UPDATED 19:00 EDT / NOVEMBER 25 2019

SECURITY

From afterthought to providence, cybersecurity’s journey has come full circle

Somewhere between cloud computing and the software movement, security became an afterthought as speedy and convenient services took priority. But in the cyclical world of technology, what goes around comes around. The infrastructure of early computing has seen a revival among major public cloud providers, and security is once again being built into the data center — this time with a cloudy twist.

“Nobody paid attention to security because back then, you were inside of the enterprise,” said Phillipe Courtot (pictured), chairman and chief executive officer of Qualys Inc. “So it starts inside the walls of the castle, if you prefer. It was more complex, because now you have multiple actors instead of having one IBM or one [set of] digital equipment. You have the people manufacturing the servers, the software, the database, the PCs, and on and on. Suddenly, there was the complexity increasing significantly. Security wasn’t needed until we realized viruses could come in through the front door being installed.” 

Courtot spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Qualys Security Conference in Las Vegas last week. Coming straight from his keynote, Courtot discussed a brief history of cybersecurity in relation to the evolving infrastructure of computing and what new markets have emerged for cybersecurity thanks to edge computing and public cloud ecosystems. (* Disclosure below.) 

Waiting for the world to catch up

The evolution of the mainframe database on-premises to distributed infrastructure as a service is one Courtot anticipated. Even two decades ago, long before major public cloud providers such as Amazon Web Services and Microsoft Azure ushered in modern IaaS, Courtot knew that security would follow these networked trends as widespread internet and shrinking devices moved employees and consumers to the furthest edges of computing infrastructure. It just took awhile for the industry to catch up to Courtot’s vision.

“We started in 1999 with a vision that we could use … this nascent internet technology and apply that to security,” Courtot said. “I can say today, 19 years later, the vision was right. It took us significantly longer because the security people were not really warmed up to the idea of having the data, in their view, in a place they could not control.”

Despite the resistance, Courtot stuck with his vision because he knew that, despite the intangible nature of cloud computing, there would always be hardware somewhere in need of securing. So even as the era of a companywide firewall has ended, the IaaS provider will still need security for its clients. The challenge over the past 20 years, however, has been wrangling the sometimes disparate products and services across storage and networking to achieve a democratized but secure workplace.

According to a report from Cybersecurity Ventures, the increasing rate of cyberattacks on enterprises is expected to cost $6 trillion annually by 2021. The loss is the result of lost productivity, cost of recovery and theft. With the enterprise now realizing the importance of security, the services market has grown to over 800 vendors now focused on cybersecurity products, according to Courtot. But any company that merely bolts on security is short-lived, he added. 

“There’s suddenly a complexity with all these solutions,” he said. “They need to talk together so you have better context. But they weren’t designed to talk together, so now you need to bolt on another system where they could communicate that information.”

The issue today, according to Courtot, is to better secure the primary communication channel for modern cloud computing — the internet. Right now, the secure sockets layer protocol is a common encryption method, thanks to industry giants’ adoption. But it’s no longer enough, according to Courtot. Though it’s a heavy task, Google, Microsoft and Facebook could establish a new standard of data encryption.

“We always believe that if you adapt an architecture which fits, which is similar, then we could, instead of bolting security on, we can build security in,” he said. 

What goes around comes around

This is where things come full circle. As security was once built into an on-premises server provided by a single manufacturer, it can now return to the physical site of a database to be built in and distributed in line with contemporary service models. 

Currently Qualys has a working partnership with Microsoft to build security into the Azure cloud platform. The collaboration integrates the Qualys Vulnerability Management and the Qualys Container Security into Microsoft Azure. They enhance vulnerability detection for Azure Security Center customers using containers and virtual machines.

“From a security perspective today, if you go to the Microsoft security center, you click on a link and now you have the view of your entire environment courtesy of your Qualys agent,” he explained. “You click a second link and now you have the view of the security posture, also courtesy of that same Qualys agent. And then you click the third link, where there’s nothing to do with Qualys; it’s all Microsoft.”

For him, security today has become so integrated it’s literally a three-click navigation environment where there’s nothing to install or update. The only thing you bring are the company’s policies, he furthered, and the security people retain control over the data by determining which machines are exposed to broadband internet connections. This all works continuously and in real time, Courtot emphasized. 

Qualys has been quietly waiting in the wings for the digital transformation, where its early predictions are finally coming true and market opportunities are expanding for the company. There are four emerging segments to the cybersecurity market, according to Courtot. The first is through the information-technology department, where developer operations are the primary way in which security services are introduced to an enterprise.

The second market opportunity is for the major public cloud providers, now building in more and more security, while the third will be an emergence of next-gen managed uniservice providers to bolster those companies lacking internal resources. 

The fourth market opportunity identified by Courtot is the “internet of things,” where a company can better connect, secure and monitor the status of a given edge device to determine if and what actions need to be taken. 

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Qualys Security Conference. (* Disclosure: TheCUBE is a paid media partner for the Qualys Security Conference. Neither Qualys Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU