For some insurance CIOs, the hour may be soon approaching to reconsider a supposition that has gone relatively unchallenged for half a century-that robust use of computers to augment business operations requires a corresponding investment in physical hardware and on-premise software.

The new theoretical framework challenging the data center orthodoxy is known, somewhat unhappily, as cloud computing. Whether cloud computing ever becomes a viable alternative to the data center model is subject to debate; what isn't debatable is that the nebulousness surrounding the term "cloud computing" remains a source of confusion to many. To clarify, cloud computing is a rubric for three related concepts: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS). Furthering the complexity, companies can opt for public, private or hybrid clouds. Where on this spectrum a company making a push into cloud computing falls may well depend on the peculiarities of a company's business, its risk appetite and its leadership's IT vision.

While nobody is suggesting the insurance industry is set to abandon the untold millions it has invested in infrastructure over the decades in a lemming-like rush to embrace cloud computing, the prospect of insurers handing off the operational aspects of many of the functions currently performed within their own data centers or on their desktops is becoming an option.



The baby steps taken toward the cloud camp were evident in research conducted by New York-based Novarica in October 2010. The survey queried 75 members of its Insurance Technology Research Council and found an increasing number are spending more than 10% of their budget on SaaS and cloud initiatives, while a decreasing number are spending less than 0.1%.

These findings dovetail with the results of an October 2010 Microsoft online survey of 200 IT Decision Makers (ITDMs) in the financial services industry. Of those queried, 17% said they viewed companies investing in cloud computing as merely embracing a passing trend, while 45% considered it a chance to make IT more strategic.

So why consider the cloud model? From a technological standpoint, external clouds represent a boundless source of storage capacity and computational power without the capital outlay of traditional IT. The massively redundant and parallel nature of cloud-based infrastructures benefits areas such as disaster recovery, failover reliability and scaling.

From an operational perspective, the benefits are manifold, with the most frequently cited being cost savings, operational efficiency and agility.

While not synonymous, efficiency and an improved bottom line are intrinsically linked. By eliminating physical infrastructure to purchase, manage and maintain, a cloud initiative lowers upfront capital outlay. On an ongoing basis, cloud services may trim costs and are billed on an on-demand basis. The chance to design an ecosystem based on speed and agility with a variable cost structure is a large part of the cloud's appeal, says Michael Redding, global managing director, Accenture Technology Labs. "The ability to precisely match technology capability to business demand is what makes the cloud so intriguing to CIOs," he says.

Frank Petersmark, CIO advocate at Farmington Hills, Mich.-based consulting firm X by 2, compares the potential impact of cloud computing to what the adoption of just-in-time inventory strategies did for manufacturing-freeing them of inventory holding costs. "The elasticity and dynamic provisioning enabled by cloud computing are some of the true strengths of the paradigm," he says.

Joseph Cardenas, VP/CIO at Agoura Hills, Calif.-based Pacific Compensation Insurance Co. (PacificComp) cites another attribute to moving to the cloud-speed. "Off-the-shelf SaaS components give you a deployment speed advantage-it's not a matter of months, it's a matter of weeks," he says.



Few have embraced the vision of having a cloud-based infrastructure as wholly as Cardenas, who began formulating his vision for the cloud nearly a decade ago while at his previous post as VP/CIO of Autodesk Inc. "I was trying to retire data centers and move toward a services agreement," he says. "I wanted to do this for a whole company and that was one of the attractions of coming to a start-up like PacificComp. This was a very calculated move."

Rather than retire a data center at PacificComp, the greenfield nature of the company meant Cardenas could implement his vision from the outset with minimal legacy baggage. "If you go this route, you're basically nothing but a network," he says. "All we have is a telecommunications closet and some pretty serious bandwidth."

Another area where a cloud strategy can pull on cost levers is in human resources. Not having to deal with basic upgrade and version issues (the cloud is evergreen from the user's standpoint) clears a great deal from a CIO's plate. According to the Microsoft survey, The top reason financial services ITDMs cited for migrating to the cloud was to reduce IT workload.

Moreover, a cloud strategy enables insurers to reallocate IT personnel from the infrastructure services side of the house into areas working on customer-facing applications. Such is the case at PacificComp. "We have a small IT group, just 13 people," Cardenas says. "We concentrate on business projects and only have two people working on infrastructure." To stay this lean, a company deploying in the cloud needs to rely on vendors as a force multiplier, he adds. "You are leveraged by the vendors."

