Banking

Cloud insurance for ramping up cloud adoption

Aditi Roy Ghatak reports on the new concept of "cloud insurance" that would compensate a company for any business lost due to a cloud failure. Gimmick or good idea?

"If you're worried about security, I would ask: Do you keep your money under your mattress? We keep our money in banks because it's safer, and not just physically. A lot of the safety comes from the idea that the bank deposits are insured." - Alexander Pasik, CIO at the IEEE, comparing cloud service providers to banks.

Along with the regular features taken into consideration while evaluating a cloud technology platform - security, agility, reliability, and accessibility - by the CIOs, there is also a rising demand for an insurance policy to cover up for the potential losses in the event of a failure.

Cloud insurance is a way towards enterprise risk management wherein, there is a promise of financial compensation in case a failure occurs by the cloud service provider. The insurance may be included as part of a service level agreement with the cloud provider or may be purchased separately through a third-party insurance company working with the provider, since the cloud providers are often fairly small start-ups and damage done to them by a security breach can be fatal.

There are multiple reasons to account for the skeptical attitude of traditional IT shops towards switching to cloud services. Cloud gives the user less control over his/ her own data, meaning that the software developer or provider may be the only line of defense for the information. There are risks that developers and data/application hosts should keep in mind. Some public cloud providers offer remuneration for time lost when a system is down, but not for the business that is lost while the cloud service is unavailable. A cloud insurance policy would cover the loss of potential business in the event of downtime.

For instance, CloudInsure is a cloud insurance platform designed to specifically address emerging liabilities within the cloud environment, offering the underwriting strategy and critical evaluation needed to support full enterprise adoption to the cloud. These cloud insurance platforms / providers assess the different risk landscapes across cloud service providers. The underwriting result is completely unique to the enterprise in terms of their data risk profile, provider, and choice of cloud environment: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) or Software as a Service (SaaS).

Another approach to tackle cloud insurance involves data backup without any sort of financial remuneration. In this case, a third-party service provider periodically takes snapshots of the provider's cloud environment, including data and applications. This is viable for backing up data that is not sensitive but is still valuable, such as photographs and video.

The cloud buzz has been around for quite some time now, and although it may seem like shifting to cloud is more commonplace, the reality is that cloud migration is more measured. A worldwide survey of IT professionals, conducted by Cisco, stated that not only does it take about six months to deploy a cloud application, but a fair number said they would be more likely to see a UFO in the next six months than they were to complete a cloud migration project.

While making a choice towards cloud migration, it is important to understand that the idea of cloud insurance cannot be inferred as cloud technology lacking security or reliability. Salesforce, Amazon, and Google spend huge amount of time and effort on security and reliability every year, and stake their reputations on it. At the same time, there is a growing consensus that data is probably safer in a leading cloud platform, than it is in most on-premise data centers.

What do you think about the idea of "cloud insurance?"

2 comments
mark1408
mark1408

...before adopting a system that had such risks as to require a special insurance policy on top of my existing business insurance. My company has a cloud-based project but we're relying on our own risk assessment and risk mitigation measures, together with the measures taken by the cloud provider. Seems to me this is analogous to when you take out travel insurance but certain high-risk sports are excluded. Sure, you can buy special insurance for those activities but is that really a good way to run a business? It's certainly good news for insurance companies :-)

Dyalect
Dyalect

And now we are getting insurance for it! Security breaches here we come.

Editor's Picks