«

»

Oct 15 2012

Insuring clouds

Every body is running, very enthusiastically, towards cloud computing.  Sometimes, it reminds me lemmings.  I hope that I am wrong.  Let’s be positive.  Obviously, cloud computing will bring advantages.  Nevertheless, according to me, cloud security is only in its early infancy.

 

Thus, any cloud deployment should make a serious risk analysis (even if we have only a vague idea of the real threats).  When risks appear, insurance should also appear.

 

A company Cloud Insure seems to explore this new opportunity.

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment. In partnership with global insurance and reinsurance carriers, we’ve engineered privacy & security liability coverage to meet the needs of the Cloud Computing space for enterprise customers. Through our innovative underwriting models and proprietary analytics, we bring insurance solutions that move at the pace of Cloud technology.

Are you aware of other such companies?

2 comments

  1. Siegfried

    Hi Eric

    yes, for sure. I would personally fear most the risk that you put your data in the hands of somebody else.

    I remember when I worked on a UK “national grid” tender some years ago (not in Technicolor) that the UK government was forbidding to keep digital copies of their RFP on hard disks outside of the UK. Which was a real problem for us, because our corporate file servers obviously were not in the UK… and people outside of the UK had to work on the document. But I think in a certain sense, the UK were right with this kind of “requirement”.

    Now, if we are in the cloud… we often don’t know any more where our data actually is located. We often don’t know neither if the data center is well protected (physical access control as well as IT security comes to my mind). We also don’t know what the company who manages that data will become in the future… Nightmare scenarios are easy to depict.

    I guess the main mitigation against such risks is first of all to decide which data is sensitive and which is not, and for which duration one considers data as confidential. A movie I purchase today is not something i would consider particularly confidential. A photo I take today is however something I consider confidential. It might become less confidential in 20 years from now, or it might not. One problem is that sometimes we believe data is not valuable, but later on we will discover it actually is. Example, assume that facebook will store all IP addresses I connect from. Assume that Facebook also stores URLs of all pages I vist on which there is a “like” button (because that “like” button is actually an HTML code that downloads an image file from a facebook server, if we combine that with a database allowing to geolocalise IP address, they will know about all pages I visit). It means they will have a complete profile of where I was, and what I was interested in. I think this is the topic that people are just starting to understand: By crossing various data available, some data becomes more valuable.

    Can you “insure” yourself against that? I dont think so. How to decide who you can trust to manage your data will be the key question…

    Siegfried

  2. wunderbarb

    Siegfried,

    An insurance about the loss or misuse of personal data on the web? I am afraid that there is no insurance company silly enough to offer such a protection (at least at affordable price). The risk is far too high… The only solution is to use your common sense when deciding to post something on the net. I usually propose the following rule: “would you do it in the real physical world?”. If the answer is no, why should you do it in the digital world.

    Cloud Insure is for protecting the cloud provider or the application provider. It would be interesting how they treat the risks concerning privacy leakage of users.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>