Insurance carriers have started adopting cloud into their technological framework. But cloud adoption is not a simple insertion of technology into an organization’s IT infrastructure — it requires a well-defined strategy to transition to the cloud.
Case in point: a leading insurance carrier that operates in both personal and commercial lines wanted to modernize their legacy mainframe system and decided to adopt Guidewire, a leading insurance-specific platform. As the first release neared completion, there was an increasing realization that the insurance carrier would not be able to support the Guidewire system internally in the long run — there simply wasn’t enough staff with the specific, required skillset. A complex insurance system demanded a high amount of focus from the carrier to simply maintain, upgrade, and bug fix the system. This example is proof that modern day problems require modern day solutions.
The technology industry as a whole responds to the problems companies face by providing service as a software (SaaS) solutions. In this case, the solution for the challenge faced by the insurance carrier was to offer the Guidewire core systems in the Cloud. The carrier today benefits from having a team of Guidewire cloud professionals managing their Guidewire upgrade, deployment, and bug fixes. There is no longer a staff capacity concern with keeping up with the ever-growing demands of the business.
A key takeaway from the above example is that cloud solutions need to be tailored specifically to the unique needs of the insurance carrier. We have listed below some strategic considerations before you take that leap to the cloud.
- Evaluate the need for cloud
There are largely two scenarios in which companies adopt cloud. The first one is business-driven, centered around the need to build new, transformative business capabilities such as IoT, data and analytics or business automations. In order to support business goals, the company decides to adopt newer technologies that are largely cloud-based. The business may also choose to not leverage existing IT systems for deployment or integration in the cloud.
The second reason is IT-driven. The IT leadership or CIO decides to optimize the legacy environment of their IT department. This is more of a preparation strategy by technology leaders who foresee that the future of the company depends on cost-effective and agile infrastructure, which is provided by the cloud. In this case, the cloud will not be viewed as standalone technology but integration into the existing IT system becomes an absolute necessity.
Most times, both these reasons drive cloud adoption in parallel. Whether they give rise to complexities or synergies depends on how effectively the cloud transition strategy is planned out.
2. Data loss and privacy risks
Moving your data from a privately managed, legacy-based warehouse to the cloud can pose multiple security risks. The advantage of cloud-based systems is that since data is stored across multiple data centers spread out geographically, the risk associated with data loss in the event of a natural disaster can be prevented. However, there is always the threat arising from physical access to data centers. In addition, public cloud services are exposed to the internet, one of the biggest security risks. Ransomware and data transition losses are additional types of data loss, not to mention data privacy breaches.
Choosing the right kind of cloud and prioritizing the type of security suitable for your business is a key consideration for IT leaders planning to move to the cloud. Also, a variety of technologies are available to counter some of the challenges mentioned above, such as data encryption models, role-based access controls, data isolation in a tape vault, etc.
3. Legal and regulatory compliance
Data protection rules have been tightening significantly over the years. Regulations such as UK’s GDPR and update to the PCI-DSS standard for payment cards have put restrictions on how organizations procure, store and use data — especially personal data. There are different kinds of laws such as data protection laws, data localization laws, and data sovereignty laws for data privacy. If the company operates across different countries around the globe, it then should comply to the regulations of different countries as well.
The cloud enables geofencing of data of different subsidiaries while keeping all the data of the organization together. CIOs of global companies should leverage this technology to effectively navigate through the myriad legal and regulatory compliance policies surrounding data. Awareness of these legal and regulatory laws is very important while planning a cloud transition and preparing for possible future compliance laws.
4. Cloud governance and security
With the introduction of cloud, decisions have become largely decentralized and agile. Having decentralized services leads to a new security model that will have every single server verify the data. This forces all systems to authenticate and authorize each user who uses the cloud service, leading to enhanced security. But decentralization alsonecessitates a governance model or policy to be better able to control the people, processes and technology. This governance structure can vary depending on your organization situation, but on a basic level there will be three components to this governance model. The first will be a centralized cloud advisory board that helps formulate a governance strategy. The second component will be the management function that looks at standardizing practices, defining standards and best practices to be followed organization-wide. The third component will be a management solution who will look at ground level implementation, which includes breaking down cost, usage, performance and security by the consumers of cloud in the organization.
5. The right cloud deployment strategy for your organization
There are different types of cloud solutions available for enterprises today: public, private, hybrid and multi-cloud. Public cloud provides a scalable environment with a pay-per-usage model, which can control costs. However, it may not be the best place for sensitive workloads, which are better suited in private data centers where there is additional control and security. For those that have a mix of mission-critical workloads and apps that require the scalability of cloud, hybrid cloud offers the best of both worlds. Enterprises can have control over sensitive workloads on-premise and take advantage of public cloud scalability for workloads with occasional spikes in demand. However, there can be performance and connectivity issues. Lastly, multi-cloud is beneficial for enterprises that want to avoid vendor lock-in and maintain the ability to pick and choose from multiple provider services. This model requires more management and a wide range of skillsets from staff.
By keeping in mind these key strategic-level considerations, technology leaders in insurance organizations can ensure a successful transition to the cloud. However, even after the complete cloud migration strategy is in place, there are some important technical considerations that will go a long way in implementing the strategy effectively. Read more about key technical level considerations.