Modern CISOs face more challenges than ever before with a constantly evolving threat landscape, regulations to comply with and management of an increasingly digitalised infrastructure. In a customer round table at the Qualys Security Conference EMEA ’21 Virtual Event, Guiseppe Brizio, CISO EMEA, Qualys, heard about the key challenges for modern CISOs in the fast-emerging multi-cloud world.
Digital Transformation has been on the agenda of many enterprises for some time but the arrival of COVID-19 meant CIOs, who had been fine-tuning their strategies, were suddenly forced to accelerate their pivot to digitalisation.
As lockdowns were introduced across many parts of EMEA, organisations quickly scrambled to mobilise remote workforces and implement the ICT infrastructure that would enable Business Continuity no matter where employees were based.
‘Digital’ became both the destination and the means of getting there, with cloud, and public cloud, a key enabler of this.
According to predictions from International Data Corporation (IDC), 65% of the world’s GDP is set to be digitalised by 2022 and direct Digital Transformation (DX) investments are to total US$6.8 trillion between 2020 and 2023.
The market intelligence firm cited the ‘myriad business challenges’ presented by the COVID-19 pandemic as having ensured that the global economy remains firmly on course for its ‘digital destiny’.
And according to IDC’s Worldwide Quarterly Cloud IT Infrastructure Tracker, spending on public cloud IT infrastructure increased 13.1% year over year in Q320, reaching US$13.3 billion.
This adoption of public cloud – and the benefits of it – were highlighted by C-level end users in a customer round table at Qualys’ recent QSC EMEA’21 Virtual Event.
The panel was asked to discuss their strategic positioning towards the public cloud, with participants highlighting the opportunities this will provide, as well as security considerations arising.
Bruno Laurent, Cyber Defense Head, AXA, said using SaaS and PaaS solutions has enabled capacity for the business to digitally accelerate. The benefits that can be unlocked when solution providers deliver innovation is also ‘instantaneous’.
Cloud, ‘done right’, was also highlighted as a business growth enabler by Jared Carstensen, CISO, CRH.
He said: “I think for me, personally, cloud done right takes you to the next level in terms of where you can go as a business. I think it can remove so many barriers and act as so many levers that you can start to pull such as speed, efficiency, metrics, management, oversight.”
Sumedh Thakar, Interim CEO and Chief Product Officer, told panelists that cloud is ‘more about the architecture’.
He highlighted that Qualys itself had been able to significantly expand from having a single solution to having multiple different capabilities on the single platform in the last couple of years.
This is an area which is also benefiting security, he said, adding: “Cloud does offer an opportunity where you can go to one platform and be able to leverage all of the things that you need for your security and not have to buy 50 different solutions and vendors and put them together.”
Key cloud security challenges and how they’re being addressed
Today’s CISOs don’t have an easy job as they navigate an ever-evolving threat landscape while ensuring compliance with industry regulations and enabling Digital Transformation.
Panelists were asked to outline the top three key challenges facing them and how these are being addressed.
Alain Simon, Corporate VP/CISO, Amadeus, highlighted the challenge of adapting to the rapidly changing threat landscape.
“Fast detection is going to be key in the coming years, I believe. And really dealing with the amount of events and making sure that we have an effective triage when we do threat intelligence and so on, is going to be key as well,” he said, adding that compliance was the second key challenge and, finally, cloud.
“We need to make sure that the products that we are using today are actually compatible with different cloud providers and that we will be able to actually get at least the same or better results as we have today in our data centre.”
Bruno Laurent, Cyber Defense Head, AXA, added that organisations now have a ‘hybrid world’ to manage.
Qualys’ Philippe Courtot, Chairman & CEO, Qualys, highlighted that vendors need to be ready for the change which is on the way as we enter the ‘new cloud world’.
“First, you cannot secure what you don’t know. Today, very few companies have a view of their entire IT assets. Are they managing them, are they end of life? So that’s something that at Qualys we have been working really hard at solving,” he said.
“The second problem is the problem of the applications themselves. What I call the soft belly of security is all these web applications that we have. And of course, that needs to be really secure.”
Finally, he added, was the ‘shift left’ being observed. Whether organisations use the public or private cloud, there must be a sense that whatever is built will have ‘minimum vulnerabilities’.
“Every vendor needs to be really ready to realise that the change is in front of us – and those who rise to the challenge will survive.”
- You can access on-demand content from QCS EMEA ’21 or try a free trial at qualys.com