In Order To Embrace The Cloud, You Must Secure It
By Asaf Cidon
The cloud is transforming the insurance industry — whether agents like it or not. It should come as no surprise that consumer file storage services are wending their way into the industry; they bring untold convenience to otherwise mundane and frustrating workflows. But in order to embrace the cloud, it’s essential to secure it properly.
The first step? Acknowledging the personal devices and apps for syncing and sharing consumer files that your agents are already using. Recent data suggests that as many as 49 percent of consumer file sync and sharing installations at work are being done without management oversight, and 22 percent of files uploaded to these services contain sensitive, confidential data. In other words, turning a blind eye to the cloud’s convenience could end up costing your business, and you should consider developing ways to control and audit how your sensitive information is being accessed.
Here’s the thing: These days, relying on outdated computer systems practically courts glitches and hackers. Building a stronger and stronger firewall isn’t relevant in an era in which your data isn’t even on the network, but instead in the cloud. Such focus on network security also fails to acknowledge the real risk to your business — user mistakes. Sure, recent events have shown that major insurers like Anthem are now in hackers’ crosshairs. But the truth is that the loss of a device or a mistakenly shared document is a far more probable threat for the majority of insurance firms and agents. Disclosing confidential information to the wrong viewers carries stiff fines, not to mention damage to an agent’s reputation.
Given these risks, some might bristle at the notion that the cloud makes it easy to use corporate data on mobile devices. Isn’t device access precisely what should be avoided?
In fact, blocking access is exactly the wrong response to threats, leaving you vulnerable to agents who are just trying to get their work done and provide the best client counsel possible.
But the risks don’t have to be risky: They can be managed with proper safeguards, namely, strong passwords, encryption, tracking, and device and user blocking functionality. Passwords are basic. But encryption should be at the center of any sound cloud security policy — and the right type of encryption can provide a path for the other security fundamentals.
Encryption helps lock up sensitive data wherever it goes. But not just any encryption will do. End-to-end, file-level encryption is the best solution to secure a platform as flexible as the cloud adequately. File-level encryption enables users to encrypt specific files and folders with a unique key. This means the information is unavailable to unauthorized viewers anywhere the file is stored — from the cloud to those devices that frequently get lost. File-level encryption, in turn, simplifies the audit process, because it’s possible to track exactly what happened to a document, as well as by whom and with what it was accessed. When a device is lost or stolen, certain cloud security solutions provide a device block feature, which administrators can use to wipe remotely the keys associated with certain devices and users so that the sensitive information can no longer be accessed. Automatic logoff also helps, because terminating a session after a period of inactivity can help prevent unauthorized access.
That leaves you to brainstorm how the cloud can help streamline and coordinate burdensome day-to-day workflows. Just think about your average day: You might be in the field assessing damages, estimating the nitty-gritty of certain risks, awaiting responses from carriers, collaborating with colleagues, navigating customer inquiries and more. Logistics that slow down these daily tasks hamper your ability to focus on serving clients, because you don’t have the information or context you need at your fingertips, introducing the possibility that you’ll be ill prepared for client inquiries and end up disappointing your clients.
Cutting-edge products — and product combinations — exist to allow you to be productive while mitigating risk. Self-service cloud storage solutions like Dropbox and Google Drive allow users to move their workflows to the cloud seamlessly, enabling them to sync documents across devices and share with collaborators. What’s more, these storage services allow you to store as much information as you need on them — and they don’t put limits on what you can accomplish.
Asaf Cidon, PhD, is the co-founder and CEO of cloud security company Sookasa, which provides seamless Dropbox encryption. Asaf may be contacted at [email protected].
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News