Insurance Networking News - March/April 2010

structure. “We have a virtual cloud
run by our organization,” says Mi-
chael Anselmo, CIO of Narragansett
Bay. “As our business grows, we’re
going to expand the capacity of our
cloud. And even though we have the
cloud, it’s all managed by our peo-
ple—we’re just borrowing the ser-
vices and getting the cost benefit of
that hardware and software while
paying it over time.”
At Columbus, Ohio-based Grange
Insurance, the project management
team turned to a cloud-based appli-
cation offering to avoid adding more
burdens to the company’s busy IT
department, as well as provide more
flexibility for end users. Sarma Te-
kumalla, assistant VP for the project
management office at Grange, has
been employing a cloud-based proj-
ect management solution to coordi-
nate various projects moving
through the company. Tekumalla was
concerned about taxing the stretched
resources of his company’s IT de-
partment with yet another applica-
tion to support and maintain. “Our
IT department was stressed,” he ex-
plains. “They had too many projects
across the organization. We didn’t
want to add more software for them
to maintain.”
The online project management
software, from Seattle-based Daptiv
Inc., provides configuration and re-
porting features that can be man-
aged by the company’s 40 end users.
“We were looking for highly con-
figurable software for someone from
outside IT to configure and main-
tain,” Tekumalla says. IT was engaged
at the outset of the cloud application
selection “just to keep them in-
formed,” as well as vet security re-
quirements, he explains. While other
departments in the company were
initially hesitant to bring in cloud-
based applications, the project man-
agement office’s success with its
cloud is spurring other departments
to look to cloud providers for solu-
tions. “We’re now ramping up other
cloud applications outside of Dap-
tiv,” Tekumalla says.

WHAT ABOUT SECURITY?
While cloud is in fact delivering
benefits to carriers’ operations, the
enthusiasm is tempered by concerns
about online security, an issue that is
particularly sensitive among insur-
ance companies. “Security is the
biggest concern,” Goldberg says.
“Many insurers are worried that if
their information is kept in the
cloud, it may not be as well taken
care of as it would in their own in-
ternal data centers.”
More than anything, the risks de-
pend on the type of cloud comput-
ing arrangements made, and these
can vary, says David Black, chief in-
formation security officer for Mari-
etta, Ga.-based Aon eSolutions.

“There are differences in the risks
and exposures between different
cloud types; we see different adop-
tion based on risk appetite. For ex-
ample, we see insurance companies
beginning to utilize public cloud
computing solutions for non-core
business needs that do not include
the use of personal identifiable in-
formation such as social security
numbers or health care information.
An example of this is using a CRM
like Salesforce.com.”
Another form of cloud comput-
ing is private clouds, where the
cloud is either deployed within the
insurer’s own data center, or in a
“cage” by a highly trusted partner
that minimize the risks. “We see in-
surance companies using private
cloud computing solutions for core
business needs that may include per-
sonally identifiable information,”
Black adds.

Such is the case at Narragansett
Bay, in which all cloud-based opera-
tions, even when turned over to an
outside vendor, are administered as
a private cloud. “We’re taking the
lessons learned from the data centers
and their providers that would host
our cloud,” Anselmo says. “It’s our
own secure network, and no one
else has access to our data. It’s run in
the cloud, but as an internal cloud.
We contract for a specific amount of
cores, memory and storage. And
that’s guaranteed to us. It’s dedicated
to our world.”
Anselmo points out that his
company’s relationship with cloud
providers goes far beyond a typical
cloud agreement, in which space
is rented as needed from a third-
party service. “We have more of a
dedicated cloud,” he says. “It meets
our physical criteria, it’s exactly
the same hardware that we run in
our offices in Rhode Island. I
would have a concern if they were
on different model servers, or dif-
ferent storage devices. It’s running
on our equipment in a virtualized
environment. We’re much deeper
with them—we’ve dealt with the
actual engineers and we’ve seen
the site. We even have a card key
access to our cage that’s running in
the cloud.”
Black agrees with the need to
forge a deep relationship with
cloud providers to better ensure
security and availability. “The more
you can understand the better,” he
says. “Understand the specifics of
the service levels. Understand
where the data is going to be lo-
cated. In a private cloud, for ex-
ample, your data is going to be in
a specific data center. Also, under-
stand the ramifications if there’s a
data breach. Also, is your contract
going to be with a single provider
that provides all the services, or is
the provider outsourcing other
pieces of that? If they are, under-
stand what those pieces are, and
what your protections are because
it’s more difficult to ensure that
you’re fully covered and protected
when you’re arms-length away
and don’t have direct contact to
the cloud provider providing the
infrastructure and the platform.”

CLOUDY APPLICATIONS

Bill Hartnett, director of U.S. insurance solutions for Microsoft, Redmond, Wash., says he’s seeing two levels of cloud implementations among his company’s insurance cli-

“It’s our own secure network,
and no one else has access to
our data. It’s run in the cloud,
but as an internal cloud. We
contract for a specific amount
of cores, memory and storage.”