The Google logo adorns the outside of the Google building in New York City. Customers on Google Cloud are now able to use a diagnostic tool called “Risk Manager” to evaluate cyber hygiene. (Drew Angerer/Getty Images)
Google Cloud, Munich Re and Allianz are working together to turn risk data into better insurance policies.
Customers on Google Cloud are now able to use a diagnostic tool called “Risk Manager” to evaluate cyber hygiene. In doing so, and in sharing the results with Munich Re and Allianz, the insurers will offer expanded coverage options, including higher policy limits and longer business interruption payouts.
“We’re really focused on figuring out what we can do to make our customers safer, as they move to cloud,” said Matt Driscoll, product manager at Google Cloud.
“We think this goes a long way to helping customers be successful, not just configuring things securely, but building a risk management program that’s going to scale with their business.
The Risk Manager program checks for common security practices, things like two-factor authentication, limiting the number of privileged accounts, or not allowing RDP to run amuck. Not only can that give Cloud customers insight into their own security posture, but by sharing that data with the insurance companies Google has partnered with, it will also allow them to provide more robust options. The program will operate under the name “Cloud Protection +.”
According to Bob Parisi, head of cyber solutions at Munich Re, that includes allowing for up to a $50 million policy split between Munich Re and Allianz.
“Normally if you’re going to try and find $50 million of cyber insurance, it might take you three, four, five different insurance carriers,” he said.
The firms will also allow for a full year of compensation for lost income for a Google Cloud attack, rather than an industry standard 90 to 120 days.
Parisi said it would also allow insurers to be more transparent with clients about their calculations.
“We’ll now get inside the perimeter data, which is something we had never gotten before,” he said. “Applying for cyberinsurance used to be an exercise in filling out an application. At best, we might then use an outside-in scanning tool that would look and see which ports were open. But we never really knew or had any visibility to what was truly going on on the inside.”
The tool was not developed on live customer data. But Driscoll said he believed, given Google Cloud’s existing tools and defaults, many customers would already do well on the Risk Manager audit.
He also said he did not think this first offering had reached the full potential of what Risk Manager could provide.
“We think there’s a lot more we can do there over time for customers,” he said. “We’re really trying to be a trusted partner, the trusted cloud vendor for our customers and so we think this is a step toward what that means.”
Some parts of this article are sourced from: