Insurers, feeling insecure about Cloud security?
The word Cloud has now become the most over-hyped, misused and misunderstood concept in the current world of technology. It has been hailed as the answer to all problems as well as being the source of all issues. One of the biggest misapprehensions around Cloud is that you cannot store secure data in anything labelled Cloud. The insurance industry, as well as other financial organisations, are reticent around adopting Cloud. This is partly down to a lack of clarity and a cohesive message around what the security can look like that would protect their data.
Due to the nature of the insurance industry with all the back-end services that are required to run such a service, the multiple access points, online quotes, claim processing and enquiries coming in, the traditional IT model struggles to cope with the varying demand placed upon it. This is an ideal scenario for Cloud to come into its own.
With no massive upfront CAPEX investment, and costs based on OPEX and consumption based compute with active management, huge savings can be made in an industry under constant pressure to lower costs and be more competitive.
Absence of Standardisation
One of the key issues facing clients as well as Cloud Service Providers is that there is no accepted standard to apply to Cloud security. Recommendations stem from ISO27001, which does not address Cloud specific concerns, to an extensive questionnaire published by CSA to security experts dictating the same rules apply to the Cloud as they do to an on premise data centre.
With no one shared view, service providers are being left to form their own model of what a secure Cloud looks like and this is causing confusion and indecision amongst the privy data community.
How to find the right supplier
It is important to recognise the distinction between the suppliers who claim to do security and those who know security. Look for experienced providers in non-Cloud supply. How have they faired and what kind of industries do they provide solutions to. Some of the same challenges and dangers apply to both on premise and Cloud solutions. Data has to be secure wherever it resides - a good supplier understands that and can provide the right solution.
It is vital that the supplier needs to have a strong record in the insurance or finance markets, Cloud is simply compute, the value is the expertise suppliers or service providers can leverage over the top, create tangible benefits to an Insurer.
Where do the biggest threats come from?
With the tightest security procedures surrounding the modern data centre, including being bomb proof, intruder proof, measures around access to systems, fulfilment of security compliance standards; to encryption at rest and in transit of data held within those data centres, data tied down to a location and many other measures, it is difficult to see how even the most sophisticated of hackers can access sensitive data.
According to latest research, the main source of data breaches will emanate from the end user. An easily hacked password, a link clicked in an unsolicited email or an intrusion can bypass the internal structure from an external contractor all the way into the corporation’s critical systems.
Even though technology enabled security solutions need to be tailored for a Cloud based offering, the basic security awareness of the end users need to be strengthened as they would for any technology set up.
The challenge ahead
The biggest challenge for Cloud suppliers and Cloud brokers is to break down the myths around Cloud security. Without good clear evidence of providing a secure platform for their established clients, suppliers and brokers will not win that war.
This is the advantage the established service providers to the financial industries have over the new kids on the block. Combining experience with the flexibility and adaptive new technologies, service providers can take the lead in shaping the standards and providing the kind of security their clients want and expect.
The challenge for insurance and other financial corporations is to go slow. Use the advantages of a Cloud solution to exploit the elasticity and availability of services to support dynamic go to market strategies and development of new products. Then once confidence levels have increased, the adoption of Cloud to run critical systems will come, transforming their cost base allowing them to transform their business.
Author: Anthony Adair, Head IMS Technology & Strategy