Tag Archives: azure

The Case for Cloud Computing

Insurers must regain competitive ground in the digital race for the customer, and all roads that make sense … lead to cloud adoption.

Growing ransomware attacks should be the weight that tips the scales. T-Mobile was breached just recently. Half of its customers (105 million) now have their Social Security numbers, names and birthdates exposed. The information is already up for sale. Last year, insurers and healthcare systems were hacked in greater numbers. Ransomware victims across all industries paid out $370 million in cryptocurrency in 2020, 336% more than in 2019.

Vigilance in cybersecurity requires a different approach

Cybersecurity is not optional. It is table stakes. The issue is no longer all about keeping the data and systems safe. It is about looking out for and being able to nip potential vulnerabilities and hackers in the bud, before the hack actually happens. Vigilance is not reactive, it is proactive.

Pre-cloud security matched pre-cloud threats.

It used to be that the typical trajectory of a security exercise within a company would be periodic business continuity and disaster recovery checks. You might also have audits that are mandated by a public service organization or you might have specific customers that request to be in conformance with SOC audits, etc.

That type of security practice has spun 180 degrees. What changed?

Anyone can hack now.

The increasing consumerization and democratization of data and technology tools has made nearly every citizen in the world a potential hacker. Any interested party with a high IQ is potentially someone who can hack into your systems. The new urgency and vigilance is no longer about conforming to audits, conducting periodic checks or conforming to state or public-sector-driven regulations. It’s about continually being secure by examining your own insecurity. Cybersecurity is an enabler to doing business.

See also: Why Cloud Platforms Are Critical

The frequency of hack-possible events is making security far more complex.

Insurers and vendors all have security measures in place. But cyber hackers are twice as fast at breaking solutions as the solution providers are at updating their security tools. This makes cybersecurity a process rather than an event-driven initiative. Hackers have also improved in their ability to handle complexity. Where hacks come from and who can be a perpetrator is always expanding. Corporate security teams are doing their best, yet they are still sometimes scratching their heads, asking themselves, “Just which part of our data and systems do we protect?” And the answer, of course is, “all” and “everything.” Nothing is truly safe. Cybersecurity is no longer a point-in-time exercise, and it has to cover every part of your data and platform framework. 

Answer = Cloud

Public cloud vendors answer these two related problems: expansion of the hacker community and the increasing complexity of protecting against hacking events. With public clouds, the large cloud vendor is doing the job of security for all of us — proactively taking responsibility for their customers.

Microsoft Azure is a great example. Microsoft invests more than $1 billion annually in cybersecurity research and development for Azure alone. This doesn’t include Microsoft Office or any of their own products. Microsoft Azure has more than 3,500 dedicated security experts. Their job, day in and day out, is to counsel their customers and close gaps. “Here is how well-designed your technology stack is against cybersecurity, and this is what Azure can do for you.”

With the cloud, security is job zero

If an insurer gets one takeaway from this blog, it should be this: Cybersecurity is job zero. It is not an add-on.

When we talk about securing a customer’s stack, there are six key things that we should do for them. These principles are universally adhered to:

