The importance of an open, cloud-based platform for hybrid IT security

The importance of an open, cloud-based platform for hybrid IT security

Philippe Courtot, Chairman and CEO at Qualys, outlines why organisations need an open, cloud-based platform that seamlessly builds security into their hybrid IT environments.

Philippe Courtot, Chairman and CEO at Qualys, has provided a clear call to action on how to successfully overcome today’s security challenges, at the QSC EMEA 2021 12-Day Virtual event.

With enterprise IT environments getting exponentially more complex with the increasing adoption of cloud computing, he explained that the key to attaining seamless security and compliance is to shift to open cloud platforms that interoperate with each other.   

With this new model allowing organizations to build security natively into their IT infrastructure, and to take a risk-based approach anchored by an always updated global IT asset inventory, he argued that this is the only way to have the scale, speed, accuracy, visibility and context needed to protect today’s hybrid and dynamic IT infrastructures.

In a world where connected devices are exploding, visibility across all devices (known and unknown) and environments is essential.

“Creating an accurate inventory or ‘cartography of your entire hybrid environment’ which is always up-to-date and seamlessly integrated into your security stack, is the foundation for a comprehensive security program,” said Courtot.

Rethinking security

With drastic changes that the migration to the cloud is bringing to security it’s important to consider what organisations should do to cope with these changes.

“It’s very clear that today we must rethink security and that security is at a crossroad. We all know that we have lost the little visibility that we had, especially today in that world where not only do we have to deal with our current competing infrastructure or network centric computing,” said Courtot.

“And now of course, we need to think about the cloud and how we can really create a seamless security or build security across these environments.”

The problem with traditional solutions

As IT teams embrace cloud services, mobility, containers, DevOps and other innovations, the job of security teams gets harder. This is especially true if they have a heterogeneous stack of tools that are difficult and costly to deploy, integrate and manage.

With such a siloed and fragmented toolset, visibility into the IT environment narrows, tasks can’t be automated, false positives abound, and security teams struggle to detect and respond quickly to threats.

Courtot says the traditional best of breed point solutions do not cut it anymore. The main reason for this, he says, is because they are siloed solutions.

“They don’t speak with each other and it’s very difficult,” he said. “None of them is giving us, of course, the visibility that we need.

“We also know that for the same reasons, our response is far too slow in a new world where everything is connected with everything at Internet speeds. And it’s also very difficult and hard to automate.”

Visibility

With the difficulties of having visibility across hybrid environments, Courtot says: “We simply, as we all know, cannot secure what we do not know or see.”

He stresses the difficulty of always having an up-to-date global IT asset inventory to provide greater visibility.

“So we need not only to assess the security and posture of any device that connects to the network and we need to know that before they connect or at the time they connect,” he said. “That cannot be done manually. So all of that needs, again, to be automated.

“Building such a global IT asset inventory that is always up to date, that we can call the cartography of your enterprise and ensuring that we capture anything that connects with the network is really the cornerstone of a new security model. We need to build or rethink our security with that in mind.

“We need to think about out of the box integration, building them at Internet scale with real time in mind, and ideally you want to have them, maybe not all of them, but actually as much as you can, natively build in that same cloud-based platform.

“We always believed since the very beginning, since when we created Qualys, that if you could bring all the telemetry into one place, then you could essentially correlate, analyze that information.”

Adopting an open cloud platform

With the resistance to cloud migration melting away, companies need to use these new technologies to become more competitive.

“So there’s a significant pressure on us to essentially migrate to the cloud, whether we like it or not,” said Courtot.

“Now in that migration, we need to be very careful of not falling into the same trap that we’ve been falling into before. Yes, best of breed is still very important for the elimination of the false positives, but if we select a cloud offering, which is, in reality, another point solution but essentially built in the cloud, we are not going to solve the problem.

“We need to look at solutions that are just more than essentially point solutions.”

Courtot argues that the best approach is to build a platform that would allow for the acquisition of  more telemetry.

“So then you can absolutely create best of breed solutions that eliminate a lot of the false positives and therefore allows you to do automation,” said Courtot.

“So the other thing that we need to realize is that our corporate network is shrinking. That is pretty obvious, because now more and more, we’re connecting via the Internet. You go through the cloud, not via your corporate network, but obviously via the Internet. And we saw that very clearly with COVID, which has been a huge toll on many, many industries.”

Addressing new security challenges

This new security model based on open cloud platforms is at its beginning stages, but it’s one that Qualys has envisioned since it was founded.

Early on, Qualys realized that the center of the IT universe would shift away from on-premises computing to the Internet, and that security would naturally have to broaden its scope well beyond the corporate network perimeter to the cloud.

Courtot said: “I don’t think we can continue doing what we’re doing today.

“We need to really move to open cloud platforms and open cloud platforms that interoperate with each other.

“We believe that when you have that notion of open platform that can collect all that information, that visibility on your network, then you could also now marry that with your business information.

“Today security is front and center, and as we move to the cloud, we must rethink security.”

Browse our latest issue

Intelligent CISO

View Magazine Archive