Agoraphobia and Insurance Cloud Models: Don’t Be Afraid to Play Outside

Oct 3rd, 2012 | Posted by
Bookmark and Share

The insurance industry is currently engaged in an important discussion about the potential opportunities and risks presented by modern cloud architecture. Insurers have a continuing need to reduce operational costs, increase flexibility and most importantly become better at communicating and integrating with partners and customers. Cloud computing models have the potential to help in all these dimensions and can potentially have enough impact to fuel disruptive business models. Unfortunately, there is a recent trend toward labeling private clouds as less risky than public clouds and hybrid clouds as a reasonable compromise. This is an example of cloudy thinking (sorry!) designed to maintain the current architecture and business status quo and does a disservice to innovative technology and business models. Celent believes that over the next 5+ years, insurers will naturally move to an “outside in” architectural model that that aligns well with a hybrid cloud model and, for some classes of carrier, a public only model.

Private clouds adopt the services-based model which enables service reuse and enterprise process and data consistency, but only draws upon internal services. This is an incremental improvement for insurers, more efficiently organizing resources for extended private networks that often pre-date the public internet. The biggest value driver for private clouds is the ability to consolidate resources and systems across business units and geographies, which is great if you have consolidated those systems. Among insurers, HCM and financial systems fit this model well, core systems not so much. Insurers assumptions that these private networks are safer is predicated on the idea that insurers are better at network security, infrastructure management and disaster recovery than the public cloud infrastructure providers, which is unlikely. There are appropriate uses of private clouds, especially in interim IT architectures, but beware of private clouds as a key element of your longer term IT strategy.

Public clouds are generally used as Software as a Service providers of a specific application or suite of applications that are somewhat configurable and maintain data security and privacy for each customer in a multi-tenant model accessible over the Internet, possibly through VPN. Like more traditional ITO outsourcing, the customer needs to do due diligence on the vendors technology choices and roadmap, infrastructure investments and security models to ensure long term vendor viability.

Public cloud based SaaS applications are very useful for very specific applications that require minimal configuration, widespread access and limited integration into larger workflows. Generally, public cloud applications do not integrate well into other applications without extensive API work and work arounds. In many cases, public cloud applications were introduced to the enterprise by business units to bypass IT budget issues and work queues and are not part of the Enterprise Architecture. Note that for small companies or startups, public cloud based SaaS providers can make sense as virtual IT, IF the carrier can get past the idea that most of their business processes and concomitant IT systems are not significant business differentiators.

Hybrid cloud models that are designed to integrate ‘best choice’ public services and carefully chosen internal services using a robust business process management orchestration tool to manage across an extended bus architecture are the best choice for insurers seeking innovation, cost control and risk reduction. Insurers currently use a wide variety of external services, for rating, underwriting, service fulfillment, social media, mobility and analytics. A properly implemented hybrid model that is agnostic as to where services are fulfilled, can enable insurers to reduce costs, focus on core competencies, extend distribution networks to non-traditional channels and explore new business models.

  1. James
    Oct 23rd, 2012 at 03:46
    Reply | Quote | #1

    Important to note that different public cloud offerings offer different security characteristics and that carriers would be well-served in understanding the nuances. This information can be gathered from public sources such as OWASP and the Cloud Security Alliance