Enterprising Developments

A Second, and Third, Look at Cloud Security

Joe McKendrick
Insurance Experts' Forum, August 15, 2012

For insurance companies, the cloud poses some difficult questions. While the value proposition of cloud is enticing—providing pay-as-you-go capabilities and freeing up resources away from data center maintenance—security has been a sticking point. For the highly risk-conscious insurance industry (who are in the risk business, after all), there has been no shortage of debate about this new IT deployment model.

Overall, across all industry groups, many organizations are going full-steam into cloud—a new study finds that 82 percent of organizations already transfer, or plan to transfer, sensitive or confidential data into the cloud environment. While it's not clear where insurance companies stand within this global study of 4,000 business and IT managers, I’m willing to bet the percentage is quite lower than the average. The survey was recently conducted by the Ponemon Institute and commissioned by Thales.

Overall, companies don't seem to be too worried. Only a minority say cloud presents major security issues: 39 percent of respondents believe cloud adoption has decreased their companies’ security posture. In addition, 64 percent say they rely on their cloud vendor to get security right. Is this a cue for insurance IT managers to relax their concerns about data security as well?

The best approach may be to recognize that the cloud is a resource that offers great advantages, but security is still a process—an obsession—that needs to remains with the customer—no matter how much vendors promise. Recently, when I have spoken with insurance company CIOs about cloud, there has generally been enthusiasm about what the cloud can offer, as well as a willingness to dig deep to understand how the cloud provider addresses security. Abiding by standards such as SAS-70 is positive, but doesn't tell the whole story.

In preparing a special report for INN on cloud, I spoke with Richard Hallman, CIO of Employers about the cloud security challenge. Do your homework thoroughly, and don’t accept assurances at face value, he advises.

“You need to understand your vendor's security model,” Hallman says. “You need to understand beyond their SAS-70, because SAS-70 is very limited in what they review from a security perspective. You need to have a better-detailed assessment on their internal procedures, their operations and their technical approaches... They’re a part of your staff, they’re a part of your overall business model, and you need to make sure that you have reliability and confidence.”

Still, other industry observers say we've come a long way in a short time with cloud security. As Stanton Jones, analyst with Information Services Group put it: Cloud security has matured greatly over the past one-to-two years, and furthermore, it's getting to the point where data may be more secure in the hands of an outside cloud provider than an internal IT department. "Major cloud providers know security is their business. If they can't prove that they have a secure platform, then they have no business," he says. "Not only are IT organizations getting more comfortable with cloud, I think sometimes they're finding that they're looking at their own operations and realizing that the cloud provider has a better security architecture and a better security footprint than they do."

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Digital Vision vs. Harsh Reality

Much work remains to reconcile insurers' digital vision with the digital reality that seems to be arriving for other industries.

Vendors Embrace Mobile Technology

IT leaders at software firms clearly recognize the importance of mobility to drive their businesses forward. Almost 70 percent see mobility as mission critical or important to their organization today.

Big Data Is Paying Off

Insurers are getting business benefit out of their big data projects, but these projects alone won't grow their business.

What Can Insurers Learn from Home Depot?

The latest cyber-attack highlights the importance of helping policy holders defend themselves.

Not Your Father’s Insurance Company

Carriers need to look at new and impactful ways to be there for their customers.

How to Attract Top Tech Talent

When it comes to rankings of the best places to work, insurers are few and far between. Here’s what those who make the lists do to appeal to IT professionals.