The cloud-native application protection platform (CNAPP) market is on track to reach US$12.9 billion by 2030, as enterprises increasingly consolidate cloud security into unified platforms rather than relying on fragmented point tools, according to new research from Dell’Oro Group.
The firm forecasts the market will grow at close to 30% compound annual growth between 2025 and 2030, driven by organisations standardising cloud controls, reducing tool sprawl and enforcing consistent governance across hybrid and multi-cloud environments.
Dell’Oro Group said CNAPP is evolving into a foundational policy and governance layer for cloud environments, with security budgets shifting away from isolated tooling toward platforms that can be operationalised across development, security and operations teams. As cloud estates scale, CIOs and CISOs are prioritising visibility, consistency and integration over best-of-breed silos.
Market competition is intensifying. Dell’Oro’s December 2025 Cloud Workload Security research shows Wiz leading the CNAPP market in the third quarter of 2025 with a 19% revenue share, narrowly ahead of Microsoft at 18%. The close race highlights growing competitive pressure between hyperscalers and pure-play security vendors as they vie to own the same cloud risk and governance workflows.
Dell’Oro noted that deployment visibility has become the entry point for most CNAPP initiatives, with enterprises focusing first on asset inventory, entitlement hygiene and audit-ready posture. While deployment-phase controls remain the primary area of spend, runtime security decisions are increasingly influenced by operational overhead, response integration and the ability to work seamlessly with existing security operations.
The research suggests the CNAPP market is moving from early adoption into large-scale standardisation, as enterprises rationalise security tools and embed cloud governance into day-to-day operations. This shift is favouring vendors that can deliver broad coverage across development, deployment and runtime without adding complexity or friction.
Dell’Oro said the competitive landscape could tighten further pending regulatory outcomes related to Google’s proposed acquisition of Wiz. While US antitrust approval has been granted, European regulators are expected to issue an initial decision in February.
For CIOs, the findings reinforce CNAPP’s role as a strategic platform decision rather than a tactical security purchase, with implications for cloud operating models, security team alignment and long-term vendor strategy.
