Insurance CIOs: How to Be Secure and Profitable in the Cloud
Building TrustFrank Petersmark (pictured right)
CIO Advocate, X by 2 (Farmington Hills, Mich.)
Security has been the main reason for not jumping into the cloud, but it is hard to imagine that vendors that have invested multi-millions of dollars into a cloud platform would skimp on the security aspects. More likely, the security excuse was always a bit of a smoke screen for something that insurance CIOs don't like to give up: control. When systems or platforms are migrated to the cloud, the carrier IT division loses some control in terms of performance, functionality and customization.
In general, carriers have been reluctant to give up such control, but the maturity of cloud services, combined with an ongoing push toward affordability, are changing that posture on the part of carriers. The security capabilities are there, so it is less a matter of technology improvements than it is education and confidence. Cloud vendors need to do a better job of educating potential customers on their security improvements and capabilities.
One thing that would help is for cloud providers to give customers a set of tools they could use to manage their security settings and postures for cloud-based applications. This would help build the confidence and trust needed by carriers to begin to move some of their core applications to the cloud. Cloud providers also need to be more responsive to the security concerns (real or imagined) of carriers. This goes back to control: It's not that cloud security is weak; it's more that carriers aren't able to be hands-on with their own information and access security.