Enterprising Developments

How One Insurer Signed Off on Cloud Security

Joe McKendrick
Insurance Experts' Forum, April 12, 2012

In many ways, cloud computing is seeping into the mainstream of the insurance industry. Such is the case with one insurer. Amazon Web Services, considered the premier vendor for off-site cloud services, is highlighting a recently published case study involving the insurer's first major foray into the cloud.

The carrier wanted to offer e-signature capabilities, and it seemed natural that the entire thing be delivered via the Internet. However, being as security-conscious as they are, application managers were concerned about the security and privacy aspects of such an offering. Documents containing sensitive customer information would be traveling out to a third-party cloud provider, which was, in this case, Amazon. Security and privacy are concerns holding back many carriers from fully embracing the cloud.

“The software-as-a-service solution would give us 100-percent electronic handling capabilities for getting policies signed,” says director of IT for the insurer. “But the business team looked to our department to make sure we could meet the privacy requirements. Our company has different data classifications, with customer names, addresses, social security numbers, and other personally identifiable information deemed highly sensitive and therefore more stringently protected. To license the e-signature solution, we had to be sure that sensitive data would be protected at a level that is acceptable to our internal compliance team.”

Before arriving at its decision to deploy, IT and security teams consulted a range of tests against the cloud-hosted software to ensure that breaches could not occur. The tests went well, but a major challenge was that Amazon security does not extend into the application layer. At this end of the process, the IT team employed another third-party security solution, Trend Micro SecureCloud, that enables the insurer's team to manage data security and encryption at the application layer.

The takeaway here is that companies need to stay in control of their own data security, no matter what type of cloud service—public, private or hybrid—is employed. Cloud service providers offer compelling new capabilities, but security starts—and stays—at home.

Now that the insurer is comfortable and experienced with a cloud application, there's no doubt there will be more cloud-based initiatives in the works for the carrier.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Is the Long March to IFRS Convergence Over?

Once a given, the adoption of a single set of accounting standards for the insurance industry is on hold.

So You Plan to Buy a Core System … Now What?

There are many questions for carriers to consider even before the implementation process begins.

What It Takes to Have a Tech-Savvy Workplace

The tools and technologies to build the next workplace are available, but not common yet in corporate settings.

Avoiding the Bermuda Triangle of Data

Handled poorly, questions around data ownership, data quality and data security can sidetrack big data conversations and alienate business stakeholders.

A Prototype of the Successful Innovation Leader

Celent research reveals the prototype for the successful senior innovation leader.

Global Supply Chain, Local Problem

As a technology provider, your client’s ability to deliver products and services to their customers, when and where they need them, is at the heart of their business success.