Asia Insurance Review, Vol: II, Issue: 200

News From: ( )

Most cloud services are already covered by ample service level agreements (SLAs) and insurance packages to safeguard companies' potential loss of business may add unnecessary complexity and contain "uncompetitive" premiums, according to an industry analyst.

ZDNet Asia, an information service, cites Mr Chris Morris, research director of cloud technologies and services at IDC Asia-Pacific, as questioning the need for cloud insurance packages, saying that penalties stated in standard SLAs should be sufficient.

Mr Morris notes though that in most cases, the penalty payments offered by cloud service providers do not reflect the potential for lost income incurred by affected customers. In such cases, where the business risk is big enough to warrant coverage, companies should then look into purchasing the relevant policies.

In addition, for more complex and business-critical deployments, in which the service is delivered by multiple providers such as telcos and server providers, he says that the onus here is on the application owner to fully understand the impact on their business if there is a loss to the service. "If it is that vital to the continuation of income for the business user, then its risk assessment will identify this and its governance committee will insist on business insurance to be carried by [the cloud vendor]," he adds.

However, Ms Meghan Hannes, managing director at cloud insurance provider CloudInsure says that her company is taking a different approach to cloud insurance. Rather than provide coverage for the cloud service per se, CloudInsure is designing its policies for "cyber liability", which includes aspects such as regulatory coverage, data privacy and security. It assesses the risks related to the type of data the company is exposing with cloud-based services, she explains.

Real Time Web Analytics