Beyond the normal discussion about how companies need to "design for failure" (re: applications) when using public clouds, someone brought up that SLAs will need to evolve before companies can better mitigate risk. Most people tended to dismis this, since SLAs usually only compensate customers for the service value of the outage window (eg. $/hour of compute time), not for any value related to lost business due to downtime, lost data or a security breach.
So this got me thinking about what it might mean to obtain an insurance policy to protect against "loss" as a result of a public cloud service. My initial thoughts fell into a couple buckets:
- What would/could be included in that "loss"?
- Do companies today have any idea how to measure the value of what an individual IT service means to their business?
- Are there any companies that offer an insurance policy that covers public Cloud Computing today?
- How is data captured for companies offering Cloud Computing insurance?
- Will Cloud providers sell their operational data to insurance companies? Should Cloud providers sell their operational data to insurance companies?
- Are there markets and derivatives to Cloud insurance that could evolve if this model of risk management begins to grow?