Qualys Chairman and CEO Philippe Courtot kicked off Qualys Security Conference with an assessment of current security challenges and a clear call to action on how to successfully overcome them.
“Today security is front and center, and as we move to the cloud, we must rethink security,” Courtot said during the opening keynote of the 12-day virtual conference. “Security is at a crossroads.”
Enterprise IT environments are getting exponentially more complex with the booming adoption of cloud computing. To attain seamless security and compliance, the key is to shift to open cloud platforms that interoperate with each other, Courtot said.
This new model allows organizations to build security natively into their IT infrastructure, and to take a risk-based approach anchored by an always updated global IT asset inventory. It’s the only way to have the scale, speed, accuracy, visibility and context needed to protect today’s hybrid and dynamic IT infrastructures.
As IT teams embrace cloud services, mobility, containers, DevOps and other innovations, the job of security teams gets harder. This is especially the case if they have a heterogeneous stack of tools that are difficult and costly to deploy, integrate and manage. With such a siloed and fragmented toolset, visibility into the IT environment narrows, tasks can’t be automated, false positives abound, and security teams struggle to detect and respond quickly to threats.
“Our response is far too slow in a new world where everything is connected with everything at internet speed,” Courtot said.
With an open cloud platform, organizations can replace their stack of legacy point solutions with a set of natively integrated, cloud-based security and compliance applications and services. The cornerstone of this new security model should be a complete, always updated asset inventory that provides full visibility across an organization’s entire hybrid environment – what Courtot calls “the cartography of your enterprise.” This means having the ability to identify in real time all the devices that connect to the network — approved and unapproved — as well as providing granular access control to them.
It’s also critical to ensure that the platform offers open and secure APIs so that the data it collects and processes is accessible to other cloud platforms, and vice versa. Security and compliance tasks should be automated and orchestrated, and data massively collected and analyzed in real time. That way, organizations can accelerate their time to remediate, mitigate and respond.
The open platform also should offer you a true risk-based approach to security, which means continuously balancing technology risks with business context. This involves having algorithms that accurately capture risk, and not just providing an isolated and static risk score.
“A true risk-based approach to security requires that we understand anything that changes in our computing environment, and we need to layer the business context on top of it,” Courtot said.
This new security model based on open cloud platforms is at its beginning stages, but it’s one that Qualys has envisioned since it was founded. Early on, Qualys realized that the center of the IT universe would shift away from on-premises computing to the Internet, and that security would naturally have to broaden its scope well beyond the corporate network perimeter to the cloud.
This is the path the company has been following for 20 years as it has built the Qualys Cloud Platform, which now has more than 20 natively integrated IT, security and compliance applications. It manages 9 petabytes of data, indexes 8 trillion data points, moves 15 billion Kafka messages per day, processes 3 trillion security events per year, and conducts 6 billion IP scans annually, all with 99.9996% Six Sigma accuracy.
Building the Qualys Cloud Platform and taking it to where it is today, Courtot said, “was not a walk in the park.” Courtot tipped his hat to the company’s engineering team, including our staff in India. He also expressed appreciation to all the customers that have put their trust in Qualys over the years, and whose support and feedback have been essential for the evolution of the Qualys Cloud Platform.
“I would like to thank the many customers who have helped us on this journey, who became our design partners and helped us expand the boundaries of our initial solution,” he said.
The Qualys Security Conference includes free access to over 55 sessions, from industry best practices and use cases to roadmap breakouts, product demos, and more.