When we hear the term ‘security,’ we immediately think about keeping systems safe. But security is actually an imperative. Customers hand over deeply personal information, from medical history to financial data and everything in between. If that data isn’t protected, trust fades fast. Especially in the insurance industry, where security issues can have serious consequences — damage to a customer’s ability to get coverage. Hits on their financial health. Vulnerability to fraud.
No company wants that on its record.
So, naturally, if you’re an on-premises Guidewire customer and hearing all the great benefits about moving to the cloud, you’re going to have some questions around security. In our latest Guidewire Conversation, we cover three ways security works differently — and smarter — in the cloud.
1. Security That Doesn’t Depend on Bandwidth
Guidewire Cloud was designed with security as a top priority from day one. This means its strong, built-in protections are more consistent and easier to scale than what most companies can achieve on their own.
With on-prem systems, each company is in charge of setting up and managing its own security from end to end. That includes installing updates, configuring firewalls, monitoring for threats, you name it — all using internal resources. This is complicated by the fact that each service or application brings its own unique security requirements. It’s a heavy lift, and for many businesses, it stretches teams thin, ironically leaving room for more risk.
On the other hand, Guidewire Cloud handles security at a high scale. We can roll out protections — like advanced monitoring, incident detection, and response mechanisms — across all customers, all at once. Something that would be too expensive and difficult for most companies to do on their own. Plus, it’s the kind of consistency that customers can count on.
2. Built-in Trust and Transparency
Trust is at the center of every security conversation, and it starts with visibility. When sensitive data or mission-critical services are involved, customers, partners, and regulators need proof that your systems are protected. Otherwise, trust can sink fast.
On-premises companies have to provide their own reports, do their own testing, and pay for any certifications themselves. The problem is certifications and tests take time and money. Many companies skip them, or do the bare minimum, leaving potential vulnerabilities undetected and confidence shaky.
With Guidewire Cloud, however, we handle the proof for you. That means regular third-party security assessments and industry certifications (like ISO, SOC, and PCI) are already in place for the platform and out-of-the-box software. These certifications give customers a reliable way to compare Guidewire’s security approach to other providers — and to confirm that it meets their own standards.
We also perform third-party penetration testing on the platform and out-of-the-box software to find and fix vulnerabilities and the latest threats. And, after each release, we provide all customers with a summary, so they have full visibility into their cloud implementation. That level of openness helps us build (and keep) the trust our customers rely on.
3. Less To Manage, More Control Where It Matters
If a customer is using an on-premises setup, their company is fully responsible for securing everything — from the servers, networks, and infrastructure to applications, data, and user access.
Guidewire Cloud, however, takes a shared responsibility approach. That means:
- Guidewire handles the security of the core platform and out-of-the-box software — the servers, network, and cloud infrastructure that everything runs on
- Customers are responsible for securing their own custom apps, data, and user identities
This model makes cloud security easier and more scalable — and still gives customers control. They get the benefit of Guidewire’s built-in protections, while they manage the parts unique to their business. So their teams can focus on what matters most.
Plus, if a customer wants extra reassurance, they can run their own tests (like penetration testing) to make sure their customizations aren’t opening the door for any new risks. And since customers own the application layer, they’ll also need a response plan for anything that goes wrong there.
Security Is Still an Imperative. Just a Smarter One.
Security in the cloud looks different — and that’s a good thing. With Guidewire Cloud, customers get scalable, built-in protections and a clear division of responsibility that makes it easier to stay secure. The result? Greater confidence, stronger defenses, and a partner you can trust to keep your setup ready for what’s next.
Check out the full conversation here.
This blog is inspired by a conversation between Brian Desmond, CMO of Guidewire, and James Dolph, Chief Security Officer at Guidewire. Listen to additional Guidewire Conversations here.