www.niit-tech.com

NIIT Technologies White Paper

New Era in Insurance: Cloud ComputingNew Era in Insurance: Cloud Computing

Surekha SugandhiInsurance Practice - Solution Architect

CONTENTS

Cloud Computing Services in the P & C Insurance Industry 3

Key Drivers for Cloud Adoption 3

Cloud Adoption Inhibitors 4

Best Practices for Cloud Computing Adoption 5

Conclusion 6

Cloud Computing Services in theP & C Insurance Industry

Key Drivers for Cloud AdoptionIncreasing Cost StrainsP&C insurance companies were severely impacted by the ongoing

financial crisis and realized they could not afford to depend too

heavily on investment income to sustain profits. Insurers need to

achieve profitability in a period of reduced premiums and

investment income, while also improving their speed to market to

resist intensifying competitive pressures. These challenges can be

addressed through an infrastructure cloud solution, which

increases reuse and sharing due to virtualization, and reduces the

cost of IT ownership.

Need for Better Business AgilityCloud technology enables insurance organizations to maintain a

lean but highly agile and efficient IT organization that can provide IT

services on-demand, further enabling business units to consider a

variety of innovative business solutions that can be quickly

brought into operations as needed.

3

Cloud, mobility, and advanced analytics are transforming the way

insurance companies offer value to their customers. As competitive

pressures within the industry increase, insurance companies will

turn to technology for assistance in this changed environment.

To prosper in this new environment insurance companies can look

to the cloud, in conjunction with other technologies, to help drive

reinvention of their business model to offer new services and

create direct, multi-channel relationships with customers.

The insurance industry faces daunting technology challenges,

including limited resources, aggressive timeframes and

often-unrealistic demands from business stakeholders Leaders

must reduce costs, increase service quality and position for

growth in rapidly changing markets. The changing regulatory

environment and unwieldy legacy applications make these efforts

even more difficult.

Like most industries, P&C insurance is currently using cloud

computing services for non-core office and support functions,

primarily via SaaS. P&C insurers are mainly using cloud computing

services for email and other business support functions such as:

sales and service support, collaboration, file sharing, and web

conferencing.

Most industries are currently using public clouds for non-core

office and support functions; however, private clouds are the

preferred model to host core business specific applications

because they are more secure.

Perceived cost savings, better collaboration, and faster

time-to-market are the key benefits of cloud computing for

insurers. Data privacy and regulatory compliance are the main

inhibitors of cloud computing for the P&C insurance industry.

Figure 1: Public Cloud Computing Adoption

6.715.125.5

Global Public Cloud Computing Market Size

2009

2010

2011

2012

2013

2014

2015

113.9

9778.4

58.6

41

4

Call for Fast DeploymentThe most important factor driving the need for cloud computing in

the P&C insurance industry is to shorten the time to implement new

IT applications. An increasingly competitive global insurance

market—in which insurers are pressured to reduce the time to

market for new products and services—is driving a higher focus on

achieving IT agility and shorter deployment times.

Expanding Global FootprintMany P&C insurers are seeking to expand their global footprint to

reduce the risk of over-dependence on any particular market or

markets. These insurers need the high level of flexibility and

standardization fostered by various cloud computing services,

facilitating smoother and cheaper integration of “greenfield”

operations, acquisitions, and joint-ventures. There are ample reasons

for insurers to adopt cloud computing solutions. Operational

flexibility, costs savings, and pay-as-you-use are the key themes

expected to drive cloud computing adoption in the coming year.

Information Security Governance

Today, opinion is divided about whether protecting your corporate

data in the cloud, both to be certain it is there when you need it

and to safeguard it from unauthorized access by others, is more

difficult than doing so on your own.

Culture and comfort aside, simply communicating data over the

public internet, as opposed to keeping it entirely within a private

corporate network, may increase data vulnerability. In addition, the

business models of CSPs involve sharing infrastructure among

many clients and managing IT workloads among many different

physical machines or even geographically dispersed data centers.

That workload management issue means that a given cloud user

may not be able to determine precisely where its data is located or

how that data is protected. The shared infrastructure issue

effectively links the security fates of all users in a given cloud in a

sort of unintended Commune. These issues were cited in a recent

European Commission report as the key reasons why cloud

computing will require entirely new security governance models

and processes.

Privacy Concerns

On the privacy side, there is the concern, of course, that personally

identifiable information stored in the cloud can be breached more

easily than if stored in-house — but that’s mainly a security

concern. Beyond data protection, the core privacy problem for

enterprise businesses adopting cloud computing stems from the

diversity of privacy regulations from country to country, juxtaposed

against the CSP business model.

Cloud computing can complicate how you safeguard the

personally identifiable information of your customers, business

partners and employees, both to meet your organization’s own

legal and ethical requirements and to comply with the privacy

regulations of all the jurisdictions in which you do business — or

through which your cloud passes.

Manage Risk Communication and Training Plan

Cloud Adoption InhibitorsWhile cloud services are simpler to use and less costly than many

in-house alternatives they add complexity to the businesses of

established companies entering the cloud computing market,

whether as service providers or users. The delivery of cloud

services is leading to new, multi-layered revenue streams with

increasingly complex and uncertain security, privacy, tax and

related compliance and control consequences for cloud computing

users and providers alike. Among the inhibitors are:

Loss of Control Instead of controlling the IT environment directly, through the

implementation of technical specifications that they define, cloud

users manage their IT infrastructure through their relationship with

their Cloud Service Providers (CSPs) and through service level

agreements (SLAs). This requires skills that IT organizations

typically do not possess today, so they will need to reinvent

themselves to make this shift a smooth journey.

