Insuring the Cloud

Early in 2010, I was introduced to Michael Abrahamsson. Michael is the CEO of Ilait, a market leading cloud computing and hosting wholesaler based in Sweden and a Board Member of Eurocloud. Iliat was looking into expansion and deployment of their services into the US and Michael had been referred to me for assistance with placing insurance. Working with Michael and uncovering some of their issues allowed me an opportunity to dive deeply into risk associated with cloud computing and the challenges this exposure could bring.
Insuring cloud computing exposures can be difficult for several reasons, beginning with underwriters who may not be familiar with or understand the nuances of this technological development. Nevertheless, both providers and users of cloud computing are exposed to risks that require careful consideration and appropriate risk management.
Cloud computing providers’ services typically consist of Software as a Service (SaaS), utility computing, web services, platform as service, managed service providers, service commerce platforms, and internet integration. In a 2010 report from the Cloud Security Alliance the most significant threats to cloud computing providers were:

Abuse and Nefarious Use of Cloud Computing

Insecure Application Programming Interfaces

Malicious Insiders

Shared Technology Vulnerabilities

Data Loss/Leakage

Account Service & Traffic Hijacking

Unknown Risk Profile

These are many of the same exposures to risk shared by most technology organizations, but the nebulous nature of cloud computing makes loss mitigation a challenge. Exposure to loss comes in the form of business interruption/service interruption, data privacy breach/loss, and other financial loss due to the performance of service/product. Insuring a provider of cloud computing services can be extremely difficult. Communicating how an organization effectively manages their risks is what enables Parker Smith & Feek to offer our clients the most competitive premiums available.
In addition to providers, cloud computing users also have substantial exposures to loss. First, it is critical to understand that outsourcing cloud computing services is not the same as outsourcing or transferring risk. Secondly, service contracts may include a hold harmless provision within the indemnity agreement that strongly favors the service provider. Furthermore, it may be difficult to require adequate professional liability/E&O insurance limits from the provider, given the significant number of parties that may be affected by a provider loss. Finally, a user organization will be held responsible for State and Federal Laws related to data privacy and compliance to HIPAA, SOX, PCI and FISMA (for more information on data privacy you can read my article here).
Given the multiple and significant exposures to loss, it is important that users understand and address those exposures through risk management solutions that may include contractual transfer of risk and/or insurance coverage. An indemnity agreement written or approved by legal counsel is the first step to a strong risk management strategy. If the user is responsible for PII (Personal Identifiable Information), a comprehensive data privacy insurance policy should be seriously considered. Of course, is also important to select a cloud computing service provider with strong security controls in place. Risk management, including the implementation of strong contractual risk transfer, will help facilitate insurance placement and lower insurance costs for insuring cloud exposures.
Cloud computing is here to stay. The scalability, cost, and efficiency factors will inevitably lead to greater use. Unfortunately, due to the significant amount of data being computed/ stored within the cloud, it will always be a target of fraud and abuse. Taking the proper steps to mitigate potential loss – transferring risk contractually and/or through insurance coverage – will not only reduce risk to an organization’s balance sheet. It will also make it much safer to harness the power of the cloud.

Read more

My New Year’s Resolutions

New Year’s resolutions are a tradition in our house. For years we have all shared our personal resolutions – goals, dreams, minor objectives we each had for the coming year. Some fairly ethereal, some specific and measured. More than anything, it was a chance for us to engage as a family and talk about the previous year and what it was we wanted to change or improve.
We had a good time doing that again this year, and as our children have gotten older (now 30 and 26) naturally, their resolutions have changed as well. While it wouldn’t be appropriate for me to share theirs, but I thought I would pass along mine. That way, those who know me can help me see that I make progress!
A realization I have had is that I seem more distracted, especially to my family – less in the moment as my wife has said. This isn’t a recent comment, but something that has gradually increased over time. Part of the challenge seems to be that I spend so much time looking backward and forward – somewhat the nature of business, I suppose. The backward gaze comes from trying to interpret monthly, quarterly and annual business performance, determining what history is so that it can be communicated, explained, and adjustments can be made for improvement. (I’m also someone who spends too much time reviewing personal mistakes or transgressions.) The forward looking time involves the continual planning and projecting that goes on in business where inevitably your calendar stretches out months ahead of you and your strategic plan years.
What can be lost is the now. What’s happening right now and do you take the time to focus on it, to enjoy it, and to be in the moment as a leader, colleague, father and husband? That’s what I have determined I want and need to do better. So, here are my self-imposed guidelines for doing a better job of living in the moment.

Failure is a part of life. If you don’t ever fail you aren’t challenging yourself. Accept that it will occur and when it does accept it, own it, fix it (to the extent you can) and move one. ‘Now’ needs your attention.

It is critical to plan for the future. We all need to know where we are going. But, don’t let your calendar rule your life. Leave plenty of ‘white space’ each week so that you can do critical thinking, stay current on your reading, and just walk around and engage your colleagues and your family. Don’t over plan your life.

Living in the moment. What are the keys to doing this effectively?

a. Practice active listening. When you do engage someone at work or home – do it completely. Focus on them, remove all distractions (turn off your phone, the TV, etc) and listen! Good listening also means you ask lots of questions – clarifying questions that allow you to better understand what is being told to you, what’s important, and to get at the root of the issue – which often doesn’t immediately present itself. Don’t jump to conclusions or immediately rush to problem solving.
b. View each encounter you have with the knowledge that learning is going on. What do you want to learn about, what is it that you are hearing, and when you are communicating, what learning are you conveying? What’s your voice tone and body language and what are those physical manifestations telling people that may be in contrast to your words?
c. Practice predictability and remove volatility from your communications. To be in the moment you need to have family, friends and colleagues able to communicate with you without undue fear of your reaction. See a and b above.
d. Finally – enjoy. This is as simple, and as difficult, as just looking around and appreciating that each moment is unique. You will never have this exact experience again.
Here’s to successful completion of your resolutions for 2011.

Read more