Cloud cover: the gold standard for cyber security

Security and resilience are central advantages of doing business in the cloud, and the onus to keep the platform up to date ahead of the latest cyber threats does not rest with one single insurer, writes Duck Creek Technologies Europe UK Product Manager Ellen Kay.

 We live in changing times, and change often inspires fear and scepticism. There are plenty of scare stories out there about all manner of vulnerabilities in IT systems, and the consequences of overlooking them – just google “hacking 2019 trends” if you’d like a sleepless night.

There are risks to every IT system, whether they are on-premise or not. But there are stand-out advantages to the cloud that place it above and beyond on-premise systems in terms of security and resilience, not to mention customer experience. Here are three key advantages:

  • Built by the best

The most stubborn misconception in respect of the cloud is that on-premise control means greater security.

With the best IT department in the world, insurers will never be technology companies. In contrast, cloud services are hosted by the largest, most sophisticated global technology companies. Duck Creek OnDemand uses Microsoft Azure to name one.

Microsoft clearly has plenty of resources for security and for research and development (R&D), and there is very little risk that this colossus is going anywhere any time soon. What if your security was as strong as Microsoft’s IT security team and your R&D, including proactive R&D into the latest cyber threats, was as strong as their R&D team?

Hackers know the security that the cloud provides and, like every other criminal, are more often than not on the lookout for easier targets. Which would prove more tempting – that ageing on-premise server awaiting its next patch, or the cloud system managed by top notch expertise in cyber security?

Any independent IT team would struggle to provide the value for money needed to compete with that.

  1. Updated automatically

Cloud services stand out because the responsibility for updates and maintenance falls to the cloud provider, not the user.

So there is no risk of falling out of maintenance, or increasing your vulnerability to hacking because of an open attack vector created by a backlog of patches.

Insurers currently spend hundreds of thousands of pounds a year managing upgrades to their IT platforms and maintaining their security systems. Automating these processes and moving to a low-code environment could make an impressive dent in those expense ratios.

And when cloud systems are updated, they’re updated at the cutting edge – the security risks that you face are the same or very similar to those of your peers, and trusting cloud providers to stay ahead of the curve makes sense when you consider the oversight they have of the evolving nature of security threats.

  1. Managing external and internal threats

Malicious cyber threats unfortunately don’t just exist outside an organisation from anonymous hackers.

Internal threats from disgruntled employees are increasingly prevalent, ranging from data leaks, to corporate espionage, fraud and more.

According to the Cybersecurity Insiders Insider Threat 2018 survey, 47% of those surveyed were concerned about cyber threats from deliberate malicious insiders, while 64% said they were shifting their focus on detection of insider threats, with the use of user behaviour monitoring rapidly accelerating.

The common denominator in internal data breaches is almost always lax internal server security.  Cloud systems can go above and beyond the ad-hoc spattering of password protected documents, folders or drives that are the most common lines of defense in place for on-premise systems.

Instead, the cloud offers layered security controls, combined with strong internal security discipline as standard, allowing bespoke security clearances for each server and individual user from foundation-level upwards. Cloud security can also include a system of security alerts and double checks in place, so that no single individual can make sweeping changes without others being alerted, for instance.


Cybersecurity is a top priority for any insurer that wants to remain competitive, efficient and compliant. It’s that simple.

Cloud security systems are scalable and adaptable, and to my mind the most future-ready solution available to insurers today. Security delivered by the cloud is truly cutting edge, and goes hand in hand with richer user experiences, more joined up data management across devices and data, and all with lower costs.

The cloud won’t take the threat away, but this type of infrastructure – cloud cover if you like – makes managing the threat a multinational, multi industry imperative, spearheaded by the largest global tech firms, rather than the imperative of one insurer alone against the world.

More from this Author