What CWPP does
CWPPs offer a layered security approach, focusing on runtime protection for workloads deployed across various cloud environments. They typically cover virtual machines, containerised applications, and serverless functions. Agent-based CWPPs install software directly onto the workload, providing detailed visibility and control. Agentless solutions leverage cloud provider APIs to monitor and protect workloads without direct installation, simplifying management but potentially offering less granular control. The choice depends on your organisation’s risk profile and operational capabilities.
CWPP in Australian tenants today
Microsoft Defender for Cloud functions as a CWPP for Azure environments, encompassing Defender for Servers, Defender for Containers, and Defender for Storage. AU mid-market organisations using Azure should consider the cost implications of per-resource plans. While granular, these plans can accumulate quickly, so careful planning and optimisation are essential to ensure cost-effectiveness while maintaining adequate security posture. Alignment with the ACSC Essential Eight is a key driver for CWPP adoption, particularly around data activity monitoring and vulnerability management, alongside considerations for APRA CPS 234’s requirements for ICT risk management.