Ace buys Chubb: what it means for insurance technology

Today’s blockbuster announcement of Ace buying Chubb will have a lot of industry ramifications—some of which will play out in the IT sphere. No doubt there has already been an IT assessment element in each insurer’s due diligence efforts. Between now and the effective date of the merger, there will be a lot of planning focused on:
  • Efficiencies and platform rationalization–aka “let’s figure out what is the right number of core systems, which core systems will be the survivors, and how data conversion and integration will work”
  • Cloud, SaaS, data management/stores, and analytics
  • Professional service and SI support capabilities that can scale to the new Chubb
  • Which systems will best support a digital roadmap
Some seemingly redundant systems may survive—at least over a 1 to 3 year period. For that to happen, the business (and/or various geographies’ compliance) requirements of the operating units using these system will be too divergent or too difficult to quickly build into a single surviving system. All this reinforces the reigning market message to insurance technology firms. If you want to be around in 10 years:
  • Design highly configurable and agile systems that feature ease of integration
  • Have enough scale to meet the needs of bigger and bigger insurer customers—grow, merge, or wither
 

The security breach of the month/week/day – and why you should consider the Cloud

I don’t want to pick on one particular company, but the breach at Anthem hits pretty close to home — our industry is under attack. Should this surprise you? Absolutely not. What is particularly concerning is that these are companies that are spending enormous sums of money to stop these intrusions.   And are still getting hacked. JPMorgan Chase, Home Depot, Target, Michaels. I list these, not just as a reminder, but because I personally was affected by all four breaches. I’m on my third credit card in just over a year because every breach forces a new one. The JPMorgan Chase and the Anthem breaches are different and more onerous. In the Target breach, and others like it, credit cards were compromised. You can close a credit card account. In the recently disclosed Anthem breach — everything was lost. Name, Address, Social Security number, employer, net worth.   In other words, everything to steal your identity. I can’t close my life and open a new one. Is there a purpose to this rant? There is.   First, the technology exists — and is reasonably affordable — to encrypt this data. Is it a big project? Of course. Do you still want me to be your customer? How is it that in 2015 critical data about me is sitting in a data center and not encrypted?   Second, one of the biggest arguments against using applications in the Cloud is that having data in your own data center is more secure. Really? Seems not. I was recently discussing running a Life insurance system in the cloud with the CIO of a larger insurer. They put forth the ‘safer in my shop argument’, so I asked them a simple question: Is your budget for security larger than Google, Amazon or Microsoft (three of the largest Cloud vendors)?   After much thought, he replied that it was not, and our discussion changed paths. So maybe it is time to rethink the importance of your own data center. Beyond just security, is it your core competency to run a data center? Does it bring new revenue into your company to run a data center? Is it cheaper to run your own data center?   I believe the answer to all three is a resounding No. So when you are out looking for new applications and technology, I suggest it may be time, or beyond time, to think differently. Oh, and start asking your personal bank, credit union, insurance company, etc.: is my data encrypted?

Life in the Cloud – vendor activity is high

Few technologies are talked about as much as cloud computing. Cloud services may top the list of technology buzzwords used in corporate board rooms, by Wall Street analysts, in the trade media and within insurance IT organizations, but it often is talked about as an emerging technology – one that is potentially transformative but still little used. The level of general interest in cloud computing is understandable. It promises tremendous flexibility, tempting economic advantages, and unending operational efficiencies. To that end, insurance carriers are dependent on the cloud offerings available. Only if vendors are offering products on the cloud can carriers take advantage of them. So where are the vendors? Do all vendors have cloud applications? What options are available for insurance carriers and are they aligned with carriers on the importance of cloud apps? What challenges do vendors face, and what are their plans for the future? I surveyed 41 vendors to provide answers to these questions as well as to understand pricing models, platform investments, and their expectations of where the market is going. Cloud has grown from an emerging trend to the way of doing business for most vendors in a remarkably short time. While vendors may believe they are leading the competition by offering a cloud solution, the reality is that cloud options are now the norm. Vendors have moved swiftly to create cloud offerings and those that don’t have some type of offering are rare. Although these offerings are common, that doesn’t change the very real and significant concerns that carriers have, particularly around privacy issues and performance. Yet carriers interest in cloud computing continues to gain traction as a way of managing costs, improving efficiencies, and offering opportunities to transform the business. Despite the high interest, vendors who wish to be successful in selling cloud options to carriers will have to address concerns in three key areas: privacy and data integrity, reliability and performance, and may want to provide tools to help carriers learn to manage and govern their cloud offerings. This rapid evolution is not without its challenges for vendors. Customer-facing challenges are of high concern for vendors include issues such as managing the release cycle across multiple clients balancing front end, customer facing features reliability and performance enhancing features, and the impact of a changing target market customer base. Vendors are also concerned about identifying the right pricing model. Managing the shifting business model from license and professional service fees to subscriptions is formidable for many vendors. In addition, cloud creates notable organizational challenges, especially competing for scarce engineering resources. Cloud is expected to generate significant levels of revenue, and vendors that have not put their cloud plans together may want to begin to build a roadmap for the future. Check out the report – Life in the Cloud: Vendor Plans and Priorities

