Oceanwide has launched its Cloud Provider Assessment Model (CPAM), for the insurance industry.
CPAM was designed to give information technology (IT) and information security (InfoSec) groups a method of comparing solutions from multiple cloud technology providers side-by-side in order to assess risk.
"Cloud computing is a hot topic for insurers," said Martina Conlon, principal, insurance, for Novarica. "More than half of insurers already rely on software-as-a-service solutions in some area and about 20 percent more are in active or planned pilots.
"Tools that assist with understanding the critical requirements, risks and considerations can be extremely helpful as insurers consider expanding their use of cloud into additional areas."
Oceanwide’s CPAM, which is available via a free download from the Oceanwide website, relies on a series of multiple-choice questions, rather than subjectively typing answers into an RFI, to gather data for comparative rating purposes.
The answers are then scored, allowing insurers to not only assess risk, but compare providers and solutions side-by-side.
"While it’s not a substitute for full due diligence, it is a very simple, easy, and quick way for insurers to assess the risk of cloud providers they may be considering for a solution," said Mark Orosz, CISSP, CIO/CSO for Oceanwide, and leader of the Oceanwide team responsible for designing and building the CPAM. "We wanted to ensure that the industry as a whole doesn’t stumble in its adoption of cloud applications."
Oceanwide’s CPAM organizes questions into a set of standard security domains weighted to the specific needs of the insurance industry, including regulatory compliance, risk management, information security, and more.
To design the security domains and questions, Orosz and the Oceanwide team relied on internal experience delivering SaaS solutions for insurance for nearly 20 years, and information gathered from over 100 requests for information (RFIs) and industry standards, such as PCI and ISO 27000 Series.