Let's face it, the insurance industry is all about risk, and the management thereof. Companies in this sector have a very high intolerance level for risky business—it's hardwired into their DNA. That's why, when cloud computing comes up in conversations, security and overall reliability pop up very quickly as concerns and, more often than not, are showstoppers.
I put this concern out to Bill Jefferis of
• Start slow and incrementally: “If an insurance organization is concerned about the possible risks, the best bet is to start out slow,” says Jefferis. “If you’re hesitant to jump right into infrastructure-as-a-service or communications-as-a-service, start by piloting a technology or application that is low-risk, and confined to one department of your organization.”
• Establish best practices policies from the start: “As with any new technology, setting down some guidelines, usage policies and best practices will help mitigate risk, and ensure you get the most out of cloud-based services,” Jefferis says.
• Make sure your cloud vendor follows best practices and policies: “If the provider offers the ability to track, monitor and control proprietary and confidential information inside and outside of normal business processes, risk is mitigated,” says Gatrell. Among those best practices are rich auditing, encryption and policy management options, he adds. “Claims, health care information and process exceptions require information that may not be easily automated due to the nature of the process and existing tools just won’t work.”
• Learn from other industries: “The risks, and for that matter, the benefits of cloud-computing services are no greater for insurance companies than they are for companies in related industries, such as health care and financial services,” Jefferis points out. “We have customers in each of these areas successfully utilizing hosted applications and technologies.”
• Control who can access the cloud offering: An added level of security comes from “the ability to limit access to users and groups,” Gatrell says.
• Provide ongoing employee training and education in security practices: “Often, it is the employees—not the technology—that exposes an organization to risk,” Jefferis says. “A major component of reducing this risk is educating and training employees on proper use of the cloud, and establishing policies and procedures for who at the insurance organization has access to the data."
Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.
Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on
