But is cloud computing the best path for the insurance industry? For insurers, the allure of cloud computing is compelling, but it may take time before it catches on as a pervasive computing strategy, especially for mission-critical systems.
The insurance industry, as it often does, its definitely taking a hard look at cloud, and evaluating how it is going to impact the business before moving aggressively," Jeff Goldberg, analyst with Boston-based Celent. "There's a lot of hype right now from the media and the vendors, but that doesn't always translate into the actual business value."
Some insurers are migrating applications and functions to the cloud, and the successful efforts reflect a thorough analysis of the needs of the business and the limitations of cloud. Pawtucket, R.I.-based Narragansett Bay Insurance Co. is moving operations to both internally and externally supported cloud-based systems as a way to consolidate and streamline its sprawling server infrastructure. "We have a virtual cloud run by our organization," says Michael Anselmo, CIO of Narragansett Bay. "As our business grows, we're going to expand the capacity of our cloud. And even though we have the cloud, it's all managed by our people-we're just borrowing the services and getting the cost benefit of that hardware and software while paying it over time."
At Columbus, Ohio-based Grange Insurance, the project management team turned to a cloud-based application offering to avoid adding more burdens to the company's busy IT department, as well as provide more flexibility for end users. Sarma Tekumalla, assistant VP for the project management office at Grange, has been employing a cloud-based project management solution to coordinate various projects moving through the company. Tekumalla was concerned about taxing the stretched resources of his company's IT department with yet another application to support and maintain. "Our IT department was stressed," he explains. "They had too many projects across the organization. We didn't want to add more software for them to maintain."
The online project management software, from Seattle-based Daptiv Inc., provides configuration and reporting features that can be managed by the company's 40 end users. "We were looking for highly configurable software for someone from outside IT to configure and maintain," Tekumalla says. IT was engaged at the outset of the cloud application selection "just to keep them informed," as well as vet security requirements, he explains. While other departments in the company were initially hesitant to bring in cloud-based applications, the project management office's success with its cloud is spurring other departments to look to cloud providers for solutions. "We're now ramping up other cloud applications outside of Daptiv," Tekumalla says.
WHAT ABOUT SECURITY?
While cloud is in fact delivering benefits to carriers' operations, the enthusiasm is tempered by concerns about online security, an issue that is particularly sensitive among insurance companies. "Security is the biggest concern," Goldberg says. "Many insurers are worried that if their information is kept in the cloud, it may not be as well taken care of as it would in their own internal data centers."
More than anything, the risks depend on the type of cloud computing arrangements made, and these can vary, says David Black, chief information security officer for Marietta, Ga.-based Aon eSolutions. "There are differences in the risks and exposures between different cloud types; we see different adoption based on risk appetite. For example, we see insurance companies beginning to utilize public cloud computing solutions for non-core business needs that do not include the use of personal identifiable information such as social security numbers or health care information. An example of this is using a CRM like Salesforce.com."
Another form of cloud computing is private clouds, where the cloud is either deployed within the insurer's own data center, or in a "cage" by a highly trusted partner that minimize the risks. "We see insurance companies using private cloud computing solutions for core business needs that may include personally identifiable information," Black adds.
Such is the case at Narragansett Bay, in which all cloud-based operations, even when turned over to an outside vendor, are administered as a private cloud. "We're taking the lessons learned from the data centers and their providers that would host our cloud," Anselmo says. "It's our own secure network, and no one else has access to our data. It's run in the cloud, but as an internal cloud. We contract for a specific amount of cores, memory and storage. And that's guaranteed to us. It's dedicated to our world."
Anselmo points out that his company's relationship with cloud providers goes far beyond a typical cloud agreement, in which space is rented as needed from a third-party service. "We have more of a dedicated cloud," he says. "It meets our physical criteria, it's exactly the same hardware that we run in our offices in Rhode Island. I would have a concern if they were on different model servers, or different storage devices. It's running on our equipment in a virtualized environment. We're much deeper with them-we've dealt with the actual engineers and we've seen the site. We even have a card key access to our cage that's running in the cloud."
Black agrees with the need to forge a deep relationship with cloud providers to better ensure security and availability. "The more you can understand the better," he says. "Understand the specifics of the service levels. Understand where the data is going to be located. In a private cloud, for example, your data is going to be in a specific data center. Also, understand the ramifications if there's a data breach. Also, is your contract going to be with a single provider that provides all the services, or is the provider outsourcing other pieces of that? If they are, understand what those pieces are, and what your protections are because it's more difficult to ensure that you're fully covered and protected when you're arms-length away and don't have direct contact to the cloud provider providing the infrastructure and the platform."
Be the first to comment on this post using the section below.