Security for Core Insurance Systems in the Cloud

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)
27 November 2017

Key research questions

  • What are the major security considerations when an insurer uses cloud-based core systems?
  • What security tools and capabilities are available?
  • What are the security responsibilities for the cloud provider, the core system vendor, and the insurer?


When properly addressed, security considerations should not be a barrier to an insurer utilizing and realizing the benefits of cloud-based core systems.

As more insurers consider moving some of their core systems to the cloud, many want to know how secure their data and applications will be. This report examines how major cloud providers are addressing security risks.

There are four major security considerations for cloud-based core systems: application risks, data risks, intellectual property risks, and physical risks.

There are two basic models for how an insurer can use core systems in the cloud.

  • Model One: An insurer licenses core systems from a core system vendor, and then the insurer or an integration partner deploys and uses those core systems in the cloud.
  • Model Two: A core system vendor deploys its core systems in the cloud, and then makes those core systems available to an insurer on a subscription basis.

Leading cloud providers create and maintain a set of services and capabilities to provide security for infrastructure and platform cloud elements. The breadth and depth of these tools and capabilities are generally equal to, and often better than, those utilized by individual insurers that deploy core systems on their own premises.