Insurers remain cautious in their adoption of newer technologies. But when solutions are perceived as being potentially game-changing, the rules change. Insurance & Technology's editors take a look at four technology areas in which insurers are beginning to invest serious attention and, in some cases, serious cash.
Insurers Remain Cautious About Flying in the Clouds
Refering to the future of cloud computing at this year's Interop technology expo in New York in November, keynote speaker Mark Templeton, CEO of Citrix, asserted that "the Holy Grail is to deliver IT services on-demand." He could hardly have chosen a better metaphor for the elusive and even illusory area of cloud computing. The very name "cloud computing" conjures images of the distant, indistinct and unrealistic. It invites insurance CEOs to wonder whether CIOs have their heads in the clouds if they think it's a good idea to relocate sensitive data to that ethereal realm.
It can be argued that despite involving a third-party handoff, cloud computing and its software-as-a-service (SaaS) incarnation ultimately present the same challenges as any attempt to place business processes and sensitive data on a network. The question then isn't whether the cloud works, but whether it works well enough yet.
"The hype always leads the reality, and the reality is usually just ahead of the unintended consequences -- I think we're still discovering what the hype curve of cloud is," comments Drew Bartkiewicz, VP of cyber and new media risk, The Hartford Financial Services Group (Hartford; $9.2 billion in annual revenue). "There's an enormous amount of energy, talk and marketing about cloud, but it continues to mean different things to many people. As cloud [computing] and its risks continue to be defined, the insurance industry has an advantage in being a laggard in this respect."
Privacy and Security Concerns
CUNA Mutual has begun a sales force automation project that leverages SaaS, but CIO Rick Roy regards the technology as immature for mission-critical uses. "When I think of core applications such as actuarial, underwriting, claims and policy administration, I don't believe the technology is at the compliance level that we, as the insurance industry, need to achieve," he remarks. "Perhaps the concept can evolve to where the trade-off between risk and reward is compelling, but at this point I don't see cloud computing as an enterprisewide implementation within insurance and financial services, mainly because of security and privacy concerns."
Whatever CIOs' concerns, insurance vertical solutions are reaching maturity, according to Chad Hersh, principal, Novarica (New York). "Vendors such as Exigen [San Francisco], ISCS [San Jose, Calif.], [Redwood Shores, Calif.-based Oracle-owned] Solaris, and Unirisx [Philadelphia] are working on putting the right business model, infrastructure, pricing models and service-level agreements in place to truly provide SaaS, rather than just offering a hosted solution," he says. "CIOs need to look for that type of thinking -- a real understanding of what SaaS requires in terms of contracts, business models and configurability, not just calling your existed hosting solution 'SaaS.' "
Among the features Hersh recommends are having the solution hosted in a SAS70-certified data center, leveraging robust encryption between the data center -- ideally through the use of a VPN -- and focusing initially on the private rather than public cloud.
Controls and Demands
Michael Anselmo, CIO of Pawtucket, R.I.-based Narragansett Bay Insurance (approximately $13 million in gross written premium) recommends that insurers considering SaaS options use defined service-level agreements (SLAs) that include location, technology and support. "It should not be viewed as a shared cloud but rather as a dedicated cloud," he cautions. "CIOs should place controls and demands on vendors to ensure that they are supported and measured against business goals and, most important, ensure that the SaaS environment can be relocated or in-sourced when SLAs are not met."
Such controls emphasize perhaps the primary consideration when adopting a SaaS-delivered solution, according to Dave Hollander, CEO, Unirisx. "SaaS does not allow you to abdicate," he says.
Hollander argues that early vendor adopters of SaaS, including Unirisx, have accumulated sufficient history to demonstrate the security of their solutions. He claims that Unirisx has supplied SaaS-delivered policy processing services to 17 clients in locations across 19 countries since 2004 and is yet to have an SLA or other issue. "The question isn't about the integrity of SaaS as much as it is about the integrity of the insurer's policy process," he comments. "The real answer lies in well-architected application software solutions that run in a well-managed hardware/software hosting facility and are actively monitored by carrier personnel."
SaaS is ripe for insurance applications, insists Fazi Zand, Exigen's VP of marketing and business development. Zand claims that, bearing in mind the advancing maturity of horizontal solutions, the vendor established an early design goal to make its policy, billing and claims suite SaaS-ready.
"Configurability sets a true insurance SaaS apart from hosted applications by enabling greater self-sufficiency and speed to market for the insurers," Zand says. "Robust security can be implemented in each layer, from infrastructure to platform and software. In fact, SaaS security, scalability, availability and reliability are typically superior to in-house design, since the future success of the SaaS provider depends on its ability to provide these capabilities." -- Anthony O'Donnell