The other vendor management challenges stem from the loss of

control and lack of transparency into infrastructure details that

often come with moving to cloud services from in-house or

traditional outsourcing models.

5

Keep cloud Efforts on Track Make sure cloud computing receives the focused thinking,

planning and follow-up it requires. Identify and address both

immediate and longer-term business needs and opportunities that

lend themselves to cloud computing.

Set the standards for Success. Provide the necessary oversight to the IT Organization Make sure goals and deliverables are well understood, and

projects are well aligned with business needs. Clarify how the value

from cloud computing is to be determined.

Provide the necessary SupportBesides financial resources and technical talent, support other

activities that will underpin the success of cloud initiatives.

Examples may include a community of practice or a cloud program

office to develop cloud skills and share experiences.

Buy Cautiously, Appraise FrequentlyIt is too early to predict who the major cloud providers will be in a

few years, and what capabilities they will deliver, or how well. So,

when selecting cloud providers, carefully consider whether they

have the potential to be a desirable partner in the future. Even after

they are chosen, evaluate your partners on their financial stability

and on their ability to improve functionality and service levels, and

Integrate data across services.

Best Practices for Cloud Computing Adoption

Understand the condition and scope of your entire IT infrastructure and application portfolio to create a prioritized list of what should go to the cloud and when Security and regulatory concerns undoubtedly will play a major role

in determining which applications can move to the cloud and

which likely will always have to remain in house. However, another

determinant is the lifecycle of the application. If an insurer knows

that one of its applications is due for a major upgrade program,

replacement or retirement within the next two years that could well

be the trigger point to move to the cloud.

Establish a clear Governance structure for Cloud ComputingMany organizations have rules and structures in place that govern

how IT decisions are shared b between departmental leaders and

Regulatory Compliance

Cloud services are delivered by “virtualizing” hardware and

software that could theoretically be located anywhere in the world.

Thus, cloud computing raises new questions about whose rules

must be followed

Lack of Standards

Many standards are required to simplify interoperability among

cloud providers and between enterprise systems and cloud

services, but few exist. The lack of standards also may pose

obstacles to recovering data, whether for the purpose of legal

discovery or for migrating from one CSP to another

IT executives. Use these to define who inside and outside the IT

organization should be engaged in decisions on cloud computing.

Inspect what you ExpectWhen dealing with the cloud, service-level agreements are crucial

because cloud computing entails reliance on third parties. Thus,

choosing a service provider that meets SLAs is vital.

The cloud computing services market is forecasted to continue

growing at a rapid pace over the near-to-medium term. This

growth will be driven by key business priorities including

operational flexibility, cost savings, and pay-as-you-use models.

P&C insurers are expected to enter the cloud computing arena

cautiously, with no single cloud services delivery model being a

silver bullet for best meeting all their business needs. Cloud

computing solutions will help insurers develop strong collaborative

capabilities and better information sharing, as well as improve their

bottom line by enhancing procedural efficiency, and reducing the

total cost of ownership of IT infrastructure.

6

The key for P&C insurers to succeed and gain a competitive edge

is to develop a holistic cloud strategy that can be implemented

across the core and non-core functions of the insurance value

chain. P&C insurers should develop their cloud strategy based on

risk consideration, level of standardization, and target total cost of

acquisition at each core and noncore functions level. In the

absence of a holistic cloud computing strategy, insurers will be

challenged to achieve their business priorities of cost saving and

enhanced business agility without compromising customer data

and security.

Conclusion

D_6

1_25

0314

Write to us at marketing@niit-tech.com www.niit-tech.com

NIIT Technologies is a leading IT solutions organization, servicing customers in North America,

Europe, Asia and Australia. It offers services in Application Development and Maintenance,

Enterprise Solutions including Managed Services and Business Process Outsourcing to

organizations in the Financial Services, Travel & Transportation, Manufacturing/Distribution, and

Government sectors. With employees over 8,000 professionals, NIIT Technologies follows global

standards of software development processes.

Over the years the Company has forged extremely rewarding relationships with global majors, a

testimony to mutual commitment and its ability to retain marquee clients, drawing repeat

business from them. NIIT Technologies has been able to scale its interactions with marquee

clients in the BFSI sector, the Travel Transport & Logistics and Manufacturing & Distribution, into

extremely meaningful, multi-year "collaborations.

NIIT Technologies follows global standards of development, which include ISO 9001:2000

Certification, assessment at Level 5 for SEI-CMMi version 1.2 and ISO 27001 information

security management certification. Its data centre operations are assessed at the international

ISO 20000 IT management standards.

About NIIT Technologies

NIIT Technologies Limited2nd Floor, 47 Mark LaneLondon - EC3R 7QQ, U.K.Ph: +44 20 70020700Fax: +44 20 70020701

Europe

NIIT Technologies Pte. Limited31 Kaki Bukit Road 3#05-13 TechlinkSingapore 417818Ph: +65 68488300Fax: +65 68488322

Singapore

India

NIIT Technologies Inc.,1050 Crown Pointe Parkway5th Floor, Atlanta, GA 30338, USAPh: +1 770 551 9494Toll Free: +1 888 454 NIITFax: +1 770 551 9229

Americas

NIIT Technologies Ltd.Corporate Heights (Tapasya)Plot No. 5, EFGH, Sector 126Noida-Greater Noida ExpresswayNoida – 201301, U.P., IndiaPh: + 91 120 7119100Fax: + 91 120 7119150

A leading IT solutions organization | 21 locations and 16 countries | 8000 professionals | Level 5 of SEI-CMMi, ver1.2 ISO 27001 certified | Level 5 of People CMM Framework