Session: Security, Risk, Legislation, and Compliance: Pandora’s New Box.
Speakers:
Drew Bartkiewicz, Vice President of Cyber Risk and New Media Markets, The Hartford
Robert Parisi, SVP & National Technology, Network Risk & Telecommunications Practice Leader, FINPRO, Marsh USA
I happened to sit next to Drew this morning, and we chatted a little on what he’s doing at The Hartford. Drew isn’t in IT. He runs the business line that covers (insures) the cloud operators, and it sounds like, in the near future smart cloud consumers. He mentioned a phenomenal month-to-month business growth, which makes me believe that not only is the cloud real, but operators are serious about protecting against business risk, for themselves and their customers.
Drew speaks to “Information malpractice”. It is something that all businesses need to protect themselves against. Drew says he’s not here to be “wet blanket”. He’s a believer in the economic benefits of cloud computing, even with the additional costs of insurance.
Drew shares that the advances of cloud computing are outpacing CIOs, acquisition directors, lawyers and legislators ability to interpret, protect against and regulate the associated risks.
“With great power there must also come – Great Responsibility”. – Stan Lee, writer of SpiderMan, 1960’s
Cloud Uncertainties, there is an Aggregation of Risk – for data, for interdependence, for IP
Contractual considers – data privacy, liability, interdependence. On interdependence, even if you have great terms of use, if someone “misbehaves” in your environment, and causes issues for other tenants, you the cloud operator can be held responsible. Reasons: your enforcement of terms of use, in terms of stringency and consistency; or, because you have the deepest pockets.
Calls out two books: Unseen Wealth, by the Brookings Institute on intangible information assets as the future for wealth creation and his upcoming book, Unseen Liability , which speaks to the risks of collecting, using and managing this information. These risks need to be factored in as organizations assess the viability of bringing a new service to market. [This applies to traditional “providers” and organizations/enterprises who choose to offer new services via the cloud.]
Drew says “select cloud provider judiciously”. Stay away from providers who aren’t willing to discuss contractual, legal, privacy, compliance concerns.
Summary:
- Think Open, Think Smart.
- Manage your points of risk with the cloud.
- Insure for uncertainty, or make sure your cloud providers are insured.
- Cloud Insurance exists
Q: Doesn’t existing errors & omissions policy cover this?
A: Not necessarily. Doesn’t always cover E&O by third party providers (cloud operators) or that impacts non-clients. For example, if your mistake damages multi-tenant cloud, you’ve created an error for people you don’t have any relationship with.
“Traditional Insurance was created for a world that no longer exists”.
For me, this is an important topic for enterprise adopters to understand. Not in the sense of “collecting reasons to ignore cloud computing”, but in the spirit of making informed decisions, and in protecting yourself, your company and your customers.
PDF 
