A Hybrid Cloud Strategy is Important for Security
Cybersecurity is evolving and strengthening every day, but Lloyd’s, in partnership with AIR Worldwide, released a cautionary report entitled Cloud Down – The impacts on the US economy. This report outlines the possible, and probable, repercussions of the failure of one of the leading cloud providers. In focus: the financial impact of such an event.
Why should we care? If these insights are heard and headed, insurance managers could better grow their cyber business in a judicious manner. Along the same train of thought, it is important to remember that these analyses are made with the notion that a unique CSP would be affected at a time. As such, distributing workloads across multiple CSP’s, taking the time to analyze which advantages of each cloud would best help you attain your goals, would be a possible real-world application of this report.
To provide us with a baseline, the report specifies that “the results published in the report are based on the top 15 cloud providers in the US, which account for a 70% market share.”
This report materializes the monetary impacts of the interruption of US companies’ e-businesses if a cloud service provider should be compromised for a certain duration of time.
“Given the state of the cyber insurance industry today, a cyber incident that takes a top three cloud provider offline in the US for 3-6 days would result in ground-up loss central estimates between $6.9 and $14.7 billion and between $1.5 and $2.8 billion in industry insured losses.”
The report details its methodology, in that it takes a different angle from the usual market share approach methodology. Instead, its approach uses company specific risk attributes. This allows for a truer reflection of the risk insurers face. It narrows down which companies would be affected by the scenario and eliminates from the estimates the companies that would not be affected. A great deal of information can be drawn as “the scenario classes presented in this report considers the impact of disruption to several key cloud service providers for different periods of time.”
Many conclusions and lessons can be drawn from the raw data presented in this report, but the one that Cavirin finds most applicable and immediately helpful is that risk can mitigated through the spreading of workloads across multiple clouds. But this strategic move comes with its own challenge: how best to manage the increased complexity of splitting data across more than one cloud? Cavirin tackles that challenge proactively through the automation of cybersecurity and compliance, drawing from the richest set of frameworks, benchmarks, and guidelines.