By Ramkumar S, Product Development, Insurance

IoC – Inversion of Control comes to our minds, which dramatically changes the way we develop software. Similarly, Insurance on Cloud will change the way software is delivered for the insurance industry.

Ten years back, hosting emails on the cloud would make every company / CTO paranoid. Fast forward 10 years to 2022, Microsoft Office 365 is the “de facto” platform for business emails on the cloud. The Insurance industry is also undergoing a similar change where insurance providers are embracing the cloud and software developers are working to develop solutions for the cloud. It is and will be a win-win situation for insurance providers as well as software developers.

Insurance providers using the cloud, will have the edge over others in:

  • Cost Reduction – Both initial infrastructure cost and operational cost.
  • Time to Market – Speed to market for new products.
  • Dynamic Scaling – On-demand hardware scaling (up and down) will help to achieve performance and cost balance.
  • Uptime – Close to 100% uptime along with disaster recovery and geographical resilience.

However, with all the advantages, also comes certain takeaways. “Control” – we may lose control to certain extent of the physical environment and the physical access to data. Some of the other subtle issues could be:

  • Compliance
  • Security
  • Vendor dependency.

Read on, for “ways to control” takeaways.

Data – Securing data and complying with regulators is an important challenge to be addressed when solution providers are moving towards the cloud. Only if the insurance providers are convinced that they are in control of the data securely, we will be able to move forward together. We will discuss some of the options to secure data from a solution provider’s standpoint:

  • Encryption – Sensitive data may be encrypted using proven algorithms. The encryption keys may be stored well away from the encryption data and may be picked up from separate databases or other data stores via APIs.
  • Data Layer Segregation:
    • The solution should not only draw a clear line between data layer and other layers but also have a clear segregation of sensitive and non-sensitive data so that securing data will be easy.
    • Segregation of data layer helps in addressing various issues such as territorial scope limits and other regulations such as EU’s GDPR, recently enacted KSA’s and UAE’s PDPL, etc.
    • Stricter implementations can adopt a hybrid model where sensitive data resides in on-premise infrastructure whereas other data can reside in the cloud. This should be the last option as it can potentially defeat the whole purpose of moving to the cloud.

Deployment – Solution providers need to demonstrate strong and reliable “controlled” automation of deployments with CI/CD for new environments, product releases, feature releases or scaling. The “control” is key as insurance providers need to be in control to accommodate their processes and approvals. With CI/CD, the release process can be streamlined for batch-by-batch release like App store releases.

Development – To achieve all the above-mentioned controls and automation, the solution needs to:

  • Have clear design and segregation for all layers and modules.
  • Follow best practices in development such as SOLID, 12 Factor methodology, etc.
  • Build unit testing with dynamic test cases as part of the development and integration release testing.
  • Use standard and open frameworks to build solutions and not re-invent the wheel again.
  • Contribute to open framework and software development methodologies subsequently in doing all the above.
  • Readily support provision for web services security.

Dependency – Lock-in to a single vendor could become a bottleneck in the long run. Solution providers need to adopt open framework technologies such as Kubernetes which can be implemented on all top cloud service providers such as AWS (EKS), Microsoft (AKS), Google (GKE), etc. To further improve resilience, Kubernetes can be implemented across multiple cloud providers as well. Adoption of open frameworks can help to avoid vendor lock-ins as well as increase reliability.

Cloud – Even though it is not the go-to option currently, like emails, will become the de-facto option in the near future. As solution providers, we need to be agile in creating a dependable platform for insurance providers to grow on and as they grow, we grow along with them. And together, we will reach the stars.