Back to Feed
Cloud SecurityJul 6, 2026

5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management

CSPM evolves to continuous risk management within CNAPPs, according to Frost & Sullivan.

Summary

Frost & Sullivan's 2025 Frost Radar™ for Cloud Security Posture Management reveals a shift in CSPM from periodic compliance checks to a continuous, risk-based governance layer within Cloud Native Application Protection Platforms (CNAPPs). The market is projected to grow significantly, driven by the integration of posture management with workload protection, identity, and data security. Key insights highlight CSPM becoming the governance backbone for CNAPPs and a move towards risk-based prioritization over mere compliance coverage.

Full text

Share Link copied to clipboard! Content typesNewsProducts and servicesMicrosoft DefenderMicrosoft Defender for CloudTopicsAI and agentsAnalyst reportsCloud security Cloud security posture management (CSPM) is being redefined as two forces collide: Cloud environments are becoming more interconnected—spanning workloads, identities, data, APIs, and development pipelines—while security teams must reduce risk faster with fewer tools and less time. Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management points to a structural shift: CSPM is no longer a periodic compliance exercise. It’s a continuous, risk‑based governance layer inside modern cloud native application protection platforms (CNAPPs). Frost & Sullivan projects the CSPM market will grow from $2.82 billion in 2025 to $6.96 billion by 2030 at a 19.8% compound annual growth rate (CAGR)—reflecting the growing shift from standalone posture tools to integrated, platform‑based approaches. Read the full Frost & Sullivan report A cloud native application protection platform (CNAPP) brings together posture, workload protection, identity and entitlement management, and related controls to secure applications across the full lifecycle—from development through runtime operations. Frost & Sullivan’s analysis also reinforces Microsoft’s position among leading CSPM providers, with strong performance across innovation and growth. This reflects Microsoft’s approach to unifying posture management with workload protection, identity, and data security as part of a broader CNAPP platform—aligning directly with how CSPM is evolving from point-in-time compliance to continuous risk management. Below are five key insights from the Frost Radar and what they mean for security leaders navigating today’s cloud threat landscape. 1. CSPM is becoming the governance layer for CNAPP Frost & Sullivan research suggests CSPM is evolving beyond a standalone tool focused on configuration hygiene. Instead, it increasingly serves as the entry point and governance backbone for CNAPP—integrating posture signals with workload protection, identity, data security, and security operations center (SOC) workflows. Modern CSPM solutions are expected to: Provide continuous visibility across infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Correlate misconfigurations, identities, vulnerabilities, and data exposure. Feed high‑fidelity posture context into runtime protection and incident response workflows. What to look for Unified visibility that connects posture findings with workload, identity, and data signals—so investigations don’t begin from scratch when posture risk turns into an incident. Frost notes that by 2030, CSPM is expected to become less a standalone market and more a foundational governance layer inside CNAPP platforms—unifying code‑to‑cloud policy and feeding posture context into runtime and SOC workflows 2. The market is moving beyond compliance to risk‑based prioritization Compliance coverage is now table stakes. Frost highlights that for organizations to differentiate they need solutions that continuously assess risk, reduce noise, and guide remediation—helping teams focus on the “toxic combinations” that create real exposure. Leading solutions need to: Continuously assess risk rather than rely on point‑in‑time scans. Reduce alert fatigue through contextual correlation. Prioritize remediation based on exploitability and business impact. Organizations are increasingly using CSPM to drive ongoing risk reduction—with compliance reporting treated as an outcome of stronger controls. What to look for Prioritization that highlights likely cyberattack paths—not just severity scores—so teams can fix what’s exploitable first and minimize false positives. Security leaders are adjusting how they evaluate CSPM vendors in response to these shifts. Rather than asking how many compliance frameworks a solution supports, they’re looking at whether posture insights can be correlated with identity, workload, and runtime signals to expose exploitable attack paths and guide remediation across developer and SOC workflows. Frost & Sullivan’s evaluation framework reflects this transition—placing greater emphasis on integrated, code to cloud risk management capabilities inside broader CNAPP platforms. 3. Code‑to‑cloud visibility is now required Another major theme in the Frost Radar report is how organizations can embed posture management earlier in the application lifecycle to prevent misconfigurations before deployment—and continuously detect drift as environments change. The report emphasizes: Infrastructure‑as‑code (IaC) scanning and policy‑as‑code enforcement Continuous integration and continuous delivery (CI/CD) pipeline integration Ownership mapping so issues are routed to the right developer or team By extending posture management into DevSecOps workflows, organizations can reduce remediation costs and prevent risk from reaching production. What to look for Security guardrails embedded in CI/CD pipelines—with clear ownership routing—so remediation happens earlier and doesn’t bounce between teams. 4. Multicloud complexity is driving platform consolidation Fragmented tools and siloed data continue to create blind spots across posture, identity, and workload risk—overwhelming SOC teams and reducing operational effectiveness. As a result, buyers are consolidating point products into integrated CNAPP platforms that correlate posture, workload, identity, and runtime signals. Platform convergence is reshaping CSPM investment and deployment models: A growing share of CSPM capability is delivered as part of a broader platform. Shared dashboards improve visibility across hybrid and multicloud environments. Consolidation reduces tool sprawl and improves SecOps efficiency. What to look for A platform approach that standardizes policies across clouds and carries posture insights into security operations (SecOps) workflows—improving both signal quality and remediation speed. 5. AI is reshaping CSPM—from operations to new workloads Frost highlights AI as both an operational enabler and a new security domain for CSPM. AI is being used to: Reduce alert fatigue through contextual prioritization. Generate compliance evidence. Deliver guided remediation for developers and security teams. At the same time, CSPM capabilities are expanding into AI workload posture management—covering models, pipelines, and related infrastructure. What to look for AI assisted prioritization and guided remediation—plus posture coverage for AI workloads—so emerging risks such as prompt injection or data leakage are managed alongside traditional cloud risk. What this means for security leaders Frost & Sullivan’s analysis underscores that CSPM is no longer about checking compliance boxes—it’s becoming a strategic control layer for managing cloud risk across the entire application lifecycle. If you’re evaluating CSPM capabilities in 2025–2026, ask: Can posture findings be correlated with identity, workload, and data context to expose exploitable cyberattack paths? Can security guardrails be embedded earlier in CI/CD pipelines through IaC and policy‑as‑code? Can posture insights flow into SOC workflows for faster investigation and response? Can risk be continuously prioritized across multicloud environments—not just reported periodically? How Microsoft aligns with CSPM’s next phase Frost & Sullivan attributes Microsoft’s leadership in CSPM to its ability to operationalize posture management as part of a broader cloud security platform—aligning with the report’s emphasis on integrating posture with runtime protection, identity, data security, and SecOps workflows across the application lifecycle. These capabilities align with the same governance, prioritization, DevSecOps integration, and lifecycle visibility themes highlighted across the Frost Radar insights above. Get started with Microsoft Defender for Cloud Rather tha

Entities

Microsoft Defender for Cloud (product)Microsoft (vendor)Cloud Security Posture Management (CSPM) (technology)Cloud Native Application Protection Platforms (CNAPPs) (technology)Frost & Sullivan (vendor)