Cloud 101 for Insurance Agencies: Lingo You Need to Know

By Adam Stern

Underwriting insurance is tough enough; most agencies would prefer not to wade into the fog of IT, especially given just how obtuse the tech world has become.  For those insurance brokers making the shift from an in-house solution to the cloud, getting the language right is Job #1. Familiarizing yourself with some basic terminology won’t turn you into an expert, but it can provide a grounding in the fundamentals—which can, in turn, make you into a wiser IT consumer and perhaps a more savvy user.

Without further ado, here are a few words for you, and your business, to live by:

Public Cloud?  Private Cloud? Hybrid Cloud? 

As the cloud has expanded, it more or less subdivided: private (proprietary or internal to one organization), public (in which service providers make applications and storage available to any business over the Internet, typically for a monthly usage fee), and hybrid (a blend of both).  Put another way, some of your workload is under your control, some outside of your control, and some situations mix the two. These days, the hybrid cloud is ubiquitous. The majority of organizations rely on servers and computers, and some data resides on various desktops; some is stored with Apple or Dropbox or Microsoft; and some organizations have embraced Infrastructure as a Service (IaaS) or Software as a Service (SaaS) (see below).

The right questions aren’t, “Should I go on- or off-premises? Should I opt for the hybrid cloud, the public cloud, or a private cloud?” The smart question is, “What’s strategically best for my organization?” When you frame the query in that manner, you can determine where to place your computing power, and you begin to gain control over the dynamic. Want to reduce costs? Increase efficiencies? Achieve some other objective?  Go back to basics. First, decide what your metrics are and how they serve the business, then select the technology.

SaaS, IaaS. PaaS

At its most basic level, IaaS enables insurance agencies to move all or part of their computing environment to the cloud (that is, off-premises), and to make the migration without modifying any of their existing applications.  The market is now awash in IaaS tools and technologies, empowering insurance brokers who may lack traditional computing resources to benefit from robust products and platforms.

In the mushrooming world of the cloud, IaaS is distinguished from two other “as a service” models: Software as a Service (SaaS) and Platform as a Service (PaaS).  Without getting mired in terminology, SaaS is essentially a software rental model, where individual applications are hosted—again, off-premises—for a monthly subscription fee.  All users need is a web browser and they’re good to go.

PaaS is somewhat more ambitious while remaining steadfastly user- and application- specific.  PaaS is ideal for insurance agencies writing applications that are specific to their business—and they don’t need to build and maintain the infrastructure usually required to develop and launch an app (it may be obvious, but smallish insurance agencies probably shouldn’t try this at home). PaaS makes it possible, even easy, to develop applications rapidly with little technical know-how—applications that aren’t intended to be sold but run on a single, captive platform. If the platform for which the app was written changes or ceases to exist, however, users are out of luck. With PaaS, internal development teams are compelled to ride the IT rollercoaster, forever investing and reinvesting in platform-specific application development.

The Mnemonics of Security

For insurance brokers operating in today’s cyber-minefield, security is process, not an event—a mindset, not a matter of checking boxes and moving on, as one might on a claim form.  Sound security planning requires assessing threats, choosing tools to meet those threats, implementing those tools, assessing the effectiveness of the tools implemented—and repeating this process on an ongoing basis.

At a minimum, what steps must insurance agencies take?  Measures like clustered firewalls, multi-factor authentication—that is, “layered” passwords—and intrusion detection and prevention systems (IDPS), which go above and beyond traditional firewalls.  Increasingly, threats are emanating from Distributed Denial of Service (DDoS) attacks on hosting providers and from massive volumetric attacks.  These attacks are something new and particularly troubling, and no single firewall can stop them—especially when the attacks originate from connected devices.

This is necessarily a teaser more than a proper primer, a very brief sampling of the jargon that typically separates the IT realm from the world of policies and premiums.  The more you know, the more you’re in a position to bring those worlds together, for your agency and for your clients.

Adam Stern is Founder and CEO, Infinitely Virtual, Los Angