Data Security
Risks and Rewards of the Cloud
The cloud — a technology that allows users to access and use files and applications over the Internet, rather than having them stored on a local drive — is a concept that has been debated in insurance IT circles for some time now.
Cloud computing offers a number of advantages, not the least of which is that data and applications stored elsewhere don’t take up valuable storage space on hard drives or other media. In larger enterprises, this may mean a significant reduction in technology infrastructure and its attendant costs.
Cloud storage agreements also remove the sometimes onerous task of updating software applications, as well as making administrative changes over the life of the application. Some would argue that these and other benefits give cloud users a great deal of flexibility in their IT operations.
This technology also comes with some drawbacks, however, and the biggest challenge may be in the area of data security. Insurers are in the business of selling — among other things — peace of mind to their insureds. Insurer A can’t afford to be in the same position as, say, Target, when it comes to keeping its customers’ data safe from unauthorized access and use.
Cloud computing is more risky because data — and applications that may provide a path to that data — reside on the Internet and, as most teenagers know, virtually nothing that resides on the Internet is 100 percent secure.
Cloud providers, on the other hand, correctly point out that it is in their best interests to provide top-flight security to their customers, and many do so. A skeptic might add, however, that no enterprise is completely invulnerable to attack.
And when we consider the huge amount of confidential and identifying data that is housed in insurance systems, it seems much wiser to at least keep all mission-critical applications in-house, where data are better protected.
As noted, however, cloud computing offers a number of key advantages to its users, so it should come as no surprise that even security applications are now available as cloud offerings.
One company, for example, publicizes that it is “the only cloud-based mobile security solution built for enterprises to secure sensitive company data, evaluate mobile applications and block advanced threats.” The company claims to provide users with “unrivaled insight into … malicious threats in order to keep sensitive data safe, control costs and comply with regulations.”
The company adds that its solutions are completely hosted in the cloud, requiring no on-premise software, thus making deployment easy and affordable. In short, offerings such as this bring the advantages of cloud computing to the very systems that are designed to protect our enterprises.
So, is it a wise idea to put our key security applications in the cloud? Consider for a moment the idea — endorsed by many experts — that truly sensitive applications and data are probably not best placed on the Internet. What application, then, would be more critical, and sensitive, than an insurer’s security systems?
In the end, this decision comes down to an interesting risk-reward scenario.
It is probably true that cloud-based security will offer a number of advantages, including speed, lower cost of operation and maintenance, and storage device savings. It is equally true, however, that the insurer is taking a gamble on the strength and effectiveness of the cloud provider’s security systems.