View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
June 2, 2010

Q&A: Philippe Courtot, CEO, Qualys

Steve Evans talks to the CEO and founder of on-demand security firm Qualys about what his rivals are doing wrong when it comes to cloud security.

By Steve Evans

Qualys has been cloud-based from day one. What do you make of the attempts by your competitors to join you there?
I think they have been in denial for a long time, until recently. They believed cloud computing would be limited to a certain number of applications that didn’t have the security, customisation and integration requirements that they believed enterprise applications must have. For a long time they felt that if you want to secure your information you have to keep it inside. Then they realised that the cloud phenomena was much more disruptive than they thought and they started to pay attention. The biggest challenge they have is that, for them, the cloud represents not only a technological change but also a business model change.

We’ve seen the large players buy the few cloud computing security companies – MessageLabs, ScanSafe, MX Logic and a few others – and there aren’t that many left. The challenge for the big players now is that, because they can’t buy, they have to build, and that’s a huge undertaking.

Did other security vendors initially think that they could simply move their desktop products to the cloud?
That’s the natural tendency and it’s the mistake Siebel Systems made against They thought that they could take their technology into the cloud, but enterprise technologies are built for an enterprise and cloud computing applications are built to scale to many, many users. It requires re-writing an application and building all the infrastructure around it is not a simple undertaking; it’s a minimum of five years.

So how far down the line are the likes of McAfee and Symantec?
Very far behind. They also cannot buy their way in. Security applications by themselves are very complex. It’s much more complex to do a security app than a word processing app. You need specific domain expertise, then to build that as a service is another degree of complexity.

What did you see in cloud computing all those years ago?
It’s the economy of scale; you were eliminating the need to install and maintain software. The proof of the pudding is that we have more than 40% of the Fortune 100 companies and about 22% of the Fortune 1500. The reason is we have no competition at the high-end. Cloud computing architecture is better because you have one data centre and appliances that connect to it. The appliance is managed in the data centre and all clients need to do is use their browsers.

There were a lot of naysayers who told us that security people would never accept a solution where the data is outside the company. But that’s changing now.

Are we likely to see more consolidation between security firms and cloud providers?
Cloud vendors must secure their infrastructure, because if they don’t being breached represents a significant business issue. I think we’re likely to see cloud vendors acquiring small vendors. Not for products, but more for the talent and maybe some of the technology that has been developed for their own internal need to secure applications. If you look at the likes of Google and Amazon, they are hiring many people in security roles.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

What about the cloud arena in general? What do you make of Microsoft’s efforts there?
Microsoft is going through a very significant shift; they are now burning the midnight oil to get there. They have two big initiatives – Azure and moving Outlook and Office into the cloud. They are working very hard and still have a chance but there is a lot of catching up to do. It’s not too late; Google has not put a big effort into capturing the enterprise, which has left Microsoft time. Google is now fighting multiple battles, such as mobile.

What do you think the future holds for Qualys?
We have established a fantastic customer base and have become the leading vulnerability management firm and are rolling out new applications, such as our malware detection service. We are at the scale where we can go public, but to do that we have to show good adoption of our new applications. We’re getting there; we have a powerful story but we don’t want to go to Wall Street with a story; we want to go to Wall Street with proof that we’ve taken a strong market position.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.