Courtot did not deny the fact that he has been a staunch proponent of cloud adoption for more than a decade, despite many in the IT world continuing to voice objections to the model over security issues. “At times I’ve felt like Galileo trying to convince the Catholic church that the sun does not revolve around the earth”, he quipped. Those who contend the cloud is an unsafe place to store assets like mission-critical applications are basing this opinion on false assumptions, the Qualys CEO proclaimed.
There are many falacies about the cloud that get tossed about, he continued, and the IT infrastructure is here to stay and only grows larger each day. In fact, Courtot added, nearly all organizations make use of the cloud in many facets of their business. “Like every new technology”, he surmised, “[the cloud] brings with it new challenges”.
The problem is not any inherent insecurity in cloud models, he noted, but rather that hackers, criminals, etc., are highly adaptive and will adjust their strategies to compromise data wherever it lies, whether it is in-house or stored in the cloud. It’s the cloud’s potential, Courtot said, that can help harness the explosion of new technologies in the IT space, as well as the collection of vast amounts of data by organizations that has resulted into the recently coined phenomenon of Big Data. The key, he added, is how do we harness all of this new data and technology and do so in a more secure manner?
One of the fundamental components of cloud infrastructure, as identified by Courtot, includes web applications. “The big advantage of the cloud is that it’s always on, and always up to date”, he observed. Courtot said that security professionals now have a seat at the table in creating the framework for this new model, and thereby build in security from the outset. “Web applications have become the new perimeter” and its corresponding contact point in the endpoint browser. “With this in mind”, he continued, “we can start thinking about how to build security into the cloud”. The reason this ‘new perimeter’ is so important, Courtot insisted, is because web applications will “remain the weakest point” in the digital ecosystem for some time to come.
“For the first time, we as security people have the opportunity to drive security into the fabric [of computing] instead of after the fact....There is a need for new tools to remediate web application vulnerabilities” because, as Courtot opined, quality software engineers are not interested in addressing the security aspects.
“We have a fantastic opportunity to build security into the cloud”, he said in closing, “while at the same time embracing a new technology”.