Insurance CIOs: How to Be Secure and Profitable in the Cloud
Making Dollars and SenseAlfred Goxhaj (pictured right)
SVP, CIO, Philadelphia Insurance Companies (Bala Cynwyd, Pa.)
Security is a concern when it comes to cloud-based solutions, but the technology exists today to address even the most acute needs for privacy protections. While cloud solutions have become more secure, though, a careful evaluation is needed to ensure their efficiency. Here are some important considerations:
• Integration with the carrier's active directory, dual-factor authentication or identity management solutions is complicated; they may require additional investments to be made for specific utilities and tools.
• The above will need to be coupled with strong encryption solutions. All carrier-to-cloud messaging needs to be encrypted, and data needs to be encrypted at rest, in transition and for disposition.
• Additional architectural measures need to be put in place; data isolation is the most critical. Complete isolation will not only positively add to the business case, it will make it easier to move the solution in-house if the vendor fails to meet its service-level agreements.
• Cloud-based solution providers must be able to comply with and pass audits with the stringent requirements for financial transactions in various industry frameworks, such as SAS70, WebTrust and others.