I put this concern out to Bill Jeffries of Evolve IP, and Jon Gatrell of Stonebranch/Scribbos — two people immersed in the cloud business—and got some words of advice for insurance-sector executives looking to explore the cloud realm.
Start slow and incrementally: “If an insurance organization is concerned about the possible risks, the best bet is to start out slow,” says Jeffries. “If you’re hesitant to jump right into infrastructure-as-a-service or communications-as-a-service, start by piloting a technology or application that is low-risk, and confined to one department of your organization.”
Establish best practices policies from the start: “As with any new technology, setting down some guidelines, usage policies and best practices will help mitigate risk, and ensure you get the most out of cloud-based services,” Jeffries says.
Make sure your cloud vendor follows best practices and policies: “If the provider offers the ability to track, monitor and control proprietary and confidential information inside and outside of normal business processes, risk is mitigated,” says Gatrell. Among those best practices are rich auditing, encryption and policy management options, he adds. “Claims, health care information and process exceptions require information that may not be easily automated due to the nature of the process and existing tools just won’t work.”
Learn from other industries: “The risks, and for that matter, the benefits of cloud-computing services are no greater for insurance companies than they are for companies in related industries, such as health care and financial services,” Jeffries points out. “We have customers in each of these areas successfully utilizing hosted applications and technologies.”
Control who can access the cloud offering: An added level of security comes from “the ability to limit access to users and groups,” Gatrell says.
Provide ongoing employee training and education in security practices: “Often, it is the employees—not the technology—that exposes an organization to risk,” Jeffries says. “A major component of reducing this risk is educating and training employees on proper use of the cloud, and establishing policies and procedures for who at the insurance organization has access to the data."
Visit InsuranceNetworking.com to comment.
Joe McKendrick is an independent consultant, author, blogger and frequent contributor to Insurance Networking News specializing in information technology. He can be reached at joe@mckendrickresearch.com.
Be the first to comment on this post using the section below.