Towards a secure cloud... QualysGuard and Cloud360 join hands for "SecureApp"

Enterprise IT is becoming increasingly dependent on hybrid cloud infrastructures for executing day-to-day business operations. But when enterprises shift from traditional and static compute environments to dynamic IT services, they often face challenges related to configuration, data residency, data privacy and compliance. As a result, it is absolutely necessary for enterprises to be geared up against any risks that come with cloud adoption.

The World Economic Forum has identified cyber threat as the 4th most significant global trend in 2014, and no doubt every executive expresses security as the single most challenge to ensure a safe environment across clouds. Therefore, the security of enterprise applications has become a matter of great urgency. Keeping all these factors in mind, Cognizant has developed a joint solution 'SecureApp' by integrating Cloud360 with QualysGuard, to safeguard application environments from security vulnerabilities and exposing the threats to the automated systems of Cloud360 for auto-remediation.

The best thing about this solution (infographic) is that it facilitates on-demand, periodic, and continuous scans to identify vulnerabilities, and undertakes auto-corrective actions whenever necessary. It offers a holistic management console that safeguards applications from both internal and external security threats. It scans through the entire applications stack, database, operating system, and platform services and auto-remediates with configurable policies. It not only identifies issues related to security but also safeguards enterprise applications from compliance vulnerabilities. It protects the cloud environment from both internal compliance threats and threats related to industry and regulation compliance.

“The Cognizant Cloud360 platform offers a seamless cloud-based service management layer between applications and infrastructure helping enterprises achieve agility, operational efficiency, and better IT governance, ” said Philippe Courtot, chairman and CEO for Qualys. “The QualysGuard Cloud Platform seamlessly integrates with Cloud360, helping customers to continuously assess their security and compliance posture with no software to install and maintain.”

“Cognizant is committed to helping clients worldwide find the best solutions to meet their most critical cloud security challenges,” said Ramesh Panuganty, Founder and Managing Director for Cognizant Cloud360. “Now, partnering with Qualys, we are pleased to offer our customers industry leading QualysGuard solutions to enable them to secure their multiple cloud environments and meet compliance regulations easily and seamlessly through the Cloud360 platform.”

QualysGuard is used by 6,700 consumers in over 100 countries, performing over 1 billion IP scans/audits every year. Fortune 1000 enterprise customers across the globe fall back on Cloud360 for managing thousands of virtual environments and performing millions of cloud operations every day. Together, Cloud360 and QualysGuard helps you define, orchestrate, and operate multiple IT environments through one console, supported by an across the-board security vendor, QualysGuard, to ensure best-in-class security services.

Making Bugs Ineffective

“Let’s make him ineffective”. In the movie Speed, the hero makes this statement when the villain threatens to blow up the cable of the elevator and thus kill its occupants. He saved the situation by securing the elevator with another parallel cable that gave him sufficient time to rescue the occupants even after the main cable was blown up.

We apply a similar strategy for Cloud360 as well; the strategy to make any bug ineffective. Since it is not feasible to have control over all datacenter situations, the next best thing that we do is neutralize the effects of the bad elements that have the potential to de-rail the solution.  As a result, bugs are not allowed to disrupt work. If the Management Console is not connected, the Service Console continues to do its job.

The other approach that we take is to identify any potential issue that may affect the health of the environment so that necessary measures can be taken before any real damage is done. In software testing and compliance, any unintended change is the enemy of quality. Without confidence that each virtual machine has been properly configured and there is consistency across the environments, it is impossible to know if a system crash or slowdown is due to a bug or merely an incorrect patch level or system setting. Without proper and consistent configurations, there is no way to ensure that known security vulnerabilities (a leading cause of security breaches) have been properly closed in all affected systems.

Cloud360 deployments are loosely coupled such that if one component fails, the impact is confined to either just one or two use-cases and does not impact the whole system as such. This is applicable even if the network connectivity fails across components where the queuing kicks in. Since Cloud360 configurations work across provider platforms, any bugs that may result from differences between staging and production hardware are also eliminated. Cloud360 thus delivers improved software quality and compliance through increased consistency in the testing environment and standardization of platform.