Risk, reward and cyber-scurity

For most people the amount of time, skill and effort required to get access to our family photos far outweighs the possible value someone would find there in. Thus, security measures based on making it really quite difficult to get to the data while at the same time not too hard to use have become increasingly popular. I would file username and password security in here. Occasionally, the digital assets on the other side are valuable to the right group. Banks use 2 factor authentication and a variety of non-digital schemes to ensure security. Even World of Warcraft where rare digital swords and armour carry their own value offer broader measures of security to protect accounts. The recent leak of a number of celebrities private photos shows that there are other assets worth the time and effort required to break this level of security. The risk associated with the data insurers hold has to date been quite minimal. There are health, specialty lines and large commercial lines where this isn’t the case, but for most people the data held by insurers and available through portals is largely innocuous and available through other means. As insurers start to tap into wider data sources and the Internet of Things it is imperative that the industry considers how it protects it’s customers. A simple example from products available today: some insurers likely hold the real-time location of the car driven by celebrities and millionaires children, thanks to the increasing popularity of telematics based car insurance. This brings with it increased security, the opportunity to recover the car if stolen and the opportunity to bring much needed assistance swiftly if the car and driver suffer an  accident. In the wrong hands this data is sadly highly valuable and thus worth the time, effort and risk to assault and try to recover. Whilst the details around the leak are still emerging it is clear that it is incumbent on the providers of these services to offer sufficient security in the first place and to educate it’s users on appropriate use. To insurers looking at cloud and portals, I say consider the edge cases – the celebrities using your security for instance, those for whom there are organised groups who would be rewarded for getting the data. Take into account the type of data available through various security schemes and portals, some information is naturally less sensitive. No one will read a story about a film star’s driving score and premium due next month, but where they drove and when – well maybe that’s a headline you don’t want your name associated with.

Celent Predictions for 2014

It’s clear that my colleagues and I see 2014 as something of a tipping point, a water shed for established and new technologies  to take hold in the insurance industry. I’ll try to summarise them succinctly here. Expect to see reports on these topics in the near future. Celent’s 2014 prediction focus on:
  • The increasing importance and evolution of digital
  • The rise of the robots, the sensor swarm and the Internet of Things
  • An eye to the basics
The first topic area is labelled digital but encompasses novel use of technology, user interfaces, evolving interaction, social interaction (enabled by technology) and ye olde customer centricity. Celent predicts vendors would market core systems as customer centric again, but this time meaning digital customer centricity. Celent expects to see core system user interfaces to acquire more social features along with a deeper investment in user interfaces leveraging voice, gesture, expression and eye movements. A specific digital UI example was the wide spread adjustment of auto damage claims (almost) entirely done through photos. In addition, gamification use for both policyholders and brokers will be adopted or increase in use for those early adopters. Celent further predicts greater investment in digital and that comprehensive digitisation projects would start to drive most of the attention and budgets of IT. The second topic I’ve called Robots and Sensors, while digital there is a significant amount of attention and specificity. The merger or evolution of the Internet with the Internet of Things accelerates with devices contributing ever more data. Celent predicts this rise of the Internet of Things or the sensor swarm, will push usage based insurance policies to other lines of business, not just telematics based auto policies that UBI is currently synonymous with. Celent further predicts that the quantified self movement and humans with sensors will in 2014 yield the first potentially disruptive business model for health insurance using this data. As an aside the increasing use of automation, robotics and AI will see broader adoption in the insurance industry. For those reading my tweets, Celent predicts 2014 will see drones used for commercial purposes. I hope we won’t have the need, but wonder if we’ll see drones rather helicopters capturing information about crisis stricken regions in 2014. The final topic I’ve called the basics. Celent predicts insurers will continue to focus heavily on improving performance of the core business – a good counterbalance to the hype around digital and a good pointer to where to focus digitisation efforts. At Celent we have noted a pragmatic interest in the cloud from insurers and we predict increasing complexity in hybrid cloud models, to the benefit of the industry. A little tongue in cheek but finally, Celent suggests that industry will finally find a business case for insurers adopting big data outside of UBI. Avid readers of the blog will be happy to see we haven’t predicted an apocalypse for 2014.   A special thanks to Jamie Macgregor, Juan Mazzini, Donald Light and Jamie Bisker for their contributions.  

