LAS VEGAS – Philippe Courtot, Qualys (QLYS) founder and CEO, in his keynote address today at the Qualys Security Conference 2015, spoke to the massive and rapid evolution in business-technology systems currently underway in the enterprise. They are grappling with the complexities of securing their information in the public and private cloud, on mobile devices, and the data gathered by all of the sensors associated with the Internet of Things. Enterprises are “faced with the challenge of having to retool their entire infrastructure,” Courtot said.
While all of these new, emerging, and some rapidly maturing technologies are helping the enterprise to be more agile and respond to changing market conditions – all of these efforts need to be done securely.
“We still need to secure everything,” Courtot said. “In the old days everything was essentially perimeter-centric, and we were living very happily as the networks were evolving. But the problem with security started to become very critical as we needed to deploy more and more applications. “Unfortunately, enterprises are still architected for the old client/server world,” Courtot said.
So how do enterprises secure themselves in an "everything is connected to everything” world, Courtot asked? Well, what enterprises have been doing to date has not been working well for anyone. They’ve been turning to a plethora of point solutions: data leak protection/prevention, anti-virus and anti-malware, intrusion detection/prevention systems, network and next-generation firewalls, vulnerability assessment tools, threat intelligence and more. It’s very difficult to adequately protect enterprise systems when those enterprise systems, applications, and data are so dispersed across so many cloud services and endpoint devices, Courtot said.
Sensors and the Cloud
When it comes to building a security framework that would work for the modern and highly-agile enterprise, Courtot pointed to an analogy that is familiar to most everyone: home security systems. How are homes secured today? Home security systems rely on sensors and management systems that monitor homes for changes in heat, or signs of fire or flooding, motion detectors for intruders, and the status of garage and building doors and windows. "All of that information is beamed up to a cloud platform were all of that data is analyzed. And depending on conditions it then sends alerts and information to incident response, such as the local fire department, police, or perhaps private services. And all of that information is centrally managed [by the homeowner] on their phone,” Courtot said.
That’s how cloud security services for the enterprise need to also work: sensors in the enterprise environment that gather security and compliance information, asset information, and other data about the state of the systems and all of that data is then sent to a cloud service for analysis, which then provides security teams the information they need to protect their environments.
“Our appliance is unique from others,” Courtot said, and made the parallel to home security systems regarding how the Qualys Cloud Platform gathers all of the information security teams need about the state of their network, and how they can manage their security from anywhere in an app.
Going forward, that’s the kind of security capability enterprises will need to manage security at the scale that their clouds services are growing. “You need sensors that are gathering data from everywhere in the enterprise. And you need to integrate that security data with information about your assets, and analyze it all to see if they are secure and in compliance. If not, it needs to be acted upon,” Courtot said. “And today that means it has to scale, it has to be in the cloud,” he said.