  1. We implement a strong security foundation. We must begin with role access. No matter who you are, your role is given only a certain sphere of access, and that is all you can access. As a cloud software vendor, we ensure that level of identity foundation.
  2. Insuring traceability. A traditional issue in security was that, until three or four years ago, when hacks happened, it could take months for companies to figure out the root cause. What was hacked? What was the precise level of leakage, especially in insurance companies? The delay in understanding could lead to billions of dollars in loss. Insuring traceability, which includes monitoring alerts and audit action and changes to your environment, happens in the cloud in real time. You don’t need to wait two months for some IT guy to get into the old logs and figure out what has been lost or hacked. Your systems have real-time traceability.
  3. Security must be applied on all layers. When you consider an organizational stack that resides in the cloud, that includes a client’s network, their servers, their websites, their applications and databases. Everything is now in the cloud. When we say that we manage their security, we apply security at all of these layers as well. We aren’t just securing their database or their front end.
  4. Data must be protected both in transit and at rest. This is a modern, cloud-driven cybersecurity attribute. If you think of a traditional insurance organization, volumes of data are stored in their archival systems, such as their legacy administration and billing systems. This is data at rest. But an incredible amount of data is in constant transfer between the insurer and brokers or the insurer and customers. That is data in transit. What a cloud-native environment does is to protect data both in transit and at rest.
  5. Least access as privilege. This is a logistics issue related to role-based access. Another traditional problem within internal IT shops has been that there is not always transparency if an employee leaves or is fired. HR may take 24 hours before notifying IT.  IT takes two hours to deactivate that person’s access from the respective systems. By this time, security has already been compromised. All cloud systems function on a different principle — the principle of least access privilege. A person only has access to the portion of the system that they are supposed to touch. There is no universal access. The CFO doesn’t automatically get access to everything. Cloud security functions on the basis of least access privilege. If a person needs greater access, they have to ask for it and gain permission before it is granted. This is paradigm shift in security that the cloud has brought about.
  6. Security guidance through the well-architected playbook. Let’s say that your organization moves to the cloud to improve their digital presence and manage their data more effectively and to save additional expense. What you’re getting is so much more than that, though. Integrated security is the “value-add.” You’re receiving protective security and security expertise. This is life in the cloud. When you sign up, you get measured for how secure your full system is. The playbook has security design principles that will allow you to measure your system security. “Here’s how well-designed your systems are, based on key design principles. Here are some gaps that you need to fix.” The playbook also provides things like incidence response simulations. It has investigation policies and processes available as templates. It is a ready-to-use “security cookbook” supported by subject-matter experts. It is less prescriptive and more actionable. “Here’s where you are. Here is what needs to happen for you to get where you need to be.”

And if that’s not enough…there’s the financial picture

Cybersecurity costs money. If you are investing in internal security, you will likely spend more than if you are letting your environment be managed as a cloud-native environment where security is a part of the solution. The cloud hands you cost avoidance as a part of your business case or return on investment. The cloud provider is taking on this responsibility. This is intentional cost-avoidance on the part of the insurer.

In data-intensive organizations, such as financial, healthcare or insurance organizations, there is a significant amount of leakage every year due to security breaches. These aren’t necessarily data thefts; they are losses that are just eliminated by the cloud. The razor-sharp, stringent data security mechanisms that are in place for cybersecurity naturally fix other data leakage issues. This is an unintentional cost-avoidance, but it happens nonetheless.

Which brings us to our last point. The same real-time monitoring that can be used for security purposes will even help insurers to adopt better real-time monitoring for any issue. If you extend the concept, moving to the cloud forces the organization to whip its data and processes into shape enough to migrate, then the cloud takes over. The simple process of preparation is a beneficial exercise. Every aspect of cloud migration makes an excellent case for doing it now.

See also: A Novel Approach to Cybersecurity

For a broader look at many of the key benefits of cloud adoption, be sure to view the Majesco and Microsoft webinar, New Normal: The Catalyst for Cloud Adoption, or read Denise Garth’s interview/blog with Manish Shah, President and Chief Product Officer, Majesco, and Jonathan Silverman, Director of Insurance Industry Solutions, Microsoft, titled Majesco CloudInsurer Plus Microsoft Azure: A True Insurance SaaS Platform.

Now, Everything Can Be ‘As-a-Service’

Everything-as-a service is transforming the economics of establishing and running a company. Product-as-a-service will fundamentally change insurance product design and delivery.

Before recently joining insurance fintech start-up Instanda, I spent the last 15 years working within the insurance industry for U.K. FTSE 250 companies — such as Hiscox, Capita and, most recently, Xchanging. For the up-and-coming executive, there is something very comforting about working for a big, established company during the early part of your career. You are able to immediately plug in to a brand, revenue flow and customer base that is already well-established. There are lots of people with well-defined roles to support you, and you will undoubtedly benefit from a significant investment in physical infrastructure (whether that be a branch network of offices around the globe or big, heavy IT infrastructure sitting in your own data centers).

But that level of comfort comes at a price for the big corporation. There is an enormous amount of capital in the business tied up in “stuff” (office furniture, leases, servers, etc.), and there is an inevitable restriction in the ability to move quickly to respond to changing customer needs. We all know, when a company gets bigger, it becomes more unwieldly and bureaucratic. What has really struck me since joining Instanda is how technology and service provision have moved on to such an extent that you can gain access to the same benefits and capabilities of the infrastructure of big companies at a fraction of the cost — and without losing your agility and flexibility to respond to the needs of the business.

