Service providers of any kind will inevitably fail their clients requirements and expectations, and cloud providers are no exception. Cloud and managed services are still a maturing market, and enterprises are wary of outages and data loss. Providers have to offer assurances to these customers, but they also have to protect themselves if those assurances fail.
The International Association of Cloud and Managed Service Providers (MSPAlliance) recently introduced its revamped managed services and cloud insurance offering with a new insurance provider partner, Lockton Affinity LLC.
The new cloud insurance program offers liability coverage to global providers and MSPAlliance members, while assuring cloud customers that providers will be accountable, said James Staten, vice president and principal analyst for Cambridge, Mass.-based Forrester Research Inc.
Cloud insurance program: Peace of mind for providers, customers
The new Cloud and Managed Services Insurance program from the MSPAlliance offers members cyber and contractual liability, as well as errors and omissions insurance -- coverage that protects a company or individual professional held responsible for a service that was promised and not provided, or from customers who believe they did not receive promised results.
Historically, there has been a gap in the insurance providers' understanding of the cloud provider industry and of the coverage that providers have been receiving, said Charles Weaver, CEO of the MSPAlliance.
"Insurance providers were not giving cloud providers cyber liability -- like data loss and protection coverage," he said. "Providers were mostly getting general property damage, like what retail shops would have."
Providers need cyber-risk insurance -- protection in the event of an unintentional loss or breach of their customer's assets. While providers already have a limited form of insurance to back their service-level agreements (SLAs), many of those policies have not been covering the provider against things that their customers are most concerned about -- like data loss and outages, Weaver said.
"We have a lot of MSPAlliance members that serve clients all over the world, and having a comprehensive global coverage package that was affordable, with an easy underwriting process to obtain the coverage, was important," he said.
SysArc Inc., a Washington D.C.-based managed service provider and MSPAlliance member, is taking advantage of the insurance program to assure its small- and medium-sized business customers in the D.C. Metro area that they will be properly compensated for breaches or failures of their outsourced IT services, said Tim Brennan, Founder and CEO of SysArc.
SysArc tried working with local technology insurance providers in the past, but was not receiving the specific coverage the provider needed -- like liability and errors and omissions coverage, Brennan said.
"We are noticing that when we talk to larger companies, they have policies that require their providers to have this kind of insurance," he said. While customers are starting to drive market demand for insurance, providers are benefiting from being protected, too.
Customer lawsuits as a result of an outage or accident can be expensive for providers. "This insurance may not be a competitive advantage, but we like to know that if anything does happen, we won't be going out of business," Brennan said.
How much responsibility should providers shoulder?
While a provider can refund a customer for the price of a managed or cloud-based service that was not available due to an outage, service providers have historically positioned their SLAs as a limit on liability, said Tom Nolle, president of CIMI Corp., a consultancy in Voorhees, N.J.
More on cloud insurance
Cloud insurance alleviates SLA concerns
Top threats and risks in cloud computing
Cyber insurance: What it is, what to watch for
"Providers can't take on consequential damages -- like a business customer losing money as a result of a service failure," he said. "Those terms are necessary in a service provider contract. The legal risk would be too high and no provider would be able to offer services, if not."
Insurance programs for cloud and managed services have not come cheaply for providers in the past. Limited finances have made it difficult for any provider to take on liability that could extend to the customer's business loss due to a cloud outage or SLA failure, Forrester's Staten said.
Large providers have historically been more likely to offer liability coverage, thanks to their own financial resources, but insurance wasn't an option for smaller cloud and managed service providers to offer their customers, he said.
Some businesses -- like financial services firms – can't afford to choose a cloud or managed service that doesn't offer a liability plan, however. Cloud insurance programs -- like the MSPAlliance offering -- will give more providers the opportunity for affordable liability coverage, Staten said.
"Liability insurance like this can help balance the risk/reward, and take away some of those customer concerns with going to the cloud, which could even play a big role in attracting new customers to a cloud service provider," he said.