What Insurance Companies Need to Know About Cloud Security in 2017
Why insurance companies should consider moving to the cloud in 2017, and what they need to know about the vulnerabilities that threaten them.
Join the DZone community and get the full member experience.Join For Free
Few understand the concept of mitigating risk better than the insurance industry. The insurance industry faces a unique set of challenges when it comes to cloud adoption and security. In this post, we’ll walk through some of the reasons why moving to the cloud is an excellent idea for insurance companies and provide some guidance on how they can overcome the most common hurdles.
Moving to the Cloud = Reduced Costs and Increased Efficiencies
The insurance industry is often part of the wait-and-see crowd when it comes to adopting new technologies. And that makes plenty of sense. Insurance is a business filled with risk, and seeing how things are going to shake out before diving in is sensible. That said, the cloud is not just alive and well — it’s eclipsing traditional technologies in 2017 as a reliable and dynamic environment to do business in, and many forward-thinking insurance companies are already moving their “crown jewels” to the cloud.
Why? For starters, they understand that moving to the cloud means reducing costs. They can save money and also serve their business units faster by building and launching applications in the cloud at scale. In the public cloud, a developer can spin up a new server in minutes and build a new application in days. So speed and efficiency are leading to major cost savings for insurance companies as they move to the cloud.
Four Tips for Moving to the Cloud
If you’re still in the data center business, it’s time to get out. Decrease your costs, increase your competitive advantage, and speed up time to market by moving to the cloud. Here are four tips to help you get there.
1. Get the Tooling Right
A few years ago when insurance companies were first encouraged to move to the cloud, it made sense that their response was, “But what about security?!” Fast forward to early 2017, and the reality is that there’s a slew of great cloud security products on the market, and no excuses anymore for holding back.
So what is holding insurance companies back from jumping on the cloud bandwagon wholeheartedly? In a nutshell, tooling. Moving to the cloud requires making changes to long-held processes. It becomes a question of how fast you can retool development teams to take advantage of the cloud.
Insurance companies need to move from waterfall development environments where structured releases happen every six or nine months to the new DevOps paradigm where code is released daily, if not more often.
Unfortunately, you can’t take your old development process and simply apply it to the cloud because that would not create the promised efficiencies. Instead, you need to take those older processes and transform them with a DevOps mindset.
2. Look for Solutions That Make Security a No Brainer
The biggest change with the cloud is that it gives you a great deal more visibility into what’s going on across your environment — that is, if you have the right tools in place. With an integrated platform like Threat Stack, for example, you can gain deep and broad visibility into what’s happening in your environment at any given point in time, including security threats.
The public cloud is not inherently insecure, but you need to take the shared responsibility model seriously and put today’s best tools to work for you to ensure that you have continuous monitoring across your entire environment.
Some of the key areas where you should make sure you have capabilities include:
- File integrity monitoring
- Real-time identity and access management
- Ongoing vulnerability management
- Incident response plan
Having these capabilities at your fingertips means that you will be able to catch security breaches early and clean them up quickly, minimizing any damage to your valuable reputation with customers and protecting their data from theft or misuse.
3. Hire Smart
One of the challenges as you move to new tooling and begin to embrace DevOps is finding engineers who are experienced with or open to this new way of doing things. Since many insurance companies have headquarters outside of major urban areas, this can be a challenge. But it can be overcome with some creativity and ingenuity on the part of your hiring team.
For example, one insurance company that we know of has moved their DevOps team — a group of relatively young engineers — out of the company’s office park west of Boston and set up a pod in downtown Boston. Moving DevOps teams closer to places where the engineering talent prefers to be can help you capitalize on the opportunity. This isn’t a difficult shift to make, and it can make all the difference in today’s competitive technology landscape.
4. Understand Cloud Compliance
Finally, it’s vital, of course, for companies that deal with finances and personally identifiable information (PII) to respect all relevant compliance guidelines, from PCI DSS to HIPAA to SOC 2. To help out, we’ve put together a comprehensive guide to cloud compliance that you can download and use to make sure you fully understand the compliance landscape as you create an adoption roadmap for cloud computing.
To the Victor Go the Spoils
It’s still early in the timeline of cloud computing, and insurance companies have a big opportunity to get into the cloud and realize huge benefits. As giant corporations and smaller organizations alike move their infrastructure and critical applications to the cloud, you don’t want to be left behind. The steps above should help you plan a stress-free move to the cloud, so you can begin to realize the cost savings, flexibility, speed, and other competitive advantages that the cloud has to offer.
Published at DZone with permission of Jim Crowley, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.