The introduction of insurance for CSPs recognises value of customer data

But end users must assume ultimate responsibility, warns CIF.

The introduction of liability insurance for Cloud Service Providers (CSPs) would be an important step for end users, offering a higher level of assurance for their data. But, warns the Cloud Industry Forum (CIF), insurance is no cure-all, and, as such, should not factor too heavily in the selection of a cloud provider.


The International Association of Managed Service Providers (MSPAlliance) last week announced a partnership with insurance firm Lockton Affinity to offer its members the chance to obtain 'Cloud and Managed Services Insurance'. The product will provide cyber, contractual and general liability coverage in instances of cyber attacks, data losses and system outages.


Frank Jennings, cloud lawyer and partner at DMH Stallard and member of the CIF Governance Board, has welcomed the development but reminds end users that ultimate responsibility for their data still resides with them:
“A properly drawn up insurance policy which is available at an affordable price and which covers service outages and data loss/ leakage could be a great step forward in the sector. Cloud providers typically pay out only service credits for service outages, even though this will not adequately compensate a customer who has not been able to transact business during the outage. Further, providers often exclude liability if they lose or leak a customer's data, even though this is the key asset they are looking after.


“But customers must still seek to ensure the cloud solution they buy reduces the risks of them actually needing to rely upon a pay-out under the policy. Also, they should check the small print of the insurance policy to make sure they are properly covered,” he continued.


Andy Burton, CIF’s Chairman, added: “In principle, the introduction of insurance for CSPs would be very welcome but my concern is that it may turn into a bit of a red herring, like many of the commercial claims of 100% service availability do, in that in their own right they offer a false sense of security. CSPs, like all external suppliers, will not, and should not, act as primary insurers of a customer's business and remedies under a contract may form part of, but should not be considered to be an entire, risk mitigation strategy. The challenges can very easily be compounded by the complexity of the supply chain in the cloud, with multiple parties collaborating to create the entire end-to-end service. My advice here is to get the basics right in the first place from the inside out: End users should look to cloud providers that have secured independent validation of their services, to ensure that your CSP meets the recognised standards in transparency, accountability and capability. This can be achieved today through best practice and certification against an Industry Code of Practice as offered by CIF. Insurance should really come as a secondary concern to reinforce commitment, not to substitute for it.”
 

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...