Fortinet unifies cloud risk signals in FortiCNAPP upgrade

Fortinet has expanded its FortiCNAPP cloud risk management product with new features that pull network security posture, data security posture and runtime validation into a single workflow for assessing cloud risk.

The update connects risk signals that often sit in separate tools, including cloud configuration, identity exposure, vulnerabilities, network controls, data sensitivity and runtime behaviour. Fortinet says the changes address growing cloud complexity, limited staffing and specialist skills gaps.

"Cloud security teams aren't struggling because they lack data. They're struggling because growing complexity, limited resources, and skills gaps make it harder to manage risk across cloud environments," said Nirav Shah, senior vice president of products and solutions at Fortinet.

"By unifying network enforcement, data sensitivity, and runtime validation within FortiCNAPP, we're enabling customers to move from alert overload to clear, prioritized action based on real-world exposure and business impact," Shah said.

Cloud application and infrastructure security is a crowded market. Many organisations run hybrid and multi-cloud estates and rely on a mix of cloud provider tools and third-party products for posture management, entitlement controls, workload protection and data visibility. This structure can spread investigation and remediation across multiple teams.

Fortinet pointed to findings from its 2026 Cloud Security Report, which found nearly 70% of organisations cite tool sprawl and visibility gaps as leading barriers to effective cloud security. It says the FortiCNAPP updates help consolidate the risk information teams use to decide what to tackle first.

Network context

A central element of the update is the addition of network security posture signals to workload risk assessment. Fortinet says many cloud-native application protection platform products focus on configuration and vulnerabilities without reflecting what network enforcement already sits between the internet and a workload.

FortiCNAPP now detects FortiGate deployments on the internet-accessible path to a cloud workload and factors their presence into the workload's risk score. The goal is to reflect whether a workload is reachable and what controls may reduce exposure.

Fortinet argues that persistent network protection context can reduce false urgency and support a shared understanding of exposure across security and network teams. This matters in organisations where cloud security specialists and network operations staff use different tools and work to different priorities.

Data posture

The update also adds native Data Security Posture Management (DSPM) within FortiCNAPP. DSPM tools typically focus on discovering sensitive data, mapping access and highlighting risky storage or sharing patterns across cloud services.

Fortinet says the built-in DSPM runs in place and does not require customers to move or export data. It identifies sensitive data and access patterns, flags potential malware indicators, and supports privacy and governance requirements that can restrict how teams scan, copy or centralise datasets.

In Fortinet's risk model, findings involving sensitive data are given higher priority. This aligns with incident response practice, where the type of data at risk influences triage and remediation timelines.

Unified workflow

Another set of changes focuses on how teams review findings and decide on remediation. FortiCNAPP now brings together insights from cloud security posture management, infrastructure entitlement management, vulnerability data, DSPM and network security posture in a single view.

Runtime validation is also included in prioritisation. Fortinet describes this as validation of vulnerable code paths, helping distinguish theoretical findings from risks that show evidence of being exploitable in practice.

Fortinet also links the unified workflow to faster remediation through correlated context. It combines configuration issues, identity exposure, vulnerabilities, network reachability, data sensitivity and runtime behaviour to reduce the need to pivot between tools and dashboards during investigation.

Customer use

Monolithic Power Systems is using FortiCNAPP for visibility into its cloud security posture, according to Fortinet.

"FortiCNAPP gives us clear visibility into our cloud environment, from identity permissions and workload configurations to operating systems and vulnerabilities, so we understand exactly where risk exists and how to address it," said Huy Ly, head of global IT security and infrastructure at Monolithic Power Systems.

"It acts like a continuous auditor, helping us assess the health of our cloud infrastructure at a glance, even without deep, hands-on cloud expertise. Combined with the Fortinet Security Fabric, FortiCNAPP helps us proactively protect our environment and reduce risk across our cloud operations," Ly said.

Fortinet has been tying more of its portfolio into its Security Fabric framework, which centres on sharing telemetry and policy across products. The FortiCNAPP updates extend that approach to cloud risk prioritisation by incorporating signals from network enforcement and data posture alongside configuration and identity exposure.

Fortinet says organisations are using FortiCNAPP across network, data and runtime layers of cloud environments as estates expand and teams look for clearer prioritisation based on exposure and likely impact.