By Ryan Nichols
We’re seeing an interesting trend in our conversations with IT professionals about cloud computing. It’s becoming clear that many are really looking for 2 distinct things when they evaluate cloud technology. The first is the solution itself—secure, reliable access to all the features and functionality advertised. The second is something like an insurance policy to protect them if anything goes wrong. The problem is that when IT professionals can't get that type of insurance policy for their cloud solution, they worry that the solution itself isn't secure or reliable. This isn't the case, of course, and we wanted to spend some time exploring this topic of what you might call "Cloud Insurance."
Traditionally, of course, technology hasn’t come with any sort of insurance policy. When you buy a hard drive, there’s no insurance policy to cover the real business cost of losing data. You may get your money back (or at least a new hard drive) if the one you buy is defective, but no one is going to write you a check to compensate you for the productivity or data lost.
How do companies handle this risk with their technology? They take reasonable precautions to prevent the loss (e.g., encrypting data, making backups) and then do what is referred to as “self insurance.” They suck it up and get on with business.
Should we expect something different when storage is offered to us as a service in the cloud vs. as a physical product? Well, it might feel that way. I might feel as though I have less control over my data in the cloud because I can’t physically wrap my arms around it (although of course I have no idea what’s really going on behind the case of my hard drive either). It might feel as though I need assurances against this additional risk. And indeed we’ve heard CIO’s ask cloud providers whether their product includes an insurance policy—protection from what could go wrong.
But of course, cloud technology doesn’t come with an insurance policy, any more than on-premise technology does.
It’s important to realize that this doesn’t mean cloud technology lacks security or reliability. Salesforce, Amazon, and Google spend millions of dollars on security and reliability every year, and employ some of the best minds out there on these topics. Their business absolutely depends on delivering a service that exceeds the expectations of the most demanding enterprises in this regard. There is growing consensus that your data is probably safer in a leading cloud platform than it is in most on-premise data centers.
Cloud providers simply aren’t in the insurance business, any more than on-premise technology vendors are. And insurance isn’t always cheap. There is real risk associated with storing valuable information—something always can go wrong and there’s no way any technology provider would be able to offer an affordable solution if an insurance policy were always bundled in for free.
Of course, self-insurance isn’t cheap either, even when you are using on-premise technology. You just don’t really know the cost because you don’t really know the risk. Front-page headlines about companies losing their customers' credit cards almost always blame a misplaced or stolen laptop or rogue employee—not a problematic technology vendor.
Cloud technology makes it at least a little easier to identify the risk because you’re working with public, audited platforms. If you tell me the value of what you’re going to put in the cloud, how you’re going to build your solution, and the platforms you’ll use as infrastructure, it should be possible to give you a quote for what you might call “cloud insurance.”
Would the emergence of cloud insurance providers accelerate the adoption of cloud computing? Or will CIOs adopt “self-insurance,” as they have for on-premise technology? Only time will tell.
But one point is clear: You can’t get an insurance policy from a hard drive vendor. The fact that you can’t get an insurance policy from your cloud vendor doesn’t make that solution any less suitable for the enterprise.
This is a very interesting article. Thanks for explaining what "cloud insurance" is.
ReplyDeleteThis is the most well articulated article I've read on this topic. I hope this clears up a lot of FUD on the topic of "Cloud Insurance".
ReplyDeleteRyan,
ReplyDeletegreat article. it is interesting the cloud vendors are somehow held to higher standard than in-house infrastructure.
Spot on article, I've just written something similar, just 18 months behind you. And I hadn't considered the parallel with hardware provision.
ReplyDeleteThere's an obvious gap here. It wouldn't take much effort for one of the big cloud providers to work with some insurers such that the insurers felt comfortable underwriting policies based on traditional SLA type metrics. Such policies could then either be sold separately off the shelf by insurers, or bundled into the cost of the cloud service by the providers.
I haven't yet seen anyone offer this service, but there is definitely an opportunity.
Ryan,
ReplyDeleteGreat article.
Simon, we offer the very service you mention, glad you asked!
www.cloudinsure.com
In fact, we were just named one of the Top 10 Cloud Start-Ups in Silicon Valley last week -
http://bit.ly/h6UmyP
@CloudInsure
Hi Meghan, Simon-- thanks for your comments. Great article, Simon... and very interesting to see this space heat up!
ReplyDeleteMeghan, very interested to learn more about CloudInsture... we continue to see most of our enterprise clients "self-insure." Can you give an example of how an enterprise has used you to insure against a specific cloud risk?
Ryan
That's how I reasoned about it:
ReplyDeleteWho are you? - You're a cloud user.
How do you use the cloud? - You don't mess anymore with infrastructure headache. You run your app and make profit of it.
Why do people pay you? - Because your app is meant to solve their specific problems conserving their privacy.
When the cloud service lose YOUR data is when YOU lose your CLIENTS and THEIR DATA.
Now, what is the cloud insurance?
For sure, in case of a failure many angry clients will try to sue the cloud app owner.
What is the price to be paid?
Any bank has a vault, which is a safe storage for PRIVATE stuff, so it is not known what's inside neither the price of an asset. In cloud case it is the same situation. You can't disclose the private information of your users.
Therefore, you will only lose the clients according to your EULA. Nobody (IMHO) is able to sue your company due to the private nature of the lost data.
Ryan,
ReplyDeleteThanks for the question. Short and simple, our clients insure their data at the point of sale into the cloud. We underwrite the cloud on behalf of insurance companies. Everyone wins. Clients can insure their sensitive data against economic loss or outage and the Insurance companies are able to underwrite a large (cloud) infrastructure at a manageable, digestible level.
Very simply, CloudInsure compartmentalizes the risk away from the systemic risks the clouds face of carrying everyone's liabilities (i.e. sensitive data and resulting costs/penalties associated with losing data) and cloud users are offered an alternative to "TRUST" or hard-to-enforce SLA uptime guarantees. CloudInsure covers the economic loss of reliance on technology against the failure of technology. Meaning, if you only pay, say $10 to use a cloud but have a $1,000 income or economic loss due to a cloud outage or data leak, CloudInsure is an insurance product that is designed to cover the "gray" area between the SLA credit's and the actual loss faced by the consumers. (i.e. state notification fees and requirements, gov't fines/fees/ penalties, HiTech fines, e-commerce loss due to a dark website, ect.)
We were actually just in allthingsD and The WSJ Europe if you'd like to read further:
http://blogs.wsj.com/tech-europe/2011/03/17/are-cloud-companies-in-denial-about-risk/
Feel free to contact us directly at info@cloudinsure or visit our site www.cloudinsure.com
Meghan