Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:35 PM
Connect Directly

4 Critical Questions About the Cloud

Four questions insurance executives should be asking about the value and security of the cloud computing model.

Despite the ever-increasing buzz about cloud computing and its purported operational and economic benefits, insurance executives still have many legitimate questions about the value and security of the cloud computing model. Insurance & Technology has identified four of the most pressing questions -- and provides some answers to help CIOs make up their minds.

1. Where should I start?

One would be forgiven for not wanting to hear anything more about the term "cloud computing." Like many buzzy terms, its ubiquitous presence in technology circles can lead to some fatigue. But for insurers, now is the time to begin paying real attention to the cloud, as carriers are finding more ways to incorporate the platform into their IT organizations.

"It's important to get the topic out there for other CIOs," says Judy Haddad, CIO and CTO for Fort Lauderdale, Fla.-based Patriot National Insurance Group (about $200 million in premium). "From my perspective, I like to see what other people are doing. That leads me to say, 'What else can we do?'"

Haddad says she learned a lot about what's possible in the cloud from a roundtable discussion she had with other CIOs at the recent ACORD LOMA Insurance Systems Forum. She notes that she had been thinking about leveraging the cloud only for disaster recovery but found that many of her peers also were running utility apps such as email in the cloud.

Many of the unique leading-edge applications of the cloud are coming from newer companies. Because of their lack of large, complex legacy systems, smaller and newer insurance companies have an advantage in adopting cloud technologies. One of these smaller carriers is White Plains, N.Y.-based PURE (Privilege Underwriters Reciprocal Exchange; $83.3 million in 2010 gross written premium). The company, which writes coverage for high-value homes, autos and more, launched in 2006 with, among other things, a call center operated in the cloud.

"Instead of having intricate switching and routing systems, along with people to support them managing the flow of calls, we outsource [that] management and maintenance to a partner," says PURE CIO Stuart Tainsky, who declines to identify the cloud provider. "We still appreciate the flexibility that the outsourced solution gives us, particularly as this growth has meant the addition of employees at a relatively quick rate."

Tainsky credits this cloud-first approach with helping the company grow over its five years of existence. Still, Tainsky notes, the company's core systems are not cloud-based (they are, however, hosted off-site on virtualized servers). "It does take patience to find the right solution that meets your business needs," he says. "We have yet to see a secure cloud offering for our [policy and claims] applications that would provide the flexibility we need. If they arose, we would certainly consider it."

2. Does cloud computing really save money?

Since its emergence, cloud computing has been touted as a cost-saving endeavor. But it's a nuanced point: Just because money that had been spent on building, powering and maintaining data centers is being saved doesn't mean it's being taken out of the IT organization completely.

"It's optimizing the money that you're spending," says Mark Gorman, the principal of insurance IT consultancy Mark B. Gorman & Associates (Minneapolis). "Cloud allows companies to move intellectual property from non-high-value-add functions to high-value-add functions."

That's the situation PURE found itself in when preparing its cloud-based call center, the carrier's Tainsky explains. It has allowed the company to focus on other competitive differentiators instead of what Tainsky says can be "the most difficult piece of IT."

"I've been in organizations where we've built and managed robust messaging and communications infrastructures to support thousands of people," he says. "Frankly, there's no strategic value in it. All companies, regardless of industry, need those infrastructures in order to communicate. We see the opportunity to outsource those functions as a way to stay closer to driving the business forward."

Still, it's not advisable to move to a cloud platform simply to save money, according to Rachel Dines, a Forrester (Cambridge, Mass.) research analyst who studies data center issues. She points to the recent outage of Amazon's EC2 cloud data center, which knocked out websites across industries, as an example of why insurance companies should be selective with their cloud services provider choices. "I'm hoping what comes out of this debacle with Amazon is that people understand the cost of resiliency and redundancy," Dines says. "Amazon was up-front about what they were offering. You get what you pay for in this industry."

3. What am I giving up?

In a business where data security is paramount, it's easy to understand why insurance CIOs are reluctant to turn some of it over to someone else. "We have some historic examples in the insurance industry of outside organizations controlling data where what they did with that data wasn't accepted in the industry and caused some concern," says analyst Gorman.

But when insurers are ready to move to the cloud, they develop new data governance and management protocols around the new platform, says Ryan Savage, CTO for Falls Church, Va.-based CSC's life insurance and annuity division. "It's like the outsourcing model," he says. "Insurance companies realized that when they took things out of the house they had to have better control."

Paul Ayoub, CIO of Hastings, Mich.-based Hastings Mutual ($647 million in assets), is exploring cloud for some systems. He suggests working with your potential cloud vendor and/or provider to establish transparency about what's expected before entering into a relationship. "A company that hosts applications that contain sensitive information needs to allow the purchaser of these services to be able to, at a minimum, audit the application for security of sensitive information," he says. "They should be willing to allow vulnerability scanning or penetration testing or at least provide evidence of their own testing results."

And as far as vendors are concerned, they expect their potential clients to have questions, the experts agree. As the cloud sector grows and the vendor community becomes more sophisticated in its offerings, they are finding ways to meet security needs.

"People ask, 'Is my data going to be shared with everyone else? Is it less secure?' We spend an awful lot of time on the front end discussing those issues," says Lenny Chesal, chief marketing officer and VP of strategic sales for Boca Raton, Fla.-based, which works with Patriot National Insurance on co-location and is the vendor with which CIO Haddad is discussing cloud initiatives. "Certain data might require additional levels of disaster recovery, backup or redundancy, and we can do that."

4. Is resistance futile?

It's often said that insurance companies lag behind other business sectors in adopting new technologies. But as disruptive technology platforms -- including the Internet, mobility and social media -- emerge and become dominant, insurers increasingly appear to be willing to become early adopters.

"You have to start playing in these areas so you know how it impacts your business model," says CSC's Savage. "You have to start changing the culture; you have to have the right people. All of this is an onion-peeling experience."

There are some differences between the cloud and those other famous "hot" technologies. But these differences have less to do with technology than with business implications, suggests Gorman & Associates' Gorman. There aren't many issues in terms of how migrating to a cloud infrastructure will be noticeable to the average consumer -- that is, it's really a conversation about sourcing, Gorman says, as opposed to a way to interact.

"We're dealing with a paradigm shift in insurance from operational efficiency and transactional proficiency to more of a fact-based decisioning and information-driven organization. And in that transition, cloud offers us a new sourcing opportunity to address that change," he says.

"It's an issue, from my perspective, not of an either/or -- it's, how are you going to use the cloud?" Gorman continues. "Are you going to move more quickly into discretionary items, or is it going to be moving non-discretionary items on that [cloud] platform so you can work on your discretionary items in-house?"

Forrester's Dines offers similar advice. "We talk about strategic rightsourcing at Forrester -- look at your portfolio and figure out what you need to keep in-house," she says.

"Right now we're following the same path we did with virtualization," Dines elaborates. "It's the same story across sectors. Some companies didn't virtualize their core apps immediately, and still you see people who may never virtualize their core systems."

Nathan Golia is senior editor of Insurance & Technology. He joined the publication in 2010 as associate editor and covers all aspects of the nexus between insurance and information technology, including mobility, distribution, core systems, customer interaction, and risk ... View Full Bio

Register for Insurance & Technology Newsletters