Can 500,000 dollars block cloud security vulnerabilities?

Philippe Courtot, a longtime advocate of cloud security, believes he has found the Achilles heel of cloud security and has decided to protect it.

Courtot signed a 500,000-dollar personal cheque to fund the trustworthy Internet Movement (the trusted Internet Movement, TIM) to bolster Internet security rather than the idea of profiting from these vulnerabilities.

At the RSA Conference last week, Courtot officially announced Tim, the embodiment of Courtot's love for the internet, and his belief that an independent approach is needed to protect the Internet. Courtot, chief executive and chairman of security software company Qualys, created Tim as an independent supplier of innovative initiatives.

Courtot, a 67-Year-old founder partner in the Cloud Security Alliance, is also a Stopbadware board member of the nonprofit anti-malware organization and has a place in TechAmerica's CxO. Describing his past work, he casually mentions that Vint Cerf and Marc Benioff are his colleagues, and that the Internet is "my favorite" and that it has already been implanted in "my DNA."

Courtot admits to seeking funding from other sources, but concludes that only a boycott of corporate sponsorship can ensure that Tim continues to pursue his goals without the influence or pressure of outsiders seeking return on investment.

Asked if he would benefit from his investments, Courtot said "absolutely no" and said any income would come into the organization.

Tim's main goal is a broad goal: to improve cloud security by altering the factors that make the Internet unsafe. Courtot said in his study with Qualys that 3,000 web pages from "the world's most reputable websites" contained malware, 52% of them through advertising.

Complicating the problem is the current gap in defense work, Courtot says his research shows that Google's safe browsing API misses 82% of the malware found in the survey. At the level of web development, Courtot said, research has shown that 54% of sites in the 1.4 million-scanned web site still support the SSL 2.0 protocol, which was attacked 17 years ago.

These problems make Courtot more explicit that cloud computing vulnerabilities are largely the result of threats lurking in the public Internet itself.

"Everyone gets nervous, you might ask, where exactly are these attacks coming from?" Courtot said, "Like the Pirates of the past when goods were transported through the sea, guess where the pirates would come from." Now most of the malware we find comes from the Internet, and the internet itself needs to be more secure and trustworthy. ”

In the face of this daunting task, Courtot hopes to get some inspiration from his past work experience in technology shrouded in suspicion. In his collaboration with Qualys in the early days of cloud computing, he likens the explanation of cloud computing to the corporate IT community as Galileo tried to convince the Catholic Church that the Earth revolves around the sun.

"In the beginning, no one believed us, they would say, ' How can it be safe to put data outside the company? '" he says. It's like heresy. ”

He wants to dispel widespread criticism of cloud security. To achieve this, Courtot calls for transparency between cloud vendors and their customers, which allows customers to better understand the shift from buying to paying services. Once more customers understand that the risks involved in cloud service delivery come from Internet security issues, more customers are willing to deploy cloud computing.

"I've been thinking about the obstacles to this deployment," he says. "You need to recognize the barriers to deployment before you can figure out how to solve them." ”

At the RSA Conference, Courtot was almost the only person to call for a fundamental shift in Internet security. In his keynote address, Symantec CEO Enrique Salem that the younger generation is a new hope for changing the security of enterprise endpoints, since those born in the the 1990s have been exposed to these technologies early, and Salem says a more efficient workforce will require new methods of authentication and security.

In this regard, Salem did not express its support. Paul Kenyon, chief operating officer of Avecto, agrees with his views and calls for seamless integration of security and productivity applications.

"Just as consumer security providers are increasingly making their security applications work in the background and requiring minimal involvement from computer users, the business security industry also needs to simplify the endpoint security that employees use," says Kenyon. ”

"We do not want to be a huge organization capable of solving all the problems on Earth," Courtot said. "We are very pragmatic in our work, find the balance, and then keep the balance." ”

(Responsible editor: The good of the Legacy)