Mitigating the Risks of Using Cloud Service Providers

Some tips from Brush Creek Partners for mitigating risk.

By Travis S. Holt




Vendors and subcontractors cause a majority of technology failures and data breaches. While almost everyone agrees with this, very few understand who has the liability for the failure or loss of data. There are numerous types of technology vendors and subcontractors but the most common group are cloud service providers. In a small business this could be a data backup solution like Dropbox or other boutique solutions. It could be payment processors or payment systems like Square, Heartland Payment Systems, and others. It could be outsourced IT providers and various other cloud service providers like e-mail marketing companies, financial software (Quickbooks and others), HR software, software development firms, mobile rewards programs, EMR or EHR solutions for medical related businesses, and many others. So how well do you know the vendors who create, maintain and protect this sensitive information? 

As your business moves to the cloud, your hosting environment becomes a critical piece of your existence. You wouldn’t be able to conduct your business without the infrastructure, platforms, and software. What do you know about the applications and companies you use to analyze, process, and store this data? Amazon Web Services is one of the largest and most secure cloud service providers but has also had numerous high profile outages over the past few years. Contrary to what you may think, I encourage you to use cloud service providers but also challenge you to ask the hard questions when selecting those partners. Here are some questions that you should ask yourself and your partners: 

  • If there is an outage of your software or a loss of data, will that have a financial impact on your business?
  • If that vendor is responsible for the technology failure, can you hold them liable for the financial consequences you suffer?
  • If your vendor does accept financial responsibility for a technology failure, do they have the funds to cover that or an insurance policy that will cover the loss?
  • If you can’t transfer the financial responsibility to the vendor, do you have an insurance policy that will cover the failures of a third party?
  • If your vendor goes bankrupt and quits providing service immediately, what will you do?

While managing this may seem like a monumental task, there are two things that will protect your business. First, make sure you have a comprehensive diligence process on your critical vendors and subcontractors. And second, explore a cyber liability insurance policy for your company; it can be used to protect your ability to generate recurring revenue after a technology failure.

Travis S. Holt is a partner at Brush Creek Partners specializing in risk management for technology companies and companies who rely on technology to generate revenue on a daily basis. After learning the insurance business at a large national agency, Travis started Brush Creek Partners to better assist companies by providing innovative insurance solutions and a unique set of risk management services. You can contact Travis at Travis.Holt@BrushKC.com.