Strategies For The Efficient CISO

Tuesday, December 28, 2010

Sasha Nunke


Cloud computing and SaaS are clearly here to stay and are presenting a major disruption to the IT industry.

This paper discusses how this new model will ultimately make security easier and more embedded into the architecture of cloud services, while allowing CISOs to select the best cloud providers and SaaS applications to keep their data secure and systems operating more cost effectively and efficiently within regulatory compliance.


Who would have believed, barely a few years ago, that so much highly coveted data – financial, customer, medical, marketing, and more – would have moved so quickly to the cloud.

Today, it seems, there’s hardly an application that hasn’t been made available as an online service. even among the proponents of cloud computing, few thought corporate software and data wanted to be liberated so quickly – and be readily available anywhere, anytime, on any device.

Today, it seems more unusual not to have a Software-as-a-Service (SaaS) or cloud offering that adds to, or completely replaces, a software maker’s traditional applications.

We believe that the SaaS and cloud computing revolution holds the potential to benefit everyone in the software industry, and all who rely on it for their business.

For instance, we in the industry are well experienced with the fact that software is evolving too rapidly to keep up. and managing on-premise applications is a never ending process of software enhancements, upgrades, security fixes, and new installations.

Few would disagree that there are too many security vulnerabilities affecting too many applications – and creating too much risk for enterprises everywhere.

And within this disorder, most of the burden has fallen on the shoulders of corporations that have had to dedicate extraordinary resources to patch and mitigate the security holes.

The Challenge of Traditional Software

According to the laws of vulnerabilities 2.0 research, the average time it takes companies to patch their vulnerabilities is 59 days. five years ago, that number was 60 days. That’s a reduction of one day in the past five years.

When one considers all of the effort and automation that has gone into patch management in the past five years, that’s not much improvement. This shows not only how steep the challenge is, but just how broken the current ecosystem of traditional software is.

Nothing is without tradeoffs. and we’re sure that along with all of the benefits of SaaS, new risks and challenges lay ahead. This is especially true as even more mobile devices access critical corporate data.

Consider the fact that 1 out of 10 laptops in use today will be lost or stolen – and we are well aware that most will not be encrypted. also, there’s a challenge today and going forward with securing new cloud computing architectures, and all of their various shapes and sizes.

Download the Rest of this Free White Paper Here

Also Available:

The Big Shift to Cloud-Based Security

Top 10 Reports for Managing Vulnerabilities

Managing Risk and Keeping Your Network Secure

Understanding and Selecting a Database Assessment Solution

Possibly Related Articles:
Cloud Security
Cloud Security Management Cloud Computing SaaS CISO
Post Rating I Like this!
Danny Lieberman What does stolen notebooks have to do with cloud computing exactly?

It would be helpful if the author provided citations for his numbers of time to patch.

Javvad Malik A typo in the link... it's not really a "free" white paper. It requires you to submit contact information before downloading the paper.

Information is never free. If it was, we wouldn't be securing it.
Danny Lieberman Good point Javvad.
I don't mind paying for interesting white papers - but this one seems to be have written by some new hire marcom person without much of a security background.
If Qualys wants to get our attention - they will have to work a lot harder.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.