Security for the undefined perimeter — Workload Protection Platforms

Andre Camillo
2 min readJun 22, 2020


Doors — or the many Entry points to your apps - Photo by Dil on Unsplash

Attack Surface will increase due to the huge transformation in how end users are deploying services. The industry is seeing huge transformation in how services are deployed. Not only can customers make use of multi-cloud to deploy their services, there are also new ways to do so, making it more difficult to secure and efficiently control their workloads. Applications have shifted from Dedicated (Bare metal) appliances to virtualized and now we’re seeing the rise of Containerized and Serverless workloads. Developers are now more empowered than ever: they can spin up new workloads in matters of minutes to test and eventually deploy applications and services faster. While the business needs more apps, faster, IT needs to ensure they follow the company’s security policies.

Why isn’t the traditional security approach enough?

Traditionally, IT Security has been about protecting a perimeter through different controls — this has been the Information Security Philosophy for a few decades now. But with the shift in how workloads are deployed, this has changed — the modern Datacenter evolved — it is now larger, more dynamic and ever-expanding. This is true for its capabilities, services and its threat surface.

Introducing CWPP

Even the most advanced Endpoint Protection Platform (EPP) or Next Generation Firewall (NGFW) can’t keep up with this larger threat surface, these solutions help with some challenges, but not all.

The modern IT team need a solution that can provide visibility across all their workload stack, no matter when, what, how or even where they’re running.

It is for this complex scenario that a new product type is required, and it is called: Cloud Workload Protection Platform (CWPP). It’s workload-centric Protection for multi-cloud environments.

These solutions provide visibility, discovery and control of workloads in multiple clouds for multiple deployment methods (bare-metal, virtual, container or serverless).

With Visibility, it is possible to discover what services are running everywhere, inspect every single workload for open ports then correlate and investigate what can be done to reduce the threat surface on them.

Discovery enables the definition of rules that all workloads must follow, ensuring compliance. Only required services are allowed to run.

CWPP solutions are a fundamental need for the modern, undefined workload.

They complement access solutions, such as MFA and Access Controllers, helping our customers get closer to deploying a true Zero-Trust infrastructure.

And Security Vendors are well aware, all of them have solutions that will address challenges with these varied workload environments.

What’s yours?



Andre Camillo

Cloud and Security technologies, Career, Growth Mindset, sometimes Music and Gaming easter eggs. Technical Specialist @Microsoft. Opinions are my own.