With digital transformation a term most will be familiar with now, we could say with some certainty that many industries have either already adopted or are in the process of migrating to cloud technology. Yet, the insurance sector is one industry in particular that is still in its infancy when moving to the cloud. In fact, recent studies show that while 70% of insurance providers are using the cloud, the majority are only using partial elements and are not deploying comprehensive cloud solutions throughout the entire enterprise.
Why would this be the case, you might ask? The value and efficiency of cloud services certainly are not in question. The reason for this situation encompasses two areas of concern: security and misunderstandings.
While cloud services have brought in a new wave of functions and processes in how data is being used, security for 65% of insurance providers continues to be a major concern. Given that lapses in security will lead to breaches of data, and further considering that in this insurance context this data is extremely personal and therefore valuable, CISOs are constantly searching for options to mitigate risk and protect the enterprise and the sensitive information stored within their systems. With such valuable data making up the bulk of their datasets, some CISOs in the insurance industry may wish to utilise hybrid environments in which some (usually more sensitive) data remains on premise while the remainder winds up in the cloud. Also, many business leaders may want to avoid being tied to one cloud provider and so will leverage multiple cloud services to fit their needs; after all, many options are certainly available.
However, we need to point out that numerous faulty assumptions, misunderstandings, or misconceptions as to how the cloud operates are prevalent in the industry. Shifting to the cloud requires a degree of precision, thought, and security when migrating operations from legacy systems to the cloud services.
Furthermore, moving to the cloud also means organisations will be increasing their digital attack surface due to the very distributed nature of cloud, and we’ve all witnessed the unfortunate outcomes when attackers have successfully targeted cloud databases, leaving data precariously exposed and unprotected. Investigations have shown situations in which enterprise cloud data was not protected adequately and, shockingly in some cases, not protected at all. This does not breed confidence from customers, and in the worst case, this oversight is regulated by various data protection laws, with stiff fines, potential sanctions, and brand and reputational damage as the resultant punishment. As a minimum, organisations must enable the basic security options provided by their chosen cloud provider. To take the next step in securing data properly and effectively, though, CISOs must deploy additional layers of security, with the most sensible and important being a data-centric security solution that not only protects the data but also allows the storage, analysis, and transfer of that information regardless of where it is located in the cloud.
It is a process
Migrating to the cloud is a constant journey with the intended benefits and return on investment of the cloud achievable over time rather than instantaneously upon cloud adoption. Reduced IT costs, faster speed-to-market, more efficient service levels – you should have no doubt that the cloud will accelerate innovation across every industry, including insurance. This will certainly continue to be the case with one strong caveat: data security cannot ever be considered an afterthought or something to be dealt with in the future. The time for the insurance industry to address data security is now.
*** This is a Security Bloggers Network syndicated blog from comforte Insights authored by Thomas Stoesser. Read the original post at: https://insights.comforte.com/insurance-ciso-concerns-with-cloud-migration