Hybrid model brings security to the cloud

SaaS in a box behind the firewall might just give you the security assurance you need when computing in the cloud

We all know the Internet is not secure, yet more companies are turning to the cloud for business solutions. With that in mind, I spoke with Philippe Courtot, CEO of Qualys, a security provider that offers a unique hybrid of the cloud model.

QualysGuard is a suite of services that scan your network for vulnerabilities, ensuring that all devices are in compliance with company security policy, as well as external regulations.

The service is used by 200 of the Forbes Global 2000, Courtot tells me.

The cloud's silver lining: Tethered security

What is unique is the delivery model, which begins as SaaS in the cloud, though not of the free-floating kind, you might say. It is tethered to an appliance that Qualys puts behind your firewall. Once connected, Qualys manages the device, which in turn manages numerous aspects of the security of your network. One of the company's largest customers -- Courtot wouldn't say who -- has more than 223 managed security appliances worldwide.

[ For more on cloud computing's impact on IT, see "The dangers of cloud computing," "Cloud options for IT that IT will love," and "Nick Carr: The many ways cloud computing will disrupt IT." ]

The hardened appliances sit behind the firewall with all data encrypted and almost no way to actually access the box. There is a small keypad that will allow a security manager to put in originating IPs and credentials; otherwise, the box is closed.

It's a nice compromise. As Courtot points out, businesses in aggregate shell out about $84 billion to manage 400 million Exchange clients, while with Google Mail, there is no infrastructure. In theory, those Exchange servers behind your firewall are more secure than Google Mail, which just sits out there, untethered, in the cloud.

Qualys hybrid model means the user has no infrastructure to speak of, yet gets the behind-the-firewall security many companies demand.

Currently Qualys remotely manages about 7,000 appliances worldwide.

Where an appliance makes sense

You might think of the setup like iTunes and iPod. If you want to listen to iTunes, you need a device: the iPod. Here, if you want to have your data checked, the appliance is the device, but it's on your site.

I think the hybrid idea has legs. As Courtot says, whenever you have to gather and probe data, the idea of an appliance makes sense.

The health-care industry seems a logical fit, and when I asked Courtot, he said, yes, Qualys is working with Kaiser on just such a solution.

As we push toward EHR (electronic health records), an appliance like this can monitor all the devices that will become vulnerable to attack, from MRI scans at one hospital site being accessed by another hospital, to a doctor sending a prescription to the pharmacy.

Cutting ties to the cloud, on a personal note

Speaking of cutting the ties. As you might guess, as a writer, I like to write all kinds of stuff. Well, after years of hassles with my PC -- crashes, must-have security-update reboot messages every time I sit down at my desk, and the like -- when all I want to do is write, I cut the ties last week, disconnecting my PC from the Internet. Now it is essentially an electronic typewriter, and I'm loving every minute of it. I don't need security updates because as far as the Internet is concerned, I no longer exist.

Even computer crashes that could not be directly blamed on being connected have stopped dead -- not one crash, not one stupid message. Every day when I sit down at the PC, it is just where I left it. Nothing goes wrong. Yes, on occasion I have a knee-jerk reaction to look something up on the Web, but I curb that desire and wait until I can get to another PC in the house.

Cutting the umbilical cord with the network allows me to focus without self-made distractions, like looking up on Google every random thought I have, to distractions that have become part of the DNA of computing, pop-ups, updates, uploads, IMs, tweets, and all the rest.

It's liberating. Try it.


Copyright © 2009 IDG Communications, Inc.

How to choose a low-code development platform