Ventiv Technology

8 | 360º Aon eSolutions When it comes to knowing and controlling the risks associated with cloud partners, RIScloud provides the peace of mind that commodity-cloud providers simply can't offer. Unlike commodity-cloud offerings, RIScloud is an end-to-end system owned and managed by a single entity, which means: » Aon eSolutions and RIScloud are fully and completely accountable to you, » On RIScloud, you know where your data resides at all times, who's managing it, and who has access to it, and » On RIScloud, you know that all controls and certifications apply to every stage of your data lifecycle. KNOW THY CLOUD The cloud is about more than access, cost and efficiencies. The right cloud solution will meet your needs across the spectrum, from security to performance to application development. Before taking on the additional risks associated with a third-party cloud provider, companies should understand their cloud partner's risk mitigation strategies and put the necessary protections in place. In order to protect your organization and its risk, insurance and safety programs, it's important to ask a prospective—or current—cloud provider the following questions. » Are your security protocols and controls up to my organization's internal standards? The cloud provider should have comparable security and controls to those of your company. While these may not be exactly the same as your organization's, they should be similar or better to provide adequate protection. » What are your certifications and third-party audit controls reports, and where do they apply? It's critical to ensure core security controls are in place at your cloud provider, but it goes far beyond merely listing those controls. Commodity-cloud brokered- solution providers utilize numerous providers, and the certifications and controls usually apply to only certain segments of their cloud offering. » Is your compliance review in depth and focused? As a risk, insurance and safety client, your needs as they relate to policies, procedures and technologies will be different from those of other communities. Do your cloud partner's protocols match up with your needs? Any cloud partner should be willing and able to answer in detail your questions around compliance. » Where will my data be physically located? It is important to understand where (physically) your data will be stored. Some vendors utilize multiple commodity cloud providers to cobble together a solution, which results in client data being stored in multiple clouds. This increases your exposure since more resources will have access to your data during the process of your data being replicated across clouds; as a result, your exposure to unauthorized access increases. » Will you allow me to perform an onsite review of your data center? An onsite visit will give you a solid understanding of the cloud provider's physical controls and the provider's overall corporate culture. Many cloud providers, however, have policies against allowing clients and prospects access to the data center(s) because they themselves, in their role as cloud broker, are not permitted to the data center(s) they utilize for your data. » What contractual protections do you provide? Be sure your contract addresses and meets your security requirements, including data-breach requirements. This is a challenge when dealing with the complexities created by brokered cloud solutions encompassing multiple vendors, none of whom has a direct contract with you. » What kind of service level agreement do you offer? An SLA should cover performance, availability, integrity and confidentiality. But it's critical that the particulars apply specifically to the needs of the risk, insurance and safety community. For example, does the provider address more than just "uptime" guarantees and go deeper to the relevant performance measures, such as save, search and view times? OUR PROMISE: YOUR PEACE OF MIND When you ask the questions listed above and get your answers, we're confident that RIScloud will rise to the top. In short, RIScloud serves the needs of the risk, insurance and safety community in ways that commodity-cloud providers simply will never match. From the design and rollout of our technology applications to the service levels and performance we designate and guarantee; from the security and privacy protections we deploy to the compliance and regulatory requirements we position our clients to satisfy, RIScloud demonstrates the Aon eSolutions commitment to you, your organization and the risk, insurance and safety community. In order to take on the additional risks associated with a third- party cloud provider, companies should understand their cloud provider's risk mitigation strategies and put the necessary protections in place before moving into a new cloud home.

• Cover