In increasing numbers, enterprises around the globe are adding public clouds to their technology portfolios.

The insurance industry, by its very nature, is heavily regulated and sensitive to risk. Though it has been a user of IT and business process outsourcing and offshoring for quite a while, the industry has been perhaps slightly more reticent than other industries to embrace public cloud computing, at least initially. But this is changing—and fast. Nowadays, the potential of cloud computing no longer is a topic of debate in the insurance industry, and adoption of cloud services is beginning to ramp up.

Carriers are warming up to the cloud by using public clouds initially for noncore office and support functions, such as marketing automation, salesforce management and call centers. Others have taken a different path and are utilizing a cloud-based infrastructure or application for compute-intense actuarial and reporting tasks. These tasks often are time-consuming and require complex computational capacity, with a great deal of seasonality in demand. For example, statistical modeling of large datasets is one of the most common, repetitive tasks that are performed for pricing, underwriting and even marketing.

Finally, there are a few instances of carriers utilizing cloud for core-related applications—including policy administration, claims and billing systems—and even more are considering moving their IT applications to the cloud over the next few years. Gartner recently reported that more than 50 percent of surveyed carriers currently are using cloud services and more than 20 percent are planning to do so by 2017. (“Gartner Survey Analysis: Cloud Adoption Across Vertical Industries Exhibits More Similarities Than Differences,” Feb. 18, 2015)

Increasing Interest in the Cloud

There are several clear reasons for the transition of insurance companies into the cloud environment, including budget constraints and operational benefits.

But although any change to a business process must justify itself in terms of cost and effort, the full potential of cloud computing is about much more than a cost-focused return on investment. It is about creating value for the clients.

For the insurance industry, moving to the cloud offers several layers of operational benefits.

While operating on the cloud, any additional resources that are needed can be easily added. Furthermore, these resources can be downsized when demand dies down. The flexibility to accommodate this fluctuating demand cannot be mirrored in a fixed environment, and certainly not for short-term requirements.

On the cloud, carriers can consolidate their core systems and technology, such as policy administration, underwriting and claims to lower costs and improve agility. This move creates a more flexible enterprise by streamlining product development processes, addressing workloads and adopting agile technologies.

The cloud environment can support direct, multichannel relationships with customers. It provides a central place to house applications where collaboration can flourish in real time, between sales agents, employees, field representatives and developers. It also addresses the need to present customers with coherent interactions across any channel they use.

Is It Safe?

Even when the promised potential value of cloud computing has been proven, cloud computing still is perceived as less secure than on-premises servers. This is more of a trust issue than it is based on any reasonable analysis of actual security capabilities.

As the sophistication of cyberattacks rises, individual companies are struggling to keep up with the latest in platform security while maintaining day-to-day operations. On the flip side, the majority of cloud providers invest significantly in security technology and personnel because they realize that their business would be at risk without it. They provide their services in highly secured and controlled platforms, delivering a wide array of security features that customers can use, as well as having industry and independent third-party internationally recognized certifications. These include standards like ISO 27001, FIPS 140-2, HIPAA, SOC 1/SSAE 16/ISAE 3402, PCI dds3.0 and FedRAMP.

As a result, companies may obtain better security when operating in a cloud environment because they receive best-in-class security features and can choose to work with vendors that make security a top priority. Security patches are applied automatically to each component of the environment, regardless of the company’s own IT procedures and resource availability. To date, there have been very few security breaches in the public cloud; most breaches continue to involve on-premises data center environments. (Source: Gartner Highlights the Top 10 Cloud Myths, Oct. 1, 2014)

Vivek Kundra, former Federal CIO of the United States, once asserted: “Cloud computing is often far more secure than traditional computing because companies like Google and Amazon can attract and retain cybersecurity personnel of a higher quality than many governmental agencies.” (Kundra made the assertion in an Op-Ed piece in the New York Times titled “Tight Budget? Look to the ‘Cloud,'” published Aug. 30, 2011.)

Large companies—including IBM, Microsoft, Oracle and SAP—are embracing the cloud and trying to find ways to move their customer bases there. Many early customers of cloud services were startups, but today the list includes most of the Fortune 500 and even the U.S. government and CIA. Alcatel-Lucent, Aon, Comcast, Dow Jones & Co., Ericsson, The Financial Times, Guardian News, Johnson & Johnson, NASA, The NASDAQ OMX Group Inc., Novartis, Pfizer, Philips, Siemens, Suncorp and FINRA are just part of the very long list of companies listed as Amazon Web Service (AWS) users.

For carriers, the main concern has been putting their data—their most valuable virtual asset—out there on the cloud. At Earnix, for example, our customer base initially was hesitant about cloud adoption, but they now have realized that cloud security meets and even exceeds their own IT standards. Earnix provides advanced integrated customer analytics and predictive modeling software solutions that can be integrated into a carrier’s core systems, and as such this was a genuine concern to them. We have been able to address this concern by making sure no personally identifiable information (PII) data will be transferred to the cloud and by presenting strict cloud security protocols including an isolated virtual private cloud (VPC) for each customer, dedicated tenancy, two layers of firewalls (Earnix and cloud), role-based access definitions, role separation, and advanced monitoring and alerting systems.

Cloud Basics: Knowing Where to Start

There are three cloud computing categories: software-as-a-service (SaaS), infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS). Cloud services are broad and can span multiple levels, models (“lift and shift,” cloud native), scope (internal, external) and applications. It is not a one-size-fits-all solution; there have been some instances where a perfect fit for certain categories and specific models have accrued. (See related article, “Cloud Benefits: Understanding Terms.”)

The cloud is an ideal fit where value is placed on flexibility, agility and scalability. Examples include cases of highly variable or unpredictable workloads; where there are budget constraints or obvious room for savings; where several customer-facing, time-sensitive applications need to efficiently integrate; and where self-service provisioning and reprovisioning are key.

Defining a cloud strategy begins by identifying business goals and mapping potential benefits of the cloud to them while mitigating the potential drawbacks. Cloud should be thought of as a means to an end, not as a goal unto itself.

As carriers learn to trust the cloud, they can progress beyond using it for auxiliary purposes only and move toward using the cloud for mission-critical workloads. Some of these uses are true cloud services (SaaS, cloud native), while others are hosted models where cloud benefits are lower but still represent a legitimate use.

Hybrid solutions also can play a key role, along with cloud bursting—i.e., running an application in a private cloud or data center and then bursting into a public cloud when the demand for computing capacity spikes.

In a world of increased digital interaction and data collection, the cloud holds a great promise that prepares organizations for future growth with a next-generation platform.

Data Sources

Sources of the statistics on cloud usage and cloud risks cited in this article include:

• The Forrester Wave: Enterprise Public Cloud Platforms, Q4 2014, Dec. 29,2014
• Gartner Forecast Analysis: Public Cloud Services, Worldwide, 4Q14 Update, April 10, 2015
• Gartner Survey Analysis: Cloud Adoption Across Vertical Industries Exhibits More Similarities Than Differences, Feb. 18, 2015
• Gartner Highlights the Top 10 Cloud Myths, Oct. 1, 2014