Yet implementation issues are ever present. "The biggest challenge to a SaaS-only model is the ability to execute," Cardenas says. "It isn't automatic."

Accordingly, Cardenas says insurers interested in pursuing a cloud paradigm would be wise to set up a skunkworks project from which successful test cases can be quickly scaled up for production. Likewise, he advises carriers to find a low-risk test case for an initial deployment, citing e-mail systems or CRM as good candidates for a foray into the cloud.

Not coincidentally, one of the first systems PacificComp implemented was one Cardenas had implemented earlier in his career, the CRM offering from More recently, to enable a shift in its sales distribution model, the company implemented a SaaS-based underwriting workstation and real-time agent portal from Bedford, Mass.-based FirstBest Systems Inc.

Cardenas says that while requiring vendors to have a SaaS offering did circumscribe some purchasing decisions, things are beginning to change. He says the fact that FirstBest employs an agile development methodology with cycle times similar to its own, eased the implementation. "It's a lot easier now because many vendors have switched into being cloud vendors," Cardenas says. "However, there's still a lot of interesting products in the insurance space that I wish were SaaS. We have a lot of SaaS and the only reason we don't have more is because the vendors aren't there yet."

In such cases where he opts for on-premise software, Cardenas relies on PaaS vendors to serve them. When making the transition from a physical data center to cloud computing, Cardenas says it's imperative to find partners with rigid internal controls in place and that are SAS 70 type II certified. He notes the company that hosts his Microsoft-based e-mail has done so for seven years without any instances of downtime. "Anybody who has run their own data center knows how hard it is," he says.



Of all impediments to broader to adoption of cloud computing, concerns surrounding data security seem the most intractable.

"Placing a core stack outside your firewall needs to be done with transparency and trust in the new operational model," says Rich Carreau, CTO for the Financial Services Group of Falls Church, Va.-based Computer Sciences Corp. "In an industry as regulated as insurance, there also needs to be accountability for protection data both in storage and in transport."

Chad Hersh, principal at Novarica, notes the scale and expertise offered by cloud vendors makes a cloud-based infrastructure an intriguing option. "As carriers start to think of the perceived risk of the cloud, consider the fact that companies such as Amazon Web Services are spending billions," he says. "No matter how well you spend your money, it's hard to compete with that type of investment."

Hersh says the recent removal of WikiLeaks from the servers of Amazon Web Services for violating its terms and conditions is instructive. Amazon managed to brush back the concerted efforts of hackers who sought to compromise their infrastructure in retaliation for dropping the controversial Web site.

"Amazon surviving the WikiLeaks attack is a validation of the strength of its infrastructure," Hersh says. "Are there going to be problems that are highly publicized? Yes. But people need to understand that it's a limited risk. A massive, distributed infrastructure is the whole point of the cloud."

Yet, the Amazon/WikiLeaks imbroglio raises other questions. Given the manner in which Amazon summarily cut off cloud services for WikiLeaks, insurers may wonder whether they can afford to make access to their data that dependent on a third party. Moreover, the underlying technologies from cloud vendors tend to be proprietary, so the prospect of cloud customers moving data and applications from one cloud vendor to the next is no small matter.

While Cardenas does not dismiss the dangers of vendor lock-in, he thinks it's a manageable risk. "It's actually easier to switch off a SaaS product than an installed one," he says. "One of the strengths of SaaS is that it forces a degree of standardization on you."

To be safe, Hersh says carriers should take pains to craft service-level agreements that clearly establish ownership of all information prior to a move to the cloud.

Thus, no matter how far the technology enabling the cloud progresses, the fact that external clouds ultimately remain outside the control of the carrier may be a non-starter for many organizations. These organizations may opt for internal or private clouds. Cardenas views internal clouds as an ineffectual half measure. "A data center is a sunk cost," he says. "The real value isn't going private because those servers are still sitting in your building. It's just going to cost you more money."

Hersh, too, is skeptical. "The internal cloud is a bit of a tough concept to swallow because the idea of provisioning computing power on a subscription basis is theoretically impossible internally," he says, adding that the need to account for peak capacity means an internal cloud cannot operate as efficiently as an external one. "With an internal cloud you can scale up quickly, but you can't scale down quickly."

