Insurance CIOs: How to Be Secure and Profitable in the Cloud

Many insurers remain cautious about cloud-based capabilities. But many are enjoying the undeniable benefits of externally hosted software through appropriate control and security measures.

Making Dollars and Sense

Alfred Goxhaj (pictured right)
SVP, CIO, Philadelphia Insurance Companies (Bala Cynwyd, Pa.)

Security is a concern when it comes to cloud-based solutions, but the technology exists today to address even the most acute needs for privacy protections. While cloud solutions have become more secure, though, a careful evaluation is needed to ensure their efficiency. Here are some important considerations:

• Integration with the carrier's active directory, dual-factor authentication or identity management solutions is complicated; they may require additional investments to be made for specific utilities and tools.

• The above will need to be coupled with strong encryption solutions. All carrier-to-cloud messaging needs to be encrypted, and data needs to be encrypted at rest, in transition and for disposition.

• Additional architectural measures need to be put in place; data isolation is the most critical. Complete isolation will not only positively add to the business case, it will make it easier to move the solution in-house if the vendor fails to meet its service-level agreements.

• Cloud-based solution providers must be able to comply with and pass audits with the stringent requirements for financial transactions in various industry frameworks, such as SAS70, WebTrust and others.

Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio