By Ryan Nichols
We’re seeing an interesting trend in our conversations with IT professionals about cloud computing. It’s becoming clear that many are really looking for 2 distinct things when they evaluate cloud technology. The first is the solution itself—secure, reliable access to all the features and functionality advertised. The second is something like an insurance policy to protect them if anything goes wrong. The problem is that when IT professionals can't get that type of insurance policy for their cloud solution, they worry that the solution itself isn't secure or reliable. This isn't the case, of course, and we wanted to spend some time exploring this topic of what you might call "Cloud Insurance."
Traditionally, of course, technology hasn’t come with any sort of insurance policy. When you buy a hard drive, there’s no insurance policy to cover the real business cost of losing data. You may get your money back (or at least a new hard drive) if the one you buy is defective, but no one is going to write you a check to compensate you for the productivity or data lost.
How do companies handle this risk with their technology? They take reasonable precautions to prevent the loss (e.g., encrypting data, making backups) and then do what is referred to as “self insurance.” They suck it up and get on with business.
Should we expect something different when storage is offered to us as a service in the cloud vs. as a physical product? Well, it might feel that way. I might feel as though I have less control over my data in the cloud because I can’t physically wrap my arms around it (although of course I have no idea what’s really going on behind the case of my hard drive either). It might feel as though I need assurances against this additional risk. And indeed we’ve heard CIO’s ask cloud providers whether their product includes an insurance policy—protection from what could go wrong.
But of course, cloud technology doesn’t come with an insurance policy, any more than on-premise technology does.
It’s important to realize that this doesn’t mean cloud technology lacks security or reliability. Salesforce, Amazon, and Google spend millions of dollars on security and reliability every year, and employ some of the best minds out there on these topics. Their business absolutely depends on delivering a service that exceeds the expectations of the most demanding enterprises in this regard. There is growing consensus that your data is probably safer in a leading cloud platform than it is in most on-premise data centers.
Cloud providers simply aren’t in the insurance business, any more than on-premise technology vendors are. And insurance isn’t always cheap. There is real risk associated with storing valuable information—something always can go wrong and there’s no way any technology provider would be able to offer an affordable solution if an insurance policy were always bundled in for free.
Of course, self-insurance isn’t cheap either, even when you are using on-premise technology. You just don’t really know the cost because you don’t really know the risk. Front-page headlines about companies losing their customers' credit cards almost always blame a misplaced or stolen laptop or rogue employee—not a problematic technology vendor.
Cloud technology makes it at least a little easier to identify the risk because you’re working with public, audited platforms. If you tell me the value of what you’re going to put in the cloud, how you’re going to build your solution, and the platforms you’ll use as infrastructure, it should be possible to give you a quote for what you might call “cloud insurance.”
Would the emergence of cloud insurance providers accelerate the adoption of cloud computing? Or will CIOs adopt “self-insurance,” as they have for on-premise technology? Only time will tell.
But one point is clear: You can’t get an insurance policy from a hard drive vendor. The fact that you can’t get an insurance policy from your cloud vendor doesn’t make that solution any less suitable for the enterprise.