Courtot has been walking – and talking – the cloud security path for more than a decade now. In the early days his comments and predictions were dismissed, but now the cloud security model is reaching fruition. And people are starting to take notice of both Courtot and his firm.
“When we started ten years ago, the [cloud] technology was not there. It is today. And, Java has now become a central part of our interface strategy”, he told Infosecurity, adding that adopting Java has made Qualys' technology a lot more flexible and future-proofed than some of the more conventional IT security vendors.
“Many vendors are reluctant to update their security technology due to the cost of supporting both the new and the old technologies. With Java and our cloud-based architecture, this isn't a problem, as we can change our products and services without having to support multiple technologies”, he explained.
At Black Hat, he says, Qualys announced a move to a new and enhanced back-end cloud environment, which allows his firm to significantly automate the security process.
Two years ago, Courtot told Infosecurity that his company's 'freemium' strategy – with most users tapping the company's services for free and a smaller number paying for enhanced services – was similar to the way Google offers its range of free services.
That freemium approach, coupled with a highly automated approach that is possible with security in the cloud, means that new services can be developed at relatively low cost, and also offered on a freemium basis.
Qualys can, he says, now repackage many of its existing free services and add a number of pay-for services, then offer the resultant bundle to users prepared to pay a modest amount for an enhanced set of cloud-based security facilities.
“We can skin this cat any way we like. It allows us to operate on a low-cost model with 84% gross margin, and with a annual marketing cost of just $150,000 per service”, he said, adding that with a $65 million turnover and a 50% annual growth rate, this allows his firm to reinvest the profits to offer new and enhanced services for users.
Among the new offerings from Qualys are an enhanced version of QualysGuard Consultant Edition that will allow consultants to perform security audits of companies much more efficiently and cost-effectively.
An updated QualysGuard Web Application Scanning 2.0 product, meanwhile, will be available from the end of August, and says Courtot, after six months of beta testing, the offering allows organisers to use the cloud to automatically catalogue, scan, and discover large numbers of web applications.
“Consultants demand more effective solutions at a lower cost to audit their clients’ networks and provide reports that can be tailored to their compliance needs”, he adds.
“The new QualysGuard Consultant Edition leverages our SaaS model along with actualisation to provide consultants with a powerful, comprehensive solution for IT security and compliance auditing with high degree of accuracy and efficiency at a much lower cost”, he explained.