Nonetheless, Hersh says sufficiently large organizations may derive value from the internal model. "If you are of a considerable size, then an internal cloud has some potential to simplify provisioning of servers, bandwidth or memory and to reduce cost and complexity," he says. "So, changing the way your data center works to perform more like a cloud does have some potential. It's like taking virtualization to the next level."



Insurance technology vendors are adapting to help ease cloud migration. In December 2010, CSC released a four-stage framework for financial services firms to use cloud services. The framework includes a Cloud Adoption Assessment methodology, which assesses and prioritizes workloads to determine the migration path.

While Stage 1 of the framework tackles moving horizontal shared services such as e-mail and Stage 2 involves migration of back-office support applications, Stage 3 concerns the migration of core applications, which can be among the most aged and customized in an enterprise and therefore the toughest to retrofit for the cloud. "The cloud was not designed for COBOL solutions," Hersh says. "That being said, there are very few things unavailable in the cloud and migration issues aren't that big of a deal."

CSC's Carreau notes the staged deployment road map contained in the framework helps lower the risk of migrating legacy apps to the cloud. He also notes that carriers that have experience with business process outsourcing are more ready than they may realize.

Cloud vendors are also encouraging cloud adoption by staying on the leading edge of hardware adoption. In November, Amazon Web Services upped its high-performance computing offerings by rolling out servers featuring dual NVIDIA Tesla "Fermi"M2050 graphics processors units (GPUs) on its Amazon Elastic Compute Cloud (Amazon EC2) platform. GPUs are especially well-suited to the massively parallel workloads such as the Monte Carlo simulations used in actuarial calculations.

When it comes to stochastic modeling, Hersh says the cloud may be a workable substitute for the internal grid computing arrays that have been very successful for the carriers that could afford them. "For the cost and the effort, it's easier to tool your application for the cloud," he says. "So I expect we're going to see a ton of use for risk management and actuarial."

Carreau also sees the cloud helping small and mid-sized insurers close the technology gap enjoyed by larger, deeper-pocketed rivals. "One advantage smaller insurers have is less complexity in technology environments," he says. "So with a well-designed cloud environment, the ability to move the dials of progress is that much easier."

Carreau says intangible services such as insurance are well suited to the virtualized world. "We believe cloud is an ideal collaborative environment for areas like product design," he says. "You can co-design with distribution partners and produce differentiators for areas such as risk selection and claims."

Since testing is such an expensive and time-consuming process; a PaaS environment can be ideal for developers and testers to fine tune applications using on-demand tools and services.

Given the confluence of technology and business factors, and with financial factors and constrained IT budgets providing the trade winds, Carreau says he expects a quick ramp-up in cloud adoption among insurers, noting others in the financial services industry, such as Deutsche Bank, have been very explicit in their plans to leverage the cloud. "I think the latter part of 2011 will be a tipping point for cloud," he says. "The promise of a fully digital enterprise is closer now than anytime in the past."




As with many nascent technologies, many perceive a lack of industry-wide standards as an inhibitor to faster cloud adoption.

Now, new coalitions are aiming to alter this. The Open Data Center Alliance, which includes companies as diverse as Intel, China Life, Shell, Lockheed Martin and J.P. Morgan Chase, advocates that components comprising public and private cloud systems be built in a manner that will enable them to work together more efficiently.

In a similar manner, the Virtual Computing Environment Coalition (VCE), which includes Cisco, EMC with VMware, was formed to reduce "risk in the infrastructure virtualization journey to the private cloud." The VCE notes the total market for private cloud infrastructure, is estimated to be $85 billion by 2015.

While that seems a sufficiently large number for the next half decade, consider that the U.S. federal government as a whole has an annual budget of $85 billion for IT.

America's first CIO, Vivek Kundra, has vowed to use cloud computing at the federal level to trim costs. In Nov. 2010, the Obama administration proposed a set of standard security requirements that would apply to all federal agencies and contractors using cloud computing.

"By using cloud services, the federal government will gain access to powerful technology resources faster and at lower costs," Kundra said in a statement. "This frees us to focus on mission-critical tasks instead of purchasing, configuring and maintaining redundant infrastructure."

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access

Corrected February 7, 2011 at 2:10PM: yes