Qualys Blog

www.qualys.com
qualys

Philippe Courtot on Cloud Computing with ITAdviser

IT-Adviser-2009.png I believe that the SaaS and Cloud Computing revolution holds the potential to benefit everyone in the software industry, and all who rely on it for their business. For instance, we in the industry are well aware that software is evolving too quickly to keep up. It’s a never ending process of software enhancements, upgrades, security fixes, and new installations. And, few would disagree that there are too many vulnerabilities affecting too many applications. In this disorder, most of the burden has fallen on the shoulders of organizations that have had to dedicate extraordinary resources to patch and mitigate the security holes. Here is an interesting statistic that reveals the magnitude of the challenge. According to Qualys' The Laws of Vulnerabilities 2.0 research, companies take an average of 59 days to patch their vulnerabilities. Five years ago, that number was 60 days. That’s a reduction of one day in the past five years. When one considers all the effort and automation that has gone into patch management in the past five years, that’s not much in the way of improvement. And this shows not just how steep the challenge is, but just how broken the current ecosystem of traditional software is.

The SaaS approach
Fortunately, the SaaS and Cloud Computing models are positive disruptions on the infrastructure of both private networks and the Internet. Unlike when individual organizations patch (work that must be duplicated for every installation), when SaaS vendors update their software applications, all of their customers are patched instantaneously as well. Because of this simple fact, many of the security problems that plague today’s business technology systems – such as patches and software misconfiguration issues – are solved. Thus, in this, and many other ways, the burden of maintaining a secure application largely is transferred from the software user to the provider. The effect of proper patching is amplified throughout all the IT systems the SaaS and cloud providers touch. For many years it was thought that SaaS would be destined just for SMEs, but today we know that this isn’t so; the advantages of cost reductions in staff and infrastructure are as valuable to the large corporate as the small or mid-sized business, particularly in the current economic climate. Cloud Computing offers a delivery model that scales and can reach out to millions – that’s the power of the Internet. Once the infrastructure or data centre has been built the cost of adding additional services is minimal and hence the service provider can offer aggressive prices because the overall cost of the infrastructure and the specialist personnel to man it can be amortized over a large number of users. Another massive advantage for customers of SaaS is that it puts the power in the hands of the buyer. They can 'try and buy' solutions with ease and of course they are at liberty to switch vendors if their services don’t come up to scratch. What’s more whilst vendors have traditionally focused on the enterprise as the customer for hardware and software, the data centre owners will gradually become key customers for the future.

Resistance is Futile

Some still are fighting the shift to SaaS and Cloud Computing. But, I don’t believe that resistance to the transformation of on-premise business IT to cloud-based computing is a viable option. Not for long. The business benefits, cost savings, and reduction in complexity are just too compelling for businesses to overlook. Actually, today, the strongest resistance we see is emanating from IT departments, and IT security staff – mainly out of fear of what might happen if one were to lose control of data. But the reality is that businesses have already lost control of data, as evidenced by the constant security breaches that we read about in the media on an almost daily basis. By putting the data in one place it is easier to control access to it. Security in the cloud will follow the pattern of banking where we are comfortable to withdraw our cash from the convenience of an ATM, over the Internet or via our mobile and leave its security to be dealt with by the experts. Nevertheless, despite reservations from IT, businesses will march forward, because the business has no choice but the path that simplifies many of today’s IT complexities. And in this, the primary – and strategic – role of IT security will be successfully and securely managing the privacy and security risks associated with data living in the cloud.

While the visible shift to Cloud Computing to date has been the movement of applications and data to the cloud, it’s not going to stop there. Soon, the day will come when companies outsource not only their software but their network infrastructure, as well. One day, almost everything we do on private networks – manage information, applications, infrastructure, and services – will be accessible instantly and securely from anywhere and from any Web browser. It’s time to prepare.

Full Article

Leave a Reply