Private Cloud: A Secure Alternative to Public Clouds?
For close to a decade, the “cloud” has been a hot topic among insurers — that is, the use of a remote server network, hosted on the Internet, to store, manage and process data. Carriers have long been tempted by the opportunity to decrease their data center footprint, to save money and to boost flexibility, scalability, portability and mobility. And multiple sales channels and processing operations have created heavy IT demands, for which cloud computing offers a natural support.
However, while the cloud computing market continues to grow quickly — according to Gartner, by 2016 cloud computing will become the bulk of new IT spend — the insurance industry has hardly rushed over the past few years to join the crowd in the cloud. Concerns about security risks, arising from shared technology vulnerabilities, account hijacks or data breaches, have remained top-of-mind and slowed adoption of public cloud computing options, which use storage capacity and processor power that is not owned by the business itself, but by the primary vendor or by a cloud infrastructure vendor. No insurance company wants important personal data on thousands of clients compromised outside the company’s firewall.
“Carriers are wary of cloud in general because they are risk-averse,” says Jamie Bisker, senior analyst with the Aite Group. “It’s in the industry’s nature to manage risk.”
When it comes to ancillary applications, some insurers have been willing to make the move to public cloud. According to Novarica’s September 2014 “US Insurer IT Budgets and Projects 2015” report, more than half of insurers have been willing to sign on for software-as-a-service (SaaS) cloud solutions in applications like financials, HR and CRM. But for core systems applications, this number is much smaller.
“The insurance industry has often been slower to adopt public cloud than many other industries because of regulations of how data needs to be managed,” says Jeffrey Goldberg, vice president of research and consulting at Novarica. “Some of those are legitimate concerns about data security and some of it is also fear-based — they would like to get the advantages of public cloud but want to maintain control.”
Addressing Security Concerns
Private cloud models — which are either implemented on-premises behind a corporate firewall, or off-premises but within the client’s firewall and dedicated solely to the client — have begun to address insurers’ security concerns. This sector is growing fast: Research firm Technology Business Research forecasts 35% growth in the private cloud sector in 2015. Private cloud is meant to create a more secure option that still offers the flexible, nimble, customer-centric business model that helps drive performance and growth.
“We look at private clouds when we need a higher level of service and security from our cloud partner,” says Tim Lash, director of business analytics at Brightway Insurance, which began franchising operations in 2008 and operates more than 110 franchise locations in 10 states. “We run private cloud for our agents’ telephony and agency management system — those two things form the core of the technological structure that underpins our business,” he says. “To be able to communicate effectively with franchise partners and customers is paramount.”
Private clouds do have challenges, especially if on-premises IT is responsible for managing it, which requires the same staffing, management, maintenance and capital expenses as a traditional data center. However, a common misconception is that private clouds always run on client premises, in the client’s own data center. In reality, there are many providers that deploy, host and manage private cloud infrastructure and solutions. A business might also choose a mix of private and public cloud services, called “hybrid” cloud deployment. In fact, Gartner predicts that the majority of private cloud deployments will eventually become hybrid clouds, meaning they will leverage public cloud resources.
Other challenges to private cloud adoption include migration problems related to planning and mapping the transition of protocols, policies and procedures, as well as rebuilding how different legacy systems integrate with each other. In addition, the concept of “chargeback” comes into play: With the cloud, there is no fixed capacity as with an on-premises server or data center, but this scalability can add up cost-wise. So experts recommend that billing be based on actual resource usage.
Even with the hurdles that have to be overcome, in general private clouds are often an “ideal and common first step” for firms embarking on their cloud journey, says Philip Guido, general manager of IBM Global Technology Services, North America, which offers private cloud solutions to clients including The Hartford, which signed a six-year technology services agreement last year to implement a new service model that includes a private cloud infrastructure.
“Our insurance clients are asking what makes sense to move to the cloud, and what doesn’t,” he says. “They want to be sure they’re starting with applications that make sense for their business, while maintaining the integrity of their data and existing IT investments.”
Novarica’s Goldberg points out that the cloud in general is especially good for any instance where you need short-term capacity or some kind of capacity boost. Another popular use case specific to the private cloud is development and testing instances. “Often when I talk to insurers, one of the earliest things they’re looking to do on private cloud is optimize development ops to servers.” he says.
Delicate Decision-Making Balance
Typically, insurers are running applications that are legacy or heavily customized on their private cloud, says IBM’s Guido. “Applications are often customer-data-intensive, such as policy administration, claims and counter fraud.” However, he emphasizes that it is the data linkage of these systems of record to the firm’s systems of engagement — driven by mobile and social applications — that is driving the need for a secure private cloud.
For many insurers, though, decision-making about the cloud, or what type of cloud, is a delicate balance of a variety of concerns. “The key decision points that drive a carrier to go one way or the other are cost, skill set, speed to market and compliance/security concerns,” says Jonathan Victor, COO of Oceanwide, an insurance technology vendor working with several clients on private clouds.
But some companies insist that it isn’t necessary whether a cloud is public or private that is the issue, but whether the vendor partner delivers the right service and the right solution for the need at hand. “We consume some public cloud service and some private,” says Brightway’s Lash. “We don’t really look at cloud providers from a public/private perspective — it’s about solving business problems and filling gaps that we have. For example, in order to provide the highest level of service to our customers, we must be able to share documents in real time with our agency owners, or franchisees. We found a cloud partner who could provide that service, acting as this bridge.”
Cloud Acceptance Accelerates
Until recently, while the cloud represented an IT opportunity to become more flexible, agile and efficient, it wasn’t essential for insurers to jump on the bandwagon, says Aite’s Bisker. “But now, the mechanisms have stabilized and it’s not a new thing anymore and it works,” he explains. “So companies are more comfortable with it.”
Oceanwide’s Victor also sees the acceptance rate continuing to accelerate over the next 18 months. “I see it in our prospect calls and client meetings today,” he says. “There’s a discussion around starting in the cloud, perhaps to do regional private clouds where data privacy or data residency requirements preclude [companies] from leveraging public or private clouds situated outside of that region.”
For Brightway, its current private cloud projects are far from the last cloud initiatives it will implement. “We’re trying to go from regional retail branches to national ones,” Lash says. “The solutions we have in place now to serve our current footprint may not be what we need in the future. We’re thinking beyond our current systems to how we can serve our franchises going forward.”
But private cloud may not be as necessary over the long haul, according to Goldberg. “As insurers begin to trust public cloud infrastructure more and more over time, the necessity for private cloud will lessen,” he says. “In the short term we’ll see more insurers take this private cloud approach to get the benefits, but as they get more comfortable with the public cloud, private cloud use may actually decrease.”
This article courtesy of Information Management's sister brand, Insurance Networking News.