As a business, Instanda is a firm believer in consuming “everything-as-a-service.” We are a technology company that does not own a server; all of our IT infrastructure is procured from Microsoft Azure, which gives us access to almost instantaneous unlimited storage and processing power from our desktop dashboard. For office and email suite, we use Microsoft 365, where are able to tap into the many years and millions of dollars of Microsoft’s investment for a small monthly sum per employee.

“As-a-service” is often thought of as being a software service provided out of the cloud, but, of course, it can just as easily be physical infrastructure. The sharing economy is full of examples where physical infrastructure is available to be purchased at a fractional cost. Uber is “transport-as-a-service,” and through the good offices of property services firm wework, we are able to procure very high quality workspace as “property-as-a-service.” Our newly built offices are sitting on the edge of London, close to our customer base and fitted out to the highest standards.

In the past, for a small company like Instanda, these offices would have simply been beyond our means, but in the new “as-a-service” economy, we can purchase as many (or as few) desks as we like — with only a monthly notice period required to add seats or to exit the space, all while still benefiting from the full range of office facilities of a multimillion-pound company.

Similarly, our accounting, payroll and CRM systems are all consumed as cloud-based services where we only pay for what we consume. Yet it was not long ago when the idea of placing your key customer data on a system and servers you didn’t own or control would have been seen as a crazy business risk. Imagine going to your CEO today and saying, “I want to build our own bespoke CRM system, buy some physical servers and store them in our own operated data center.” You would soon be shown the door. So, what was considered risky and unthinkable in the past can very quickly move to business-as-usual when the competitive advantages become undeniable.

See also: How to Insure the Sharing Economy

So what all this means is that a relatively new business like Instanda can purchase all the key services it needs to operate as a business on-demand  with “everything-as-a-service” and, most importantly, at an incremental cost completely aligned to the size of the business. The ability to buy all these capabilities “as-a-service” fundamentally shifts the cost dynamics of operating a business and allows a much smaller business to effectively compete with much bigger, longer-established businesses on equal footing. In fact, it gives you a strong competitive advantage because you can operate at a price point and with a degree of flexibility that bigger companies cannot match because of their past significant investment in physical infrastructure.

In the insurance industry, capital is becoming increasingly commoditized as surplus capital seeks better returns in this sector. Underwriting and insurance products have become harder to differentiate because of increasing competition, so the battleground is now in distribution. Whether you are a reinsurer moving into insurance, an insurer opening new global offices or trying to dis-intermediate your broker channel by going direct, a broker establishing your own branded products or an MGA reaching into new markets, the overriding business challenge is: “How do I get my products out to my customer quickly and cost effectively?

So what we have done at Instanda is to take all the benefits and advantages of “everything-as-a-service” and applied the same concepts to “products-as-a-service,” establishing a platform to facilitate the manufacture and global distribution of insurance products. The benefit of this approach is that we can get our customers to market anywhere in the world — 10 times quicker and 10 times cheaper than the traditional approach of building products within an installed back office software system. Our configurable toolkit allows our customers to quickly assemble any type of insurance product and completely control the look and feel of the online and mobile product. Our customers can build their products themselves without the need to code or deploy IT staff — combined with a commercial model completely aligned with the success of the products on our platform.

See also: Is That Opportunity Calling in the ‘Sharing Economy’? (Part 2)

By fundamentally changing the cost dynamics of insurance product manufacture and distribution, “product-as-service” opens up new sales opportunities that simply were not possible or justifiable before.

Do you want to create a different look and feel for the same product for each of your agents or distribution channels? Do you want to launch a micro-insurance site for single items that are bought by the hour? Do you want to offer a short-term insurance product for a single event? Do you want to test the attractiveness of a new product before investing in worldwide distribution? All these become simple and cheap when utilizing a “product-as-a-service” platform.

Of course, the real test is whether this “product-as-a-service” approach delivers the tangible benefits promised to the customer. Already, large insurance organizations such as Sompo Canopius and U.K. retail insurer LV, are utilizing the benefits of “product-as-a-service” to shorten time and costs to get to market. The approach also works for smaller organizations like Compass Underwriting.