large platform companies rather than high-velocity independents. The industry has matured significantly, moving from the aggressive innovation cycles of 2020–2023 into a phase of consolidation, operational tightening, and reduced investor hype. The core question now is: with the battlefield reset, which platform is best positioned to dominate the next, more measured phase of cloud security evolution?
Below are the reports part of the Cloud Security Series published from Sep-22 through Feb-23.
Cloud Security Series #1: Pre-IPO, Orca Security
Cloud Security Series #2: Pre-IPO, Lacework
Cloud Security Series #3: Palo Alto Networks - Prisma Cloud
Cloud Security Series #4: Pre-IPO, Wiz
Cloud Security Series #5: Pre-IPO, Aqua Security
Cloud Security Series Round-Up Report
And here is a Wiz vs. Palo Alto Networks (PANW) report we published in Jul-24.
Updates: Wiz - The PANW Prisma Cloud Rivalry; Head-To-Head Comparison
Leading vendors like PANW (Prisma Cloud), Wiz, SentinelOne (S), CrowdStrike (CRWD), Orca Security, Aqua Security, Sysdig, and Fortinet (FTNT - bolstered by its Lacework acquisition) are leading the race. Each is expanding across CNAPP categories – from Cloud Workload Protection (CWP) and Cloud/Data Posture Management (CSPM/DSPM) to Cloud Detection & Response (CDR) and shift-left developer security (Software Supply Chain Security (SCSS) and code security (SAST)) – while navigating trade-offs between agent-based and agentless approaches. In this report, we compare these vendors across key CNAPP functions and discuss how recent innovations (like generative AI security) and threat trends (e.g. nation-state attacks) are shaping strategies and adoption.
Broad Cloud Security Trends: Past, Present, & Future
In the Cloud Security Series, we explained how agentless cloud security solutions rose to prominence during the pandemic. Enterprises urgently shifted operations and data to the cloud due to WFH constraints and needed a fast, easy way to achieve compliance with cloud regulations. Wiz, founded in February 2020 — just before COVID-19 went global — was perfectly timed to capitalize on this. Interestingly, Wiz spent its first few months gathering feedback from CISOs, leveraging Cyberstarts (its sole seed investor, with a $6.4m investment) and its Sunrise program, which gave Wiz access to a strong CISO network. Rather than writing code immediately, Wiz’s founders first learned what enterprises truly needed: comprehensive cloud visibility, streamlined compliance, and smoothly including developers into the security loop too.
Armed with this CISO-driven product insight — and founder pedigree from Adallom (sold to Microsoft for $320m) — Wiz crafted an enterprise-grade solution from day one. This enabled it to bypass the typical SMB-to-enterprise ramp most startups face and become the fastest company ever to reach $100m ARR, in just 18 months. Wiz’s success evangelized the agentless approach across the cloud security landscape, with many vendors repositioning their solutions as “agentless” to tap into the growing demand for easy deployment and compliance support. Around this time, we actually recall a number of generic VCs suddenly touting the power of agentless, further pushing the narrative that agentless was the be all and end all.
However, while agentless visibility and CSPM dominated initial demand, we predicted that the market would eventually realize the final state had not arrived. Agentless solutions like Wiz had solved two sides of the Cloud Security Trilemma — Ease of Deployment and Comprehensiveness — but had left Timeliness unsolved. Without real-time protection, attackers could still exploit the hours-long gaps between periodic environment snapshots (usually 24 hours), moving laterally or escalating privileges unnoticed. Recognizing this imbalance, we anticipated that once agentless CSPM matured, the market would naturally shift its focus toward satisfying the missing third pillar: Timeliness. This would reinvigorate demand for lightweight runtime agents or “sensors” (as vendors increasingly prefer to call them to distance from the stigma of heavy agents). Advances from players like PANW were already demonstrating that modern sensors could dynamically scale with ephemeral cloud workloads, solving for real-time protection without imposing significant operational burdens.
Source: Convequity
Today, evidence suggests this prediction has played out. Wiz has pivoted sharply, now offering a runtime sensor as part of its CNAPP suite. CRWD and S are seeing strong traction in cloud security, primarily because they can offer real-time protection via their EDR agents. Yet PANW, with the broadest and deepest agentless and agent-based offering, looks particularly well-positioned in this environment.
