Cloud-based deployment of core applications represents an opportunity for insurers to reduce total cost of ownership and concentrate on their core competency. However, it also represents a departure into uncharted territory at a time when insurers are also struggling to mitigate the risks of major implementations. Oceanwide, Inc., a Montreal-based provider of software-as-a-service (SaaS) software solutions to the P&C industry, seeks to address insurers’ fears with the launch its Cloud Provider Assessment Model (CPAM), which the vendor characterizes as the first cloud provider assessment tool for the insurance industry.
CPAM is designed to give IT and information security groups a method of comparing solutions from multiple cloud technology providers side-by-side in order to assess risk. CPAM is available via free download from Oceanwide’s web site. The tool relies on a series of multiple-choice questions – in contrast to reliance on subjective answers in response to an RFI – to gather data for comparison. Answers are then scored, allowing insurers not only to assess risk but also compare providers and solutions side-by-side.
“Cloud computing is a hot topic for insurers – more than half of insurers already rely on SaaS solutions in some area and about 20 percent more are in active or planned pilots,” observes Martina Conlon, principal in Novarica’s insurance practice. “Tools that assist with understanding the critical requirements risks and considerations can be extremely helpful as insurers consider expanding their use of cloud into additional areas.”
CPAM organizes questions into a set of standard security domains weighted to the specific of the insurance industry, including regulatory compliance, risk management, information security and other areas of concern. In designing the security domains and questions, Oceanwide leveraged internal expertise and information over 100 RFIs, as well as industry standards such as PCI and ISO 27000 series.
While it’s not a substitute for due diligence, it’s a very simple, easy and quick way for insurers to assess the risk of cloud providers they may be considering for a solution,” comments Mark Orosz, CIO/CSO , Oceanwide, and director of the team that designed and built CPAM.