News & Commentary

02:36 PM
Jeff Muscarella, NPI
Jeff Muscarella, NPI

Gain Big Savings from Big Vendors

As insurers undertake much-needed modernization efforts, they must optimize investments in their largest vendors to avoid the pitfalls of overspending.

When it comes to IT spending in the insurance industry, the 80/20 basically rule holds true: Insurance companies typically spend 70 to 80 percent of their IT budgets with a few large vendors. And despite leaner technology budgets over the past several years, it's with these big vendors that IT overspend is the greatest.

Shocked? You're not alone. Most insurance IT professionals have cut their IT spending for so long that it's tough to imagine they could be spending too much with anyone. The problem is that there is no IT equivalent of the Kelley Blue Book to help a company validate that it's paying the right price for the right terms and conditions. The price a vendor charges one firm can be 30 percent more than the next company. The issue is further exacerbated by the increasing complexity of offerings, contracting practices and pricing.

The challenge is growing due in part to the rapid (and long overdue) IT modernization that's happening across the insurance industry. Companies are finally loosening their purse strings to invest in IT initiatives such as cloud computing, mobile applications and business intelligence software. Those companies that want to avoid overspending must focus on optimizing their spend with their largest IT providers, using every resource available to neutralize the vendor advantage.

Here are several spending pitfalls to avoid:

Microsoft: If you're looking to expand or change the Microsoft footprint across your organization, know that Microsoft offers programs that may be more cost advantageous than the published programs. Be diligent in exploring all license and program options, as even your rep and reseller are often not up to speed on the latest licensing rules. Also, there have been many changes to Microsoft's offerings and T&Cs since the last time you signed their enterprise agreement.

VMware: VMware recently announced a major change to its vSphere licensing and pricing model that includes a pooled virtual RAM entitlement (vRAM). Many clients may see a licensing cost increase as they pursue the latest versions of VMware products and are forced into this new pricing model. This is good reason to reevaluate your VMware agreement and align pricing and terms more closely with your business requirements. By doing this, you can determine the best product and service mix for your current and future state as well as neutralize any "gotcha" contract terms.

Cisco: If you use Cisco's SmartNet offering for support, then chances are you probably renew your contract every year (90 percent of SmartNet users do). Try signing a three-year contract to maximize discounting. It requires due diligence during the term of the support contract to ensure it reflects your evolving network support needs, but the savings can easily be in the 15 to 20 percent range. Or consider third-party support options. Non-certified third-party support providers can save you as much as 50 percent, while certified providers can save you as much as 20 percent.

AT&T and Verizon (wireless): Insurance companies are increasing their mobile technology investments, leading to higher wireless carrier spending. Here are a few things to consider: Did you know most companies are paying prices for AT&T and Verizon services that are well above fair market value? Did you know you can negotiate for your unlimited data plan to be grandfathered into your future contracts? Are you pooling minutes across your company -- or are you paying for thousands of unused minutes? Each of these questions ties to a major area of overspending.

Oracle: Support/maintenance and licensing continue to be the two biggest elements of overspending with Oracle. For years, annual support rate increases -- 14 percent in some years -- have risen with little justification. Know that these increases are negotiable, and that there are third-party support options that can significantly reduce costs. Additionally, enterprises are renowned for purchasing too many licenses and failing to manage their license inventory, which leads to substantial overspending.

Today's insurance IT professionals have a tough job. They need to drive IT business value and innovation to keep their enterprise competitive, but operate under strict mandates to stay within budget. By navigating effectively around these spending pitfalls, insurance companies can optimize IT spending with their top vendors, freeing up significant budget dollars. These funds can be used to support a company's commitment to IT innovation and for new initiatives that will deliver even more business value.

About the Author: Jeff Muscarella is EVP of IT at NPI, an Atlanta-based IT spend management consulting firm. He frequently writes and speaks on how enterprises can improve the way they plan, source and implement IT.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.