By Bob Michaud, Chief Security Officer, Q2

October is Cybersecurity Awareness Month, and Q2 is proud to serve as a cybersecurity awareness champion. Every year, I take a closer look at cybersecurity through a series of blogs focused on relevant cybersecurity topics that matter to Q2 and its customers. This year, my blogs will focus on Q2’s security posture, which leverages emerging innovation from our distributed cloud.

Q2 has delivered services from the cloud since 2015. But the distributed cloud approach is different. It’s the next evolution from simply ‘being in the cloud’ to using all of Q2’s digital solutions together. In the distributed cloud approach, all hosting environments are woven into a single delivery plane. Public and private clouds, multiple public cloud vendors, and a private cloud using multiple active-active data centers (and using the edges of the internet closest to the users and closer to the point of business) are all wrapped together to create Q2’s distributed cloud. The distributed cloud is only now emerging, and the industry is beginning to talk about it in earnest. Each week in October, we’ll explore the approach to the different principles and technologies we’ve chosen to implement Q2’s distributed cloud.

The importance of verifying trust
I live in the middle of America and grew up on a farm. Trust is a part of what makes the Midwest a special place. At times, you have to verify trust, but in general, we have a trusting nature. Similarly, the distributed cloud is all about delivering trust. As Q2 helps customers take their brand to market, we provide more than software. Together, we deliver trust. Customers trust they can access their funds whenever they need, and they trust their money and information are safe. Hosting each of our FI customer's services and digital branches is an earned responsibility that comes from being transparent in how we do what we do.

Balancing innovation and risk
Q2 understands the imperative to leverage the emerging technology of distributed cloud. And, we must continually balance the speed of innovation with the pragmatic foundation of managing risk. Gartner’s Cloud Risk Model is an excellent framework to educate consumers about cloud services, including several significant areas of concern and benefit.

The final (and most broad) component of Gartner’s Cloud Risk model is security. In the following weeks, I will share how Q2’s award-winning security posture rests on these pillars:
- Perimeter layers
- Zero-trust/end-point hardening
- Secure Access Service Edge (SASE)
- Protecting the data

Next week’s blog will focus on perimeter security layers, how Q2 addresses the mix of public and private cloud, and the points of control and responsibilities driving the pillars to adapt.

Thank you, and happy Cybersecurity Awareness Month!


Written by Q2