January 28, 2026 – Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has announced new enhancements to FortiCNAPP that help organisations better understand and prioritise cloud risk beyond what is possible with many CNAPP solutions today. By correlating cloud configuration, identity exposure, vulnerabilities, network enforcement, data sensitivity, and runtime behaviour in a single workflow, FortiCNAPP enables security teams to focus on the risks that matter most.

Nirav Shah, Senior Vice President, Products and Solutions at Fortinet, said, “Cloud security teams aren’t struggling because they lack data. They’re struggling because growing complexity, limited resources, and skills gaps make it harder to manage risk across cloud environments. By unifying network enforcement, data sensitivity, and runtime validation within FortiCNAPP, we’re enabling customers move from alert overload to clear, prioritised action based real-world exposure and business impact.” 

As organisations expand across hybrid and multi-cloud environments, security teams are often forced to piece together risk signals from disconnected tools, resulting in fragmented visibility and slower response. According to the Fortinet 2026 Cloud Security Report, nearly 70 per cent of organisations cite tool sprawl and visibility gaps as the top barriers to effective cloud security. FortiCNAPP addresses this challenge by adding protection where it matters most for cloud security teams—across the network, data, and runtime layers of cloud environments. 

Factoring Network Security Posture Into Cloud Workload Risk

FortiCNAPP incorporates network-level protection context directly into risk evaluation, providing a more accurate picture of real exposure that many CNAPP solutions lack.    

• Network-aware risk scoring: FortiCNAPP detects FortiGate solutions deployed along the internet-accessible path to cloud workloads and incorporates that protection directly into workload risk assessments, ensuring exposure is evaluated in the context of existing network enforcement. 
• Reduced false urgency: Persistent protection context provides a more realistic view of risk and enables security and network teams to operate from a shared, consistent understanding of exposure. 

Native Data Security Posture Management (DSPM) Adds Data Risk Context

FortiCNAPP enhances risk prioritisation by directly incorporating data sensitivity and exposure, without requiring customers to move or export their data.   

• In-place data risk visibility: Built-in DSPM identifies sensitive data, access patterns, and potential malware, while supporting privacy and data governance requirements. 
• Business impact-driven prioritisation: Risks affecting sensitive data are automatically elevated, helping teams focus remediation efforts on issues with the greatest potential impact. 

Bringing Risk Signals Together Into a Unified Workflow

FortiCNAPP simplifies cloud risk operations by consolidating often siloed security signals into a single, actionable workflow.   

• Unified risk management: Insights from cloud posture, infrastructure entitlement, vulnerabilities, DSPM, and network security posture into a single view. 
• Runtime-informed prioritisation: Validation of vulnerable code paths helps teams distinguish theoretical findings from active, exploitable risk. 
• Faster remediation: Correlated context around configuration issues, identity exposure, vulnerabilities, network reachability, data sensitivity, and runtime behaviour enables faster response with fewer tools. 

Enabling More Context-driven Cloud Security Operations

As cloud environments grow more complex, effective risk management requires understanding not just what is misconfigured or vulnerable, but whether protections are in place, what data is involved and the likelihood of real-world impact. With these enhancements, FortiCNAPP helps organisations reduce noise, improve decision-making, and align security efforts with actual exposure and available resources. 

How Organisations Are Prioritising Real-world Cloud Risk

Organisations are using FortiCNAPP to simplify cloud security operations and gain clearer visibility into risk across complex cloud environments by unifying network, data, and runtime context within a single platform. 

Huy Ly, Head of Global IT Security & Infrastructure at Monolithic Power Systems, said, “FortiCNAPP gives us clear visibility into our cloud environment, from identity permissions and workload configurations to operating systems and vulnerabilities, so we understand exactly where risk exists and how to address it. It acts like a continuous auditor, helping us assess the health of our cloud infrastructure at a glance, even without deep, hands-on cloud expertise. Combined with the Fortinet Security Fabric, FortiCNAPP helps us proactively protect our environment and reduce risk across our cloud operations.” 

Additional Resources

• Read more about FortiCNAPP. 
• Read more about the Fortinet Security Fabric.  
• Learn more about the Fortinet Open Ecosystem. 
• Visit fortinet.com/trust to learn about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.   
• Read about how Fortinet customers are securing their organisations.  
• Learn about Fortinet’s commitment to product security and integrity, including its responsible product development and vulnerability disclosure approach and policies. 
• Follow Fortinet on X, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube. 

About Fortinet

Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet’s solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organisations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organisation, develops and utilises leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.