SSP’s platform outage proves DR needs to be top of the agenda for insurers

Plans for a "full and thorough" review into the disaster recovery (DR) practices of major insurance software houses by the British Insurance Brokers' Association (BIBA) needs to improve and promote DR best practice across the industry. In order to avoid the disastrous effects of IT downtime, this should include both providers and the organisations using their services, according to business continuity experts Databarracks.

Earlier this year, customers of major insurance Software-as-a-Service (SaaS) provider SSP Worldwide suffered a two-week cloud outage, leaving them unable to access its Pure Broking Platform. Further outages have since occurred as recently as last week preventing many from using key services. This prevented many from using key services, resulting in significant loss of business and revenue. BIBA subsequently plans to perform a review of the biggest insurance SaaS providers' DR strategies to prevent such outages occurring in the future.

Oscar Arean of Databarracks urges BIBA to not only strengthen the business continuity plans of the SaaS providers, but to also educate and advise customer organisations of the responsibilities that fall to them when it comes to mitigating the risk of IT downtime:

"For any service provider, a two week-long outage is unacceptable. Even small cloud infrastructures can still support a large number of enterprise-critical services. Many of SSP's customers will have missed business opportunities as a result of the downtime, with numerous hours, days and even weeks of lost productivity.

"IT and automation can ultimately make us more productive, but if businesses are to rely upon IT completely they need to protect themselves in the event that something goes wrong. BIBA's review of the insurance SaaS sector needs to promote business continuity best practice from service providers, but also communicate the responsibility the customer holds to protect their businesses as well. Our recent Data Health Check survey found that only 28 per cent of business have put in any backup or recovery capabilities for cloud services beyond the standard default options. If DR strategies are to be successful it must have buy-in from both customer and service provider."

Arean explained: "The issue a lot of businesses have with cloud contracts is the responsibility for uptime and ultimate culpability. In most contracts, breaches of SLAs will be repaid in service credits and may be limited to a maximum of X number of months' worth of service. For the cloud service provider, this keeps their liability tied to the value of the customer – not to the amount of money that might be lost by that customer during an IT outage.

"Although it might seem like a loophole on the part of the service provider, it is perhaps unreasonable to expect them to take on that level of liability for its customers. If a server that you purchase breaks, then you are able to get a refund of that cost, but not of lost earnings as a result. The responsibility for the continuity of the business lies with that organisation.

"The issue with cloud services is that in many cases, the customer will expect a level of resilience that may not be included as standard. It is the responsibility of the customer to find out if their provider's standard levels of recovery and resilience are acceptable for them. Equally, it is important that the service provider is clear and upfront about the level of resilience that comes as standard. It seems in this case that there was a degree of over-promising and under-delivering by the service provider regarding its recovery capabilities. Protecting against IT downtime is a two-way street; both customer and supplier must take steps to mitigate its risks. The service provider must be clear and the customer should look beyond any marketing platitudes for firm SLA commitments."

Arean concluded: "BIBA's review of the insurance SaaS industry needs to first ensure that service providers' DR strategies are mature and capable, but second drive customers to better interrogate their own continuity abilities as well. What impact would cloud downtime have on their businesses? Are there alternative methods they can employ? Have you audited the failover options on all cloud services you use for critical systems? These are simple but necessary steps to prevent catastrophe in the event of IT downtime."

Contact us:

UK

Call free within the UK
0800 033 6633

Overseas

Outside the UK?
+44 (0)203 1771 910

General Enquires

contact@databarracks.com

Support

support@databarracks.com

Sales

sales@databarracks.com

Accounts

accounts@databarracks.com

Careers

recruitment@databarracks.com

Marketing

marketing@databarracks.com

Follow us:

LinkedIn
Twitter

Visit us:

Address:

Databarracks Ltd
1 Bridges Court
London
SW11 3BB

Get in touch:

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This website uses cookies. To find out more, read our Cookies policy. By continuing to use the site, you consent to our use of cookies.