Data Protection in the Cloud: Assurances Backed by a Warranty!
Jul 13, 2015
Would you put your organization’s most sensitive information into a public cloud? For most, the answer is, at best, “it depends.” The crux of “it depends” is assurances; assurances that your sensitive information placed in a public cloud has no more risk (hopefully less) of a data breach than if that same information was contained in your organization’s private data center. Assurances of this nature are possible, but you need to be a discerning evaluator.
So how does an organization gain those assurances? Security certifications of the public cloud provider would seem logical, but they are, nevertheless, incomplete. Security certifications, while valuable, represent an audit of practices and procedures at a given point in time. A passing grade on a security audit is, in reality, not a guarantee of the future.
Plus, cloud providers’ service level agreements (SLA) only go up to the point of what is within the cloud provider’s full control. In the shared responsibility model of the public cloud, this leaves a considerable amount of room for the cloud provider to state, “outside my range of responsibility,” thus leaving cloud tenants with only a partial assurance.
Organizations could still claw their way up the assurance ladder, but typically at a material cost. Organizations have two options: (1) surround their cloud-hosted workloads with layers of additional security controls, which the organizations would need to procure, architect, deploy, and manage, or (2) outsource the responsibility of additional security controls and management to a third party.
With either option, the cloud tenant (you) is spending more to protect sensitive data contained in cloud-hosted workloads. Plus, where’s the assurance that either your security or IT team (or that of the third-party outsourcers) has the knowledge of cloud operations and security competency to give you the data protection assurances you demand? Again, still seems like a partial assurance.
Now consider the Cyber Warranty included at no extra expense as part of FireHost’s standard cloud hosting services. The nuts and bolts of this Cyber Warranty are to reimburse FireHost’s customers for expenses they might incur in the event a data breach occurs (e.g., customer notifications, identity protection services, and regulatory fines).
FireHost’s Cyber Warranty, in itself, is unique in the industry, but that is only half the picture. The other half is that FireHost has an insurance policy underwritten by AIG to cover the breach-related expenses of FireHost’s customers. Insurance companies, and AIG is no different, run their businesses to make a profit (i.e., receive more premium than paying out in claims). In its underwriting due diligence, AIG evaluated FireHost’s current AND future attention to protecting sensitive information. AIG concluded that an insurance policy for FireHost was good business — it could make a profit.
Remember, this insurance policy is not for the past, but the potential of future data breaches. More to you the cloud-evaluator, AIG’s underwriting evaluation of FireHost’s data protection capabilities translate into assurances that your sensitive information is well protected.
For additional perspective on FireHost’s Cyber Warranty, click here to receive a complimentary copy of Cloud Attributes and Top Tier Security – Together at Last.
As Stratecast’s Vice President of Research in Frost & Sullivan, Mr. Suby engages with his seasoned team of analysts and business strategists in defining research direction and in delivering impactful customer interactions. Leveraging a 15-year analyst career, Mr. Suby maintains thought-leader presence in cyber security, particularly in Mega Trend topics that crossover into the churning world of digital transformation. Mr. Suby has a Master’s degree in Economics and a Bachelor’s degree in Mathematics and Economics.