Organizations today face a major challenge: To digitally transform their business amidst an increasingly complex regulatory business environment. Digital transformation — the use of cloud computing, mobility, IoT and other new technologies to make organizations more innovative, agile and flexible — has become a competitive requirement for growth. Simultaneously, governments are broadening regulations, especially those designed to promote their citizens’ data privacy and security, like the European Union’s General Data Protection Regulation (GDPR). The confluence of these two trends creates the perfect storm that now compels organizations to accelerate their digital transformation and rethink security so it can be “built in” rather than “bolted on” – as it’s currently done.
As a result, organizations are turning to cloud-based architectures and solutions that automate and continuously assess both their security and compliance posture across their on-premises, endpoints and public and private cloud environments at scale. This is a complex task because their digital transformation initiatives introduce new and constantly changing apps and web services that generate, collect and analyze massive amounts of customer data. Full visibility into their hybrid IT environment — on premises, in clouds and on mobile endpoints – is now paramount so they can constantly monitor and secure these IT assets to manage risk and document compliance.
From the Cloud, For the Cloud
Qualys pioneered the concept of delivering security and compliance solutions that automatically scan and report on the compliance state of any assets anywhere from a single, highly scalable cloud platform. The company is extremely well positioned to help companies of all sizes secure their digital transformation efforts while streamlining the plethora of security and compliance point solutions they currently deploy and maintain.
Its cloud architecture allows customers to identify assets deployed in any hybrid environment using lightweight agents and scanners (active and passive). These sensors automatically and continuously collect IT, security and compliance data and send it to the platform for real-time analysis.
Consolidating the “stack”
Consolidating the stack has become a major imperative for CIOs and CISOs as they cannot continue to add point security and compliance solutions for new environments and regulations. With native integrations with all major public cloud providers, Qualys uniquely offers a suite of integrated, self-updating Cloud Apps to cover new regulatory needs – all delivered from a single platform providing a single-pane-of-glass view for CIOs, CISOs, security teams and compliance auditors.
For example, Qualys Policy Compliance (PC) helps companies continuously reduce risk and demonstrate compliance with any number of internal policies and external regulations with global impact, such as GDPR, U.S. National Institute of Standards and Technology (NIST) frameworks, the Payment Card Industry Data Security Standard (PCI-DSS), and the Reserve Bank of India’s (RBI) Cybersecurity Guidelines. Since the scale of digital transformation requires automation to collect this data, PC automates the labor-intensive process of checking and documenting configuration settings on each IT asset in the network.
Other Qualys Cloud Apps that help organizations with compliance include:
- PCI Compliance (PCI): Qualys PCI automates and streamlines the PCI-DSS compliance testing, reporting and submission process, so organizations can make sure they’re meeting the requirements for protecting the collection, storage, processing and transmission of cardholder data.
- Vulnerability Management (VM): Qualys VM continuously scans and identifies vulnerabilities with Six Sigma accuracy, protecting an organization’s IT assets on premises, in the cloud and mobile endpoints. Qualys VM generates custom, role-based reports, including automatic security documentation for compliance auditors.
- File Integrity Monitoring (FIM): Qualys FIM logs and tracks file changes across global IT systems, so that organizations can detect and identify risks and incidents from normal and malicious events.
- Security Assessment Questionnaire (SAQ): Qualys SAQ automates the process of conducting IT security risk assessments among an organization’s third parties, such as vendors, partners and contractors. SAQ automates survey design, campaign management, result collection and report generation.
- Cloud Security Assessment (CSA): Qualys CSA enables businesses to continuously monitor and secure their public cloud infrastructure against misconfigurations, malicious behavior and non-standard deployments.
Qualys customers have found its Cloud Apps helpful for preparing to comply with the upcoming GDPR, which goes into effect in May 2018 and imposes strict requirements on millions of businesses, subjecting violators to severe penalties.
For example, organizations must know what personal data of EU residents they have, where it’s stored, with whom they’re sharing it, how they’re protecting it, and what they’re using it for. GDPR also requires that they quickly respond to requests from residents, including deleting, disclosing or transferring their personal information. Data breaches must be reported within 72 hours. Organizations also must prove they obtained consent from residents whose data they’re handling. GDPR also requires that organizations ensure that third parties they share data with — vendors, partners — comply with the regulation requirements.
A Visionary Leader and Forward-Thinking Team
Philippe Courtot is the CEO of Qualys, and as its leader has worked with numerous organizations in order to improve their IT security and compliance postures. To date, he has demonstrated a brilliant mix of technical vision, marketing and business acumen and has repeatedly built innovative companies into industry leaders. Philippe was named the 2011 CEO of the Year by SC Magazine Awards Europe and served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. The French-born leader holds a master’s degree in physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987. Sumedh Thakar, Qualys’ Chief Product Officer, brings the knowledge and experience in building and delivering that highly scalable cloud platform architecture behind the Qualys Cloud Apps. Sumedh, who has been with the company since 2002, earned a bachelor’s degree in computer engineering from the University of Pune, India.
A Unique Organization
What makes Qualys a one-of-a-kind risk and compliance vendor is its customer-centric focus on building security and compliance for the digital age. Qualys’ consolidation of the security and compliance stack streamlines IT security operations so organizations don’t have to worry about the cost and time required to manage heterogeneous products from multiple vendors. Instead, they can focus on providing timely and accurate responses to auditors, showing that the required controls are in place and that their environment is continually compliant.
Picture of the Bright Future
When it comes to the company’s future, Qualys is relentlessly customer centric and fully committed to helping its customers achieve compliance with complex internal policies, industry mandates and external regulations, as well as assess vendor risk in a hyperconnected world. With new cloud-based solutions, Qualys will continue helping its customers build security and compliance monitoring into new technologies that power digital transformation. That way, customers will have the clarity, control, and flexibility they need to keep their organization compliant amid global regulations that continue grow in size and scope. Future capabilities for the platform will include allowing organizations to continuously improve their risk and compliance posture through automated remediation of compliance failures.