Q&
EDITOR’S
HADI JAAFARAWI, MANAGING
DIRECTOR, QUALYS MIDDLE EAST
cloud-specific security and compliance
challenges, which can be complex and cost-
prohibitive to address without the right tools
and processes.
Organisations’ cloud security difficulties
lie in two main areas – lack of visibility into
their cloud assets and resources, and a
misunderstanding of cloud providers’ shared
security responsibility model.
As a result, organisations are at risk of
easily preventable security mishaps in public
cloud deployments due to leaky storage
buckets, misconfigured security groups and
erroneous user policies.
As more and more business units move
workloads to the cloud, security teams lose
visibility into infrastructure deployed outside
of their control across cloud platforms.
This problem becomes compounded if the
ra
w
i, M
an
agi
ng D
irector,
O
dl e
Qualys Mid
t
Eas
rganisations of all sizes and in
all industries are aggressively
deploying innovative products to
new online channels, digitising their core
services while transitioning core business
workloads to public clouds as part of Digital
Transformation efforts to increase business
efficiency and competitive edge.
According to Gartner, the worldwide
public cloud services market is projected to
grow 17.3% in 2019 to total US$206.2 billion,
up from US$175.8 billion in 2018.
As these organisations increase their use
of public cloud platforms, they encounter
50
Infosec teams need
to know what
vulnerabilities exist
in the new cloud
environments their
business units are
leveraging and prioritise
threats based on
criticality indicators.
organisation is using cloud platforms from
more than one vendor.
Infosec teams need to know what
vulnerabilities exist in the new cloud
environments their business units are
leveraging and prioritise threats based on
criticality indicators. They also must monitor
regulations, industry mandates and internal
policies to make sure their organisation
is compliant with these requirements. In
addition, the security team must establish
remediation processes to address the
elasticity of cloud environments.
It’s key to understand the specifics of the
‘shared security responsibility’ model i.e.
responsibility for security is shared between
the cloud vendor and the organisation
consuming cloud services. Whatever
happens inside the virtual machine (VM)
is the business responsibility, while the
physical hardware, virtualisation and cloud
services are managed and secured by the
cloud provider.
Qualys provides a full set of security
and compliance solutions for public cloud
hosts and instances, including vulnerability
management, policy compliance, file integrity
monitoring and web application scanning.
These solutions can help businesses:
Identify, classify and monitor all assets
and vulnerabilities across on-premises,
cloud, endpoint or mobile environments
Comply with internal and external policies,
as well as government regulations
Prioritise vulnerability remediation
Automatically find and eradicate malware
infections on all websites and web apps
Integrate and automate security
and compliance throughout your
DevOps pipeline