qualys
Businessmodel of Qualys
Customer Segments
Qualys has a mass market business model, with no significant differentiation between customer segments. The company targets its offerings at businesses and government entities of all sizes.
Value Proposition
Qualys offers four primary value propositions: convenience, performance, risk reduction, and brand/status.
The company offers convenience by making its offerings easy to use. Its solution is cloud-based, meaning there is no software to implement or infrastructure to maintain. Furthermore, it can be scaled to the largest of businesses, from one to a million users. Clients can buy an entire suite or buy standalone applications. The platform provides a continuous view of a client’s compliance and security landscape, including all of their web applications and IP-connected devices. Lastly, it can be run from any web browser and can be run on-demand or automatically at preferred times.
The company has demonstrated strong performance through tangible results. As a high-profile example, Bank of the West used Qualys’s solution to eliminate security risks and meet regulations, facilitating its growth from 102 branches to 300 and from one Internet access point to six.
The company reduces risk through high security and safety standards. It operates the Qualys Vulnerability Research Team, which maintains a list of “Top 10 Vulnerabilities” that aids security administrators in prioritizing the most serious threats. It also keeps a thorough tracking of threats. In fact, an independent study found that Qualys collects the most comprehensive list of critical security vulnerabilities among threat management firms, nearly twice that of its closest competitor. These dangers are monitored on a continuous basis to manage them as they rise and evolve in real time. Lastly, the team creates 25 vulnerability signature updates per week on average, making the Qualys KnowledgeBase the biggest and most up-to-date vulnerability signature database.
The company has established a strong brand due to its success. It touts itself as the leading provider of compliance and information security cloud solutions. It is used by over 8,800 clients in more than 100 countries, including the following:
- Over 60% of the Forbes Global 50 and a majority of the Fortune 100
- 9 of the top 10 firms in Technology, Retail, and Biotechnology
- 7 of the top 10 firms in Chemical and Banking
- 6 of the top 10 firms in Software, Telecom, Media, Car Manufacturing, and Food Retail Its prominent clients include Pfizer, ADP, Cisco, Oracle, Facebook, Microsoft, Comcast, Staples, Verizon, Toshiba, and Daimler. Qualys‘s platform conducts over three billion IP scans/audits a year, resulting in more than one trillion security events. Lastly, the company has won many honors, including ranking as #1 in IDC’s Device Vulnerability Assessment revenue share report for six years in a row (2014), recognition as “Best Security Company“ by *SC *Magazine (2014), and high placements in Gartner’s Magic Quadrants for Web Application Security and Vulnerability Assessment.
Channels
Qualys’s main channel is its direct sales team. Its field sales force focuses on selling to enterprises (typically firms with 5,000+ employees) and government agencies, while its inside sales force focuses on selling to small and mid-size firms. The company also conducts sales indirectly through its network of channel partners, who include value-added resellers, managed service providers, and consulting firms. These partners accounted for 37% of total revenues in 2015.
Qualys promotes its offering through its social media pages, online marketing, advertising, web-based seminar campaigns, free trials and services, and participation in conferences.
Customer Relationships
Qualys’s customer relationship is primarily of a personal assistance nature. The company assists customers in the following ways:
- Support Services – Qualys provides free, 24x7x365 telephone customer support from service centers located in Raleigh, North Carolina; Redwood City, California; Reading, United Kingdom; and Pune, India. Customer inquiries made through e-mail are responded to within 48 hours. Service staff consists of trained subject matter experts and senior technical employees who work closely with operations and engineering personnel.
- Training Services – Qualys maintains the Qualys Training & Certification Program, which offers the skills, knowledge, and credentials needed to implement and use an enterprise vulnerability management system. Training workshops are provided in-person and online. Participants who pass the certification exam are named Qualys Certified Specialists and receive a certificate of training. Despite this orientation, there is a self-service component. The company’s website features a “Resources” section that includes product guides, product demos, data sheets, white papers, analyst reports, eBooks, and webcasts. The site also provides answers to frequently asked questions and a training library with how-to videos. Lastly, there is a community element in the form of a forum.
Key Activities
Qualys’s business model entails maintaining a robust cloud platform for its clients.
Key Partners
Qualys maintains the following types of partnerships:
- Integration Partners – Technology firms that integrate their solutions into the company’s cloud platform to provide enhanced offerings for its customers. Specific partners include VeriSign, CA Technologies, Sourcefire, Redseal Networks, Splunk, iMPERVA, iViz, and Core Security.
- MSP Partners – Managed service providers that utilize the company’s solutions for their offerings. Specific partners include Verizon, Fujitsu, Tata, NTT Communications, HP, Wipro, and SecureWorks.
- VAS Resellers – Value-added service resellers that sell the company’s products to their customers. Specific partners include Blue Cube, Fishnet Security, Dimension Data, Integralis, and Cjen.
- Consultants & Auditors – Service providers that utilize the company’s products for their customers. Specific partners include Deloitte Consulting, Accenture, EY, HP, and PricewaterhouseCoopers.
- PCI Partners – Service firms such as security consultants that utilize the company’s products to help their clients achieve PCI compliance. Specific partners include Accuvant, IBM, BT, Verizon, and Telus. The company maintains a manufacturing partnership with SYNNEX Corporation, through which it obtains its physical scanner appliances. The agreement is renewed on an annual basis. Qualys also has alliances with third-party vendors who host its data center operations in the U.S., Switzerland, and the Netherlands.
Key Resources
Qualys’s main resource is its proprietary software platform, which serves more than 8,800 clients.
It depends on human resources in the form of technology staff for maintaining the platform, its agile engineering teams for solution development, its research teams for identifying security threats, its training staff for providing instruction, and its customers service staff for providing support.
Cost Structure
Qualys has a value-driven structure, aiming to provide a premium proposition through significant personal service and frequent product improvements.
Its biggest cost driver is sales/marketing, a fixed cost. Other major drivers are in the areas of research and development, a fixed expense, and cost of revenues, a variable expense that primarily consists of personnel expenses.
Revenue Streams
Qualys has one revenue stream: revenues generated from the sale of subscriptions for its compliance and security solutions, which are delivered on the company’s cloud platform. Customers typically sign up for one-year renewable agreements which are paid at the start of the term. There are three types of plans:
- Express Lite – Targeted at small businesses. Allows a maximum of 256 network addresses and 25 web applications for scans.
- Express – Targeted at medium-sized businesses. Allows a maximum of 3,072 network addresses and 100 web applications for scans.
- Enterprise – Targeted at large businesses. Allows an unlimited number of network addresses and web applications for scans.