Insurers keep an eye on cloud security threats

Data loss is possible anywhere, including in the networks of cloud computing providers, but the unique challenges there are significant enough that they are getting a special look from insurers.

For one, The Hartford has a dedicated insurance offering called CyberChoice that pays off if failure of the IT infrastructure results in liability for loss of personal information, intellectual property and the like. The insurance pays for investigation of the failure and payment of the costs of notifying customers if there is a reportable breach.

Passing the insurance company’s test of whether to insure a business is not easy, says Drew Bartkiewicz, vice president of technology and new media markets for The Hartford. Only a very few corporations – mostly Fortune 500 – even apply for the insurance, and of those who do, two thirds are turned away for coverage because they don’t live up to the requirements.

This rejection rate is for all networks, not just cloud service provider networks, but the risks there are at least as serious and even more uncertain, he says. “Cloud technology is ahead of our ability to understand the risks,” Bartkiewicz says.

The draw is so strong for economics and flexibility that risk may be overlooked or not weighed as seriously as it should be, he says. This gives rise to a whole new glossary of legal terms that could leave IT executives on the short end of the stick, such as information malpractice. He says he can imagine lawsuits claiming businesses failed to adequately protect data because they were cheap, naïve or cavalier about regulatory constraints, for instance, and then placing that data in a cloud without adequately checking its security.

The upshot of all this is that Bartkiewicz predicts that cloud service providers will emerge that design their networks to meet the constraints of particular regulations – HIPAA, PCI, Sarbanes-Oxley, etc. These specialists will both draw customers from particular industries, they will also develop cloud architectures that can pass muster for liability, he says.

If this model pans out it will give a strong profit motive to the rapid development of best practices that could become cloud standards.

Learn more about this topic

Cloud computing, demystified

Cloud management wares on display at Interop

Cloud security guarantees?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.