Qualys has been cloud-based from day one. What do you make of the attempts by your competitors to join you there?
I think they have been in denial for a long time, until recently. They believed cloud computing would be limited to a certain number of applications that didn’t have the security, customisation and integration requirements that they believed enterprise applications must have. For a long time they felt that if you want to secure your information you have to keep it inside. Then they realised that the cloud phenomena was much more disruptive than they thought and they started to pay attention. The biggest challenge they have is that, for them, the cloud represents not only a technological change but also a business model change.
We’ve seen the large players buy the few cloud computing security companies – MessageLabs, ScanSafe, MX Logic and a few others – and there aren’t that many left. The challenge for the big players now is that, because they can’t buy, they have to build, and that’s a huge undertaking.
Did other security vendors initially think that they could simply move their desktop products to the cloud?
That’s the natural tendency and it’s the mistake Siebel Systems made against salesforce.com. They thought that they could take their technology into the cloud, but enterprise technologies are built for an enterprise and cloud computing applications are built to scale to many, many users. It requires re-writing an application and building all the infrastructure around it is not a simple undertaking; it’s a minimum of five years.
So how far down the line are the likes of McAfee and Symantec?
Very far behind. They also cannot buy their way in. Security applications by themselves are very complex. It’s much more complex to do a security app than a word processing app. You need specific domain expertise, then to build that as a service is another degree of complexity.
What did you see in cloud computing all those years ago?
It’s the economy of scale; you were eliminating the need to install and maintain software. The proof of the pudding is that we have more than 40% of the Fortune 100 companies and about 22% of the Fortune 1500. The reason is we have no competition at the high-end. Cloud computing architecture is better because you have one data centre and appliances that connect to it. The appliance is managed in the data centre and all clients need to do is use their browsers.
There were a lot of naysayers who told us that security people would never accept a solution where the data is outside the company. But that’s changing now.
Are we likely to see more consolidation between security firms and cloud providers?
Cloud vendors must secure their infrastructure, because if they don’t being breached represents a significant business issue. I think we’re likely to see cloud vendors acquiring small vendors. Not for products, but more for the talent and maybe some of the technology that has been developed for their own internal need to secure applications. If you look at the likes of Google and Amazon, they are hiring many people in security roles.
Content from our partners
What about the cloud arena in general? What do you make of Microsoft’s efforts there?
Microsoft is going through a very significant shift; they are now burning the midnight oil to get there. They have two big initiatives – Azure and moving Outlook and Office into the cloud. They are working very hard and still have a chance but there is a lot of catching up to do. It’s not too late; Google has not put a big effort into capturing the enterprise, which has left Microsoft time. Google is now fighting multiple battles, such as mobile.
What do you think the future holds for Qualys?
We have established a fantastic customer base and have become the leading vulnerability management firm and are rolling out new applications, such as our malware detection service. We are at the scale where we can go public, but to do that we have to show good adoption of our new applications. We’re getting there; we have a powerful story but we don’t want to go to Wall Street with a story; we want to go to Wall Street with proof that we’ve taken a strong market position.
