Gartner defines the CNAPP market as a composition of the following markets: cloud security posture management (CSPM), Kubernetes security posture management (KSPM), and cloud infrastructure entitlement management (CIEM).  

The composition of CNAPP misses an application-related market. CNAPP composite markets (CSPM, KSPM, CIEM) are focused on security posture management for cloud infrastructure and Kubernetes, as well as on the management of identities and access entitlements. Although the letter A (for Applications) is present in the CNAPP acronym, it is not present in the names of the composite markets.

This gap indicates the need to incorporate an Application Security market into CNAPP. The most critical addition would be the explicit inclusion of the Runtime Application Security market.  

Runtime AppSec provides several critical advantages for CNAPP implementations. Runtime capabilities are typically enabled by technologies such as eBPF, which can observe every function call, API interaction, and running assets such as applications, microservices, Kubernetes images, libraries, and OSS components. Runtime AppSec addresses cloud-native applications' security needs across multiple dimensions:

1. Cloud-native applications are developed using DevOps and CI/CD processes. AppSec must provide insight into both Dev and Ops phases while operating across the entire DevOps lifecycle. Runtime Application Security meets this requirement comprehensively. It functions in both the Dev and Ops phases of the DevOps lifecycle. In contrast, other technologies have limited scope: static application security testing (SAST), software composition analysis (SCA), and dynamic application security testing (DAST) operate only in the Dev phase, while WAF/WAAP functions only in the Ops phase.

2. Cloud-native applications utilize microservice architectures and API-driven designs. AppSec solutions must analyze processes and services while conducting comprehensive API detection and analysis. Runtime AppSec excels in this area through its comprehensive observability capabilities. It provides insight into real application architecture and behavior through inside-out observability—security controls that are natively integrated with the processes they monitor. This approach ensures complete visibility into processes and events, including API invocations, library interactions, and component loading. The system observes every running entity, tracking their sequence, dependencies, and inter-entity communications. This comprehensive monitoring delivers complete visibility into an application's runtime architecture and ecosystem.

3. Cloud-native applications typically operate in containers and Kubernetes within dynamically orchestrated cloud architectures. AppSec solutions must observe containers and Kubernetes at runtime and while providing detailed service visualization. Runtime AppSec addresses this requirement effectively. Application runtime represents the only operational mode where application logic and vulnerabilities are actively executed and exposed. Consequently, running applications enable the most accurate observability of application behavior, logic, and security vulnerabilities.

4. Cloud-native architecture operates in dynamic, distributed environments. Therefore, AppSec should enable distributed security—security controls that could interface with any runtime entity (e.g., a microservice running in a container), provide observability into it, and ensure detection of security issues and adequate response. Runtime AppSec provides security for every running application process. It dynamically interfaces with all running entities, including applications, microservices, and API processes. As a result, each entity receives dedicated detection and protection controls that remain active throughout its entire lifespan, ensuring no runtime entity operates without security coverage.

Runtime AppSec represents a security solution category focused on providing continuous, always-active, real-time detection, protection, and observability for cloud-native applications at both the development and operational runtime phases.

AppSec integration provides the most significant value enhancement for CNAPP, elevating the platform's security capabilities to comprehensively address modern cloud-native application requirements.

‍