Qualys Chairman and CEO Philippe Courtot set the tone for the company’s first virtual conference, the QSC18 Virtual Edition, with a call to the industry to re-invent security to protect digital transformation efforts.
CIOs and CISOs can’t continue accumulating disparate, point solutions that are costly to manage, difficult to integrate, and ultimately ineffective at protecting hybrid IT environments. “The mission is for us together to stop bolting on security and compliance solutions, and start building them in,” he said during the opening keynote.
Digital transformation projects, built by DevOps teams and delivered via cloud services, web apps, and mobile computing, demand a recasting of security’s role. The traditional approach, in which security is an isolated element jammed in at the end of the software pipeline, erases the benefits of digital transformation by slowing it down.
Qualys is uniquely able to help enterprises address these challenges, he said.
Key security principles for digital transformation
Courtot outlined five tenets for securing digital transformation efforts:
- Visibility: It’s imperative to have a complete, continuously updated IT asset inventory, and the ability to detect changes instantly.
- Accuracy: A cloud platform sharpens accuracy with its wide, deep net for collecting data, while point solutions’ siloed, fragmented approach yields incomplete information.
- Scale: Organizations today operate in global, hybrid environments, so security solutions must scale accordingly.
- Immediacy: Hackers have automated their attacks, so InfoSec teams must match their sophistication and speed.
- Transparent Orchestration (™): Security must be simplified by eliminating friction and making it intuitive and automated for developers, IT operators and other IT staff.
These digital transformation security principles guide Qualys’ strategy, as it continues growing all aspects of its Qualys Cloud Platform, including:
- its robust backend storage and analysis engine;
- integrated apps suite;
- and versatile sensors for collecting IT, security and compliance data across all IT assets.
The Qualys Cloud Apps suite
“Over time, starting with vulnerability management, we have built a significant suite of security and compliance solutions,” he said.
With Qualys’ 18 Cloud Apps — and with more on the way –, organizations can eliminate point tools and consolidate their security and compliance tool stack in a single, integrated platform.
Because the Qualys Cloud Apps are integrated, centrally managed and self-updating, they help customers radically reduce the cost and complexity of deploying, maintaining and managing legacy security software.
Equally important: Organizations get those platform benefits without sacrificing functionality, because the Qualys apps have best-of-breed quality, performance and features, Courtot said.
Customers are increasingly taking advantage of Qualys’ platform approach and cloud architecture. As of 2018’s Q1:
- 67% of Qualys customers use two or more Cloud Apps, up from 59% in Q1 2016
- 34% use three or more, up from 21%
- 16% use four or more solutions, up from 3%
- 7% use five or more solutions, up from zero percent
Courtot also highlighted:
- The recent launch of two free apps. CloudView lets organizations inventory public cloud assets and resources, while CertView provides a complete inventory and assessment of their Internet-facing certificates.
- Qualys’ upcoming Asset Inventory (AI) app, which gives customers a single source of truth for IT assets across hybrid environments — on premises, in clouds, at endpoints and on mobile devices.
- Qualys’ recent moves in the U.S. federal government market, including the launch of the FedRAMP-authorized Qualys Gov Cloud Platform, and the plan to acquire a channel partner with deep federal expertise.
- To foster high level discussions about digital transformation security, Courtot and the Cloud Security Alliance recently co-founded the non-profit and vendor-neutral CIO/CISO Interchange.
You can watch a recording of Courtot’s keynote — where he goes into a lot more detail on these and other topics, and answers questions from the audience — as well as of the many other presentations offered during QSC18 Virtual Edition.