Agoraphobia and Insurance Cloud Models: Don't Be Afraid to Play Outside

The insurance industry is currently engaged in an important discussion about the potential opportunities and risks presented by modern cloud architecture. Insurers have a continuing need to reduce operational costs, increase flexibility and most importantly become better at communicating and integrating with partners and customers. Cloud computing models have the potential to help in all these dimensions and can potentially have enough impact to fuel disruptive business models. Unfortunately, there is a recent trend toward labeling private clouds as less risky than public clouds and hybrid clouds as a reasonable compromise. This is an example of cloudy thinking (sorry!) designed to maintain the current architecture and business status quo and does a disservice to innovative technology and business models. Celent believes that over the next 5+ years, insurers will naturally move to an “outside in” architectural model that that aligns well with a hybrid cloud model and, for some classes of carrier, a public only model. Private clouds adopt the services-based model which enables service reuse and enterprise process and data consistency, but only draws upon internal services. This is an incremental improvement for insurers, more efficiently organizing resources for extended private networks that often pre-date the public internet. The biggest value driver for private clouds is the ability to consolidate resources and systems across business units and geographies, which is great if you have consolidated those systems. Among insurers, HCM and financial systems fit this model well, core systems not so much. Insurers assumptions that these private networks are safer is predicated on the idea that insurers are better at network security, infrastructure management and disaster recovery than the public cloud infrastructure providers, which is unlikely. There are appropriate uses of private clouds, especially in interim IT architectures, but beware of private clouds as a key element of your longer term IT strategy. Public clouds are generally used as Software as a Service providers of a specific application or suite of applications that are somewhat configurable and maintain data security and privacy for each customer in a multi-tenant model accessible over the Internet, possibly through VPN. Like more traditional ITO outsourcing, the customer needs to do due diligence on the vendors technology choices and roadmap, infrastructure investments and security models to ensure long term vendor viability. Public cloud based SaaS applications are very useful for very specific applications that require minimal configuration, widespread access and limited integration into larger workflows. Generally, public cloud applications do not integrate well into other applications without extensive API work and work arounds. In many cases, public cloud applications were introduced to the enterprise by business units to bypass IT budget issues and work queues and are not part of the Enterprise Architecture. Note that for small companies or startups, public cloud based SaaS providers can make sense as virtual IT, IF the carrier can get past the idea that most of their business processes and concomitant IT systems are not significant business differentiators. Hybrid cloud models that are designed to integrate ‘best choice’ public services and carefully chosen internal services using a robust business process management orchestration tool to manage across an extended bus architecture are the best choice for insurers seeking innovation, cost control and risk reduction. Insurers currently use a wide variety of external services, for rating, underwriting, service fulfillment, social media, mobility and analytics. A properly implemented hybrid model that is agnostic as to where services are fulfilled, can enable insurers to reduce costs, focus on core competencies, extend distribution networks to non-traditional channels and explore new business models.

Mind the Gap. Are Insurers and Vendors in Latin America on the same page about SaaS and Cloud Computing Usage and Adoption?

Almost with the end of the year around the corner we are yet immersed in some very important reports for all of us which, by the way, will be produced integrally with Latin American focus for the first time. The CIO Report and the Policy Administration System ABCD Vendor View Report are on their way.

From our past and recent discussions with Insurers and Vendors about different topics around technology, architecture, trends, features and functionality something has been driving my attention: It seems to be a gap in the perception about usage and adoption of SaaS models and Cloud Computing in Insurance, at least in Latin America. While the detailed reasons and how large is the gap between Insurers and Vendors will be part of a report next year, initial findings point in the direction that Vendors perceive more benefits from adopting these models while Insurer’s CIOs do not feel the pressure and do not have it as a priority.

A SaaS approach, applied to a Policy Administration System for example, appears as a perfect fit to the business model of many Vendors. SaaS enables Vendors to target small and medium Insurers as they can consistently manage a single scalable version of the solution and offer support very cost effectively with prices that fit smaller Insurers wallets.

On the other side, CIOs seem to feel more comfortable with on-site, self-controlled environments. Hardware and communications prices are more accessible to them providing more processing power and bandwidth for their dollars that a few years ago. In some countries even regulation presents a challenge to these type of offering as regulators still question where the system and the data needs to reside.

Something to consider is that Insurers in this region have yet not been exposed to much SaaS and Cloud offering so the perceived associated benefits and the price difference between traditional on-site and the new alternatives is still a discussion to mature.

Another aspect that might help to build the bridge and cross the gap is that core system replacement is starting to show increased trends and it will expose Latin American Insurers to new architected solutions with technology and functionality much more flexible and robust but at the same time more complex to administrate. Specially smaller Insurers will need to consider how to remain competitive, improve processes and deliver better quality products and services through diverse and new distribution channels at a cost they can bare.

Interesting times to come as we unveil what to expect in the region. In the meanwhile if you are interested in participating in the Latin America CIO Report or the Policy Administration System Report please let me know. Also feel free to reach me at jmazzini@celent.com with your comments and thoughts around SaaS and Cloud Computing usage and adoption.

Happy Holidays!

SaaS Activity in 2010 Insurance Software Deals

Every year, Celent conducts a survey of software providers which details the activity in the insurance automation market (http://www.celent.com/reports/north-american-insurance-software-deal-trends-2011-lifehealthannuity-edition and http://www.celent.com/reports/north-american-insurance-software-deal-trends-2011-propertycasualty-edition). The latest snapshot showed a 14% growth in SaaS across all categories. This increase was expected based on conversations we had last year with both insurers and vendors. It was good to get some numbers that defined the level of activity in this area. What was surprising was that billing was one of the leaders in the move to SaaS in terms of percentage of deals. Thirty percent of the reported insurance billing systems sold in 2010 were delivered through some type of hosted solution. This demonstrates both the desire of companies to upgrade their billing service and reduce the cost involved in delivering these new capabilities. Look for increased activity in this area in 2011.

EC2 Troubles Must Be Taken in Context

Proponents of cloud computing aren’t going to like the fact that Amazon had issues that resulted in outages among its EC2 customers’ sites. The know-it-alls out there are probably already saying, “If Amazon has issues like this, imagine what would happen if you placed your bet on a less-experienced cloud vendor!” The gravitational shift toward the cloud for both core and non-core systems has surely slowed down.

But the fact is that most insurers have their own outages when they host applications internally, in some cases with more frequency and severity than we’re seeing here with Amazon. It’s interesting to note how some of the customers who are known to be affected have reacted. “We wouldn’t be where we are without EC2,” said one. So despite the horror of having their public-facing site go flighty for a day (or two–we’re hearing the problems are not completely resolved), there’s apparently a reserve of goodwill that has built up over many months of near-flawless operation.

Instead of putting the industry on red alert, Celent believes this event should focus the discussion on the relative reliability of various approaches, and the tradeoffs between them. Should you know your vendor’s architecture and reality-check their DR and failover strategies? Absolutely. You should also run the business case for change, especially if gaining scale quickly, moving nimbly into new markets, or handling seasonal spikes in activity are issues for which you have few answers. Outages caused by a vendor are never a good thing, but they are probably not your biggest, baddest problems either.

SOA Removes the Fog from Cloud

A lot has been made about Cloud computing recently; even to the point of asking if it is more fog than cloud. The focus of these discussions is strictly on the technology which is where they miss the point. It is reminiscent of the early SOA discussions.

Celent defines Cloud computing as the use of computing resources, typically a server or part of a server, over the Internet. The implications of this are: companies can leverage a vendor’s server offerings to build or expand their server capabilities; focus is on hardware, not software; and carriers need to package up an image of their software to install it quickly.

While technically speaking, Cloud solutions do leverage the Internet and virtualization, neither of which is new. However, if using these technologies is so easy, why do companies, especially insurance companies struggle with gaining the benefits of Cloud themselves? I believe the answer is identical to why many insurance companies were not as successful with SOA, lack of strong governance and understanding of the full picture.

Many companies when trying to implement SOA solutions, focused strictly on WS-* standards and SOAP, although inconsistently across the enterprise. Companies that have been successful in their SOA journey have realized that SOA is more than technology and standards; it also includes architecture, organization, governance, strategy and process maturity.

Insurers that believe Cloud, and more importantly, SaaS is nothing more than invocating functions over the Internet and using virtualization for cost effective infrastructure implementations will miss the benefits of Cloud and continue to struggle with application and infrastructure upgrades and cost savings. Similar to SOA, insurers must look at their architecture, organization, governance, strategy and process maturity to decide if a private cloud is more effective than a public cloud solution. The advantage that most Cloud vendors provide is that they will do this for you if you cannot or do not.

Cloud, technically speaking, may simply leverage the Internet and virtualization, old technologies, but do not be fooled into thinking that is all it is.