Cloud-based offerings are opening up new opportunities for insurance carriers, but the advantages of the cloud bring limitations both in the nature of what can efficiently be delivered and in terms of vendor management, according to Guru Vasudeva, Senior VP and CTO, Nationwide.
Vasudeva, who is responsible for, application development, project management, analysis and information risk management shared services across the enterprise, as well as IT Strategy and architecture, cautions that the value of cloud-based solutions which has implications for contract terms.
"In an outsourcing agreement you typically write up a unique contract and then manage to that contract and the SLAs specified," Vasudeva comments. "However, in the cloud world, for offerings to deliver the value that people talk about, the offerings have to be far more standardized."
Many insurers may be able to take advantage of infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS), but larger companies have to determine whether they might be better off with a private cloud solution, Vasudeva notes. "We have enough scale that we can negotiate the same things that any cloud provider can," Vasudeva says. "We also get the benefit of risk management and compliance through having our own infrastructure, and you can manage your own security better, so the jury is out on how big companies can use these offerings."
However, software-as-a-service (SaaS) presents a clear opportunity for large and small companies, provided the offering is not for a differentiating capability, Vasudeva opines. Examples included truly automated functions such as e-mail. "There is no reason for us to host those kinds of capabilities internally," he says. "Furthemore with SaaS, unlike IaaS, you're getting an end-to-end capability that is constantly evolving through customer feedback." Nationwide has applied this logic very successfully with web metrics and payment processing, according to Vasudeva. However, even with SaaS offerings, insurers need to look very carefully at how contracts are written for cloud-based offerings.
"Typically the liability that cloud-based vendors accept are limited to the amount of fees we pay them," he says.
Vasudeva explains: In a hypothetical situation whereby an insurer uses an e-mail cloud solution and then later suffers a hack that exposes confidential information, the insurer may find that the provider will not take responsibility commensurate with the damage done. They may reimburse fees paid, but the damage done is likely to be far greater.
"In a traditional outsourcing agreement, you have the ability to negotiate the right kinds of terms," Vasudeva explains. "You also have the ability to inspect their facility because they're holding something that's yours." In the case of a cloud-based solution, by its nature, multiple clients will share infrastructure, and vendors sometimes can't even guarantee were a given client's information may be stored, Vasudeva adds.
"I believe the cloud offers great promise, but you have to be alert to the implications that are not necessarily spelled out," Vasudeva warns. "Also, if you negotiate to have a separate environment, you start to kill the value proposition."
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio