Google Cloud Can Now Let Your Insurers Know How Secure You Really Are

Google has struck a deal with insurance giants Allianz and Munich Re that will allow them to directly examine the cyber security of clients on Google Cloud, with the consent of those customers. The idea is that insurers traditionally rely on a client’s own report of how their business works and the security they have implemented, but the setting of premiums would be much more accurate and efficient if the insurers could simply see the relevant facts for themselves. The insurers will gain an insight into how their clients have configured their cloud services, giving them an opportunity assess how well they control access to sensitive information and the security of hardware and software used to connect to the cloud. This new scheme has been branded the ‘Risk Protection Program’ and will initially be aimed at North American enterprises that generate over USD750mn in annual revenues.

A post by Phil Venables, VP/CISO of Google Cloud, and Sunil Potti, VP/GM of Google Cloud Security, suggests that the cost of insurance may fall for those businesses who take a policy connected to the Risk Protection Program.

The Risk Protection Program helps Google Cloud customers reduce security risk and connect with our insurer partners, Allianz Global Corporate & Specialty (AGCS) and Munich Re, who designed a specialized cyber insurance policy exclusively for Google Cloud customers, called Cloud Protection +. We worked closely with AGCS and Munich Re to co-design the Risk Protection Program to ensure we could bring a differentiated risk management solution to Google Cloud customers to reduce risk, potentially reduce costs, and build further trust in our platform.

A second post by Venables and Potti places the new insurance offering in the context of creating a ‘trusted cloud’ that gives the customer transparent control whilst being able to rely on Google to minimize threats like ransomware and account takeovers. However, this also looks like a power grab; nobody wants higher insurance premiums just because they disagree with their cloud provider’s opinion on how to evaluate risk. Venables and Potti close their pitch with a paragraph that reads:

This is just the beginning

Having trusted partners is more important than ever in our interconnected world. As the requirements for trust increase, Google Cloud has taken major steps not only to redefine what these requirements are, but we’ve delivered them to you through first-of-their-kind solutions.

Whether you are comforted or anxious that Google has only just begun to redefine trust may depend on how much you already trust Google to serve your company’s best interests.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.