CounterPoint: Cloud Computing - Cloud Perils: Risks, Security & Insurance

Order a reprint of this story
Close (X)

ORDER A REPRINT

To reprint an article or any part of an article from Hospitality Upgrade please email geneva@hospitalityupgrade.com. Fee is $250 per reprint. One-time reprint. Fee may be waived under certain circumstances.

SEND EMAIL

June 01, 2011
CounterPoint
Joshua Gold

View Magazine Version of This Article

Those considering cloud computing must size up the risks of relinquishing that control over data to a third party. 

The trend toward cloud computing continues to pick up momentum.  Increasingly, individuals and corporations are entrusting to “the cloud” information as varied as family photos, vacation videos, contact information and sensitive business information, including customer account data and employee information.

Those selling cloud computing services speak to the numerous advantages of cloud computing, including claims of cost savings and enhanced data security.  There has been some debate regarding the accuracy of these claims, especially involving those promises of heightened data security. Individuals, small businesses and large institutions opting for cloud computing give up one central dynamic: direct control of the stored or processed information.  Those considering cloud computing must size up the risks of relinquishing that control over data to a third party.  Fueling the debate over the safety of cloud computing is a recent data security breach suffered by customers of one of the largest entertainment and electronics companies in the world.  That company had entrusted data to a cloud computing company that was in turn infiltrated by computer hackers.  According to reports of the incident, millions of customer account files (including credit and debit card information) were compromised when the hackers infiltrated the cloud site and improperly accessed the sensitive account information.  Notably, the hackers actually had a legitimate account set up with the cloud computing site (albeit with phony identifying information and fraudulent intentions), as opposed to anonymously hacking into another’s network.

Those considering cloud computing should perform due diligence with respect to how the cloud computing company erects safety walls between the data stored and processed for individual customers.  Indemnification and insurance should also be discussed.  Businesses should also explore whether they would have to disclose to their customers, employees and potentially others that certain data that they might have an interest in has been supplied, shared or transmitted to a third party for storage or processing.  Additionally, businesses may wish to consider whether there are certain categories of information that are simply too sensitive to provide to an external source and, therefore, must remain off of the cloud.

Businesses can help make informed decisions regarding the extent they use cloud computing by having risk managers working in tandem with their IT departments and in-house attorneys to protect data that is created by the business or entrusted to it by outside entities and individuals.  One starting point is developing a data security protocol which establishes clear directives regarding the handling of and access to information within the organization and that information which might be transmitted outside the institution as part of cloud computing.  Virtually any hospitality firm will have its own business and employee information electronically captured.  So too will it have customers’ e-data, including credit card information and other information gathered upon checkin and through rewards programs.  An important step is to inventory the information possessed and determine its sensitivity.  Categories of information calling out for heightened protection include: health information, personally identifying information of customers and employees, certain types of non-public financial information, trade secrets, customer lists and business processes that yield competitive advantages.  Once such information is identified for heightened protection, it usually is not enough to simply guard against external threats of unauthorized access.  It is also important to make intelligent decisions about internal access to protected classes of information.  This applies for cloud computing to  businesses should find out what levels of employees within a cloud computing firm have access to information.  Not surprisingly, some cloud computing firms have several other divisions and business enterprises.  It is important to know who has access and to what categories of information to get a handle on both the external and internal hacking threat.

Insurance coverage is available for losses arising from computer fraud or theft under both existing and new stand-alone insurance products.  Some of this coverage is quite valuable but should never be regarded as  “customer-friendly.” 

Policy terms should be closely scrutinized to determine whether the use of cloud computing would alter or reduce coverage.  Beware, for example, clauses purporting to condition coverage on the absence of errors or omissions in the data security measures employed by the policyholder.  Such clauses may be exploited by insurance companies arguing that the policyholder was somehow derelict in safeguarding computer data from hackers, among others.  Furthermore, some policies may attempt to limit insurance coverage for data breaches occurring in a computer not actively connected to a network.

Risk abounds when dealing with electronically captured information.  It is therefore no surprise that cloud computing entails risk as well.  Data security measures coupled with risk transfer in the form of insurance coverage and indemnification from the cloud computing firm can serve as a financial buffer when the data genie escapes the bottle.
 

©2011 Hospitality Upgrade
This work may not be reprinted, redistributed or repurposed without written consent.
For permission requests, call 678.802.5302 or email info@hospitalityupgrade.com.



Related Articles
want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.