* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/)
* [DevSecOps](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/category/devsecops/)
* Why Cloud Code Security N...

# Why Cloud Code Security Needs to Be Part of Your Cloud Security Strategy

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-code-security-essential-cloud-security%2F)  
[](https://twitter.com/share?text=Why+Cloud+Code+Security+Needs+to+Be+Part+of+Your+Cloud+Security+Strategy&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-code-security-essential-cloud-security%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-code-security-essential-cloud-security%2F&title=Why+Cloud+Code+Security+Needs+to+Be+Part+of+Your+Cloud+Security+Strategy&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/cloud-code-security-essential-cloud-security/&ts=markdown)  
\[\](mailto:?subject=Why Cloud Code Security Needs to Be Part of Your Cloud Security Strategy)  
Link copied  
By [Idan Tendler](https://www.paloaltonetworks.com/blog/author/idan-tendler/?ts=markdown "Posts by Idan Tendler")  
Feb 01, 2022  
4 minutes  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[Cloud Computing](https://www.paloaltonetworks.com/blog/tag/cloud-computing/?ts=markdown)

A major appeal of the cloud is the shared responsibility model, where much of the security responsibility is shouldered by the cloud providers. Fortunately for users, the cloud providers have done a good job. However, that still leaves a large surface for customers to secure. [According to Gartner](https://www.gartner.com/smarterwithgartner/is-the-cloud-secure), "through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users." Securing code to cloud is where [DevSecOps](https://www.paloaltonetworks.com/blog/prisma-cloud/digital-transformation/) comes in.

Those preventable misconfigurations and vulnerabilities can be caught and remediated by cloud security tools at runtime. However, relying on runtime security tools alone can lead to an overwhelming number of alerts and tasks for teams to fix.

The faster, more scalable solution is to include security throughout the development process. Securing the code that provisions your cloud infrastructure and applications prevents misconfigurations and vulnerabilities from ever being deployed.

## Securing Cloud Code to Secure Cloud Infrastructure and Workloads

[Infrastructure as code (IaC)](https://www.paloaltonetworks.com/cyberpedia/what-is-iac-security) and containers are quickly becoming the dominant way to provision infrastructure and applications. These templates increase developer velocity as they are much easier to iterate on, scale and copy.

However, [Unit 42 found](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research-2h21) that 63% of infrastructure as code templates are insecure and 91% of container images contain high or critical severity vulnerabilities. That means that the scalability of IaC also amplifies the number of misconfigurations in runtime. This leaves the door open for bad actors leading to those cloud breaches Gartner talked about.

We have an opportunity to flip that paradigm on its head. The scalability and automation of IaC, containers and modern development practices like DevOps, can be used to scale out security teams.

## Cloud Code Security is a Proactive Approach to Cloud Security

[Cloud Code Security](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security) embeds security across the entire development life cycle adding policy-as-code and secrets scanning to existing developer tools. At each stage of development--from code, to build, to deploy, to run--code security provides feedback about misconfigurations and vulnerabilities directly to the developer. This feedback is accompanied with actionable guidance and fix suggestions, reducing the friction for developers to fix things.

In this way, security teams can scale out their policies through automation. Instead of manual reviews after development has finished, security teams can determine their policy ruleset and those policies will show up for developers in their workflows. The result is a much higher patch rate and reduced runtime alerts. Without embedded code security, security teams are an island and get overwhelmed by the alerts that only appear after the insecure code is deployed.

## Cloud Code Security and CNAPP

The [Cloud Native Application Protection Platform (CNAPP)](https://www.paloaltonetworks.com/blog/prisma-cloud/get-to-know-cloud-native-application-protection-platforms/) offered by Prisma Cloud reflects the need for full lifecycle security. As of today, [Prisma Cloud IaC Security](https://www.paloaltonetworks.com/blog/prisma-cloud/prisma-bridgecrew-infrastructure-security/) is generally available, combining leading code security with the most comprehensive CNAPP.

With IaC Security, Prisma Cloud embeds security in popular integrated development environments (IDE), version control systems (VCS) and continuous integration/continuous delivery (CI/CD) tools. Developers receive feedback about the policies that security teams have defined throughout their process.

![Code comments notifying developers of misconfigurations introduced to their code](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/a-screenshot-of-a-computer-description-automatica.png)
Code comments notifying developers of misconfigurations introduced to their code

This combined with the unmatched runtime protection of Prisma Cloud creates a full wrapper around cloud infrastructure and applications. For misconfigurations and vulnerabilities that slip through the cracks or infrastructure not provisioned by IaC templates, Prisma Cloud's [CSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management) and [CWPP](https://www.paloaltonetworks.com/cyberpedia/what-is-cwpp-cloud-workload-protection-platform) offerings identify and remediate those issues. Additionally, for unknown and new threats, Prisma Cloud offers runtime protection and anomaly detection.

![User entity behavior analytics (UEBA) events](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/10/a-screenshot-of-a-computer-description-automatica-1.png)
User entity behavior analytics (UEBA) events

## Cloud Security Needs Code Security

Without Cloud Code Security, security is creating unnecessary work for themselves. By leveraging automation and policy-as-code, security can, instead, extend their policy controls to every developer. Prisma Cloud now offers Cloud Code Security as a part of its comprehensive CNAPP to protect cloud native applications and infrastructure from code to cloud.

If your current cloud security strategy lacks code security, you're putting an unnecessary burden on your security team. You can also experience the new [Cloud Code Security](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security) features along with the rest of our CNAPP functionality with a [hands-on trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial) of Prisma Cloud.

*** ** * ** ***

## Related Blogs

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Top 3 IAM Risks in Your GitHub Organization](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/prevent-inadequate-iam-github-organization/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### ChatGPT and Checkov: Fix IaC Security Issues Fast](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/chatgpt-checkov-iac-security/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### How To Prevent the 5 Most Common Software Supply Chain Weaknesses](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/common-software-supply-chain-weaknesses/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Achieving Comprehensive Cloud Security: The Power of Consolidation](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/cloud-security-consolidation/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Top 6 Considerations for Integrating Cloud Security and GitOps](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/6-considerations-for-integrating-cloud-security-and-gitops/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Crawl, Walk, Run: Operationalizing Your IaC Security Program](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/how-to-implement-an-infrastructure-as-code-security-program/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language