Privacy and Security Exposures for Cloud Computing

What is cloud computing

The definition varies depending upon who you ask but it can be described as purchasing hardware and software as a utility service. Meaning a company does not actually own, install or maintain its own software on its own hardware but instead outsources the entire deal, using virtual servers over the internet. Is it that different from grid computing or utility computing? Again, opinions vary. Certainly the concept continues to generate some buzz akin to the Web 2.0 mania.

 

What it means to a professional liability insurance policy

Perhaps the biggest threats from cloud computing, or any circumstance where the insured’s IT infrastructure is outsourced, are the increased privacy and security exposures. Sharing a virtual server can create complexity when determining who is responsible or whose actions contributed to a system security breach. At the very least, additional defense costs can be generated when a legal proceeding is required to determine who is at fault.

 

In addition to defense cost coverage considerations, any insurance policy provisions limiting coverage to network and systems of the insured or under the insured’s control need a close look. These provisions can narrow coverage in a way that is problematic for companies using cloud computing as the companies do not actually maintain their own network or systems. We’ve talked about these types of coverage provisions before but not necessarily in terms of the newer privacy and security breach coverages now commonly available in the marketplace. If the insured is outsourcing its IT infrastructure then the typical policy language in a privacy/security policy or endorsement may need some customization.