Longtime cloud security advocate Philippe Courtot believes he has identified the Achilles' heel of cloud security, and he wants to protect it.
So, rather than look for a new way to profit off of these vulnerabilities, Courtot wrote a personal check for $500,000 to help fund the 100% nonprofit Trustworthy Internet Movement (TIM) as a way to change a dynamic in Internet security.
Formally announced during last week's RSA Conference, the Trustworthy Internet Movement is the result of Courtot's passion for the Internet and his perceived need for an independent approach to securing it. Currently the CEO and chairman of security software firm Qualys, which specializes in cloud security and may soon go public, Courtot founded the TIM as a separate, vendor-neutral innovation initiative.
In the past, the 67-year-old Courtot has also acted as a founding partner of the Cloud Security Alliance, worked on the board of nonprofit anti-malware group StopBadware, and held a seat on TechAmerica's CxO Council. In describing his past work, he freely drops names like Vint Cerf and Marc Benioff as colleagues, while explaining that the Internet is "very dear to my heart" and is even "in my DNA."
Courtot admitted to pursuing funding from other sources, but concluded that resisting corporate sponsorship would allow the TIM to pursue its goals without the influence or pressure from outsiders looking for a return on investment.
When asked whether he will receive a return on his investment, Courtot replied with an emphatic "not at all," confirming that any revenue will go back into the organization.
The main objective of the TIM is a broad one: improve cloud security by changing the dynamics that make the Internet unsafe. Courtot cited research he has conducted with Qualys that found 3,000 pages from "the most reputable websites in the world" were carrying malware, 52% of which came through advertisements.
Compounding the problem are the gaps in current prevention efforts, as Courtot says his research showed that Google's Safe Browsing API missed 82% of the malware involved in the study. At the Web development level, Courtot says the research showed that 54% of 1.4 million scanned websites still supported the SSL 2.0 protocol that was hacked 17 years ago.
These issues, among others, made it clear to Courtot that the vulnerabilities of cloud computing stem from the threats lurking within the public Internet itself.
"Everybody is becoming nervous, and you don't need to be extremely smart to just say, 'Where are these attacks coming from?'" Courtot says. "Like in the good old days of piracy, when the goods were coming through the ocean, guess where the pirates were -- on the ocean. So today you find absolutely that most of this activity is on the Internet. So the Internet itself needs to be made significantly safer and trustworthy."
Sign up for CIO Asia eNewsletters.