Insurers May Not Fully Embrace Cloud, But They Can Help Protect It

jmckendrick.jpg

In a post last month, I talked about issues that may hold insurance companies back from fully embracing the cloud computing model for various parts of their businesses, especially where complex workflow transactions are involved.

However, there is a vast business opportunity in cloud computing for the industry, one that will play a vital role in building confidence in this emerging computing model. The Hartford, for example, now offers insurance to companies using cloud-based services.

Drew Bartkiewicz, who carries the very cool-sounding title of “vice president of cyber risk and new media markets,” at The Hartford, recently spoke on these issues at the recent Cloud Summit, and his talk was covered by InformationWeek’s Bob Evans and ebizQ’s Brenda Michelson.

It may sound like Bartkiewicz has a fun job, but his task is deadly serious. Many companies aren’t fully aware yet of the risks in the cloud and Web 2.0 models, where data is exchanged between sites and users that may be beyond the control of cloud providers and their clients. Bartkiewicz runs the business line that insures cloud operators, and eventually cloud consumers. (Their Web site is
www.hfpcyberchoice.com/cyber/index.htm.)

As Bob Evans put it, Bartkiewicz put things into perspective, maintaining a “sharp focus not so much the technical sides of cloud computing's security challenges, nor the over dramatized hand-wringing of Google being down for a few hours, but rather the huge legal exposure that exists and the glaring lack of awareness about those laws …”

Bartkiewicz spoke of the need for businesses to protect themselves against "information malpractice." Cloud computing advances are “outpacing CIOs, acquisition directors, lawyers and legislators ability to interpret, protect against and regulate the associated risks.”

For example, if one customer creates problems, and causes issues for other tenants, the cloud operator can be held responsible. Of course, this could wreak havoc on the financial viability of the cloud vendor. There are other numerous privacy and data security laws and regulations that play into the equation as well.

“Many companies have such glaring holes in what they know about the large and growing body of law and regulations around privacy and information-retention and archiving and FRCP at all levels of government and across more and more industries, we often hear clients who are being sued say things like, 'I had no idea there was a rogue employee working in the cloud' or 'I had no idea we had to inform people in 48 states every time we do this or that' or 'I didn't know you couldn't do contextual advertising in Germany' —right, and that's because over there they call it 'surveillance," Bartkiewicz said.

Don’t turn to traditional errors & omissions policies to cover liability issues among cloud providers either, Bartkiewicz cautioned. These policies don’t always cover E&O by third-party providers, such as cloud operators, or impacts on non-clients. “For example, if your mistake damages multi-tenant cloud, you've created an error for people you don't have any relationship with.

"Traditional insurance was created for a world that no longer exists," Bartkiewicz said.

For more details about the risks of the cloud and Web 2.0 model, check out this video podcas , in which Bartkiewicz spoke with Joshua-Michéle Ross earlier this year.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology. He can be reached at joe@mckendrickresearch.com.


The comments made by bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

For reprint and licensing requests for this article, click here.
Core systems Analytics Security risk Data security Data and information management Policy adminstration
MORE FROM DIGITAL INSURANCE