Insurance CIOs: How to Be Secure and Profitable in the Cloud
Insurers initially greeted cloud offerings with a measure of skepticism, limiting adoption to non-core capabilities because of the sensitivity of the policyholder data involved. But carriers are increasingly interested in taking advantage of the low initial investment and flexible use afforded by cloud solutions, and vendors have responded with an expanding range of options, including core insurance systems and related functionalities. How is the changing value proposition of cloud-related offerings influencing the kinds of solutions insurance CIOs are willing to put in the cloud, and how can carriers address the security concerns that cloud-based solutions present?
Maintaining ControlJohn Kellington (pictured right)
SVP, CIO, Cincinnati Insurance Companies (Fairfield, Ohio)
In general we have a keen interest in cloud-based solutions, whether internal or external clouds, due to the flexibility of deployment, improvements for workforce mobility and allowing our IT staff to focus on key business issues. We have much more comfort with core office capabilities such as email, unified communications, file-sharing and device backup in the cloud; however, there are concerns relating to applications, such as policy administration, claims, billing, reporting and warehousing.
To ensure that a cloud vendor has the appropriate security in place, we need to analyze how the vendor handles data boundaries between clients, access control, access to storage of data outside of the U.S. and intrusion prevention. A vendor's ability to monitor and report on access is critical. Other concerns with cloud-based offerings are server/network performance when integrating with non-cloud solutions, the ability to extract records for e-discovery, licensing-related issues, and what happens when/if the relationship with the cloud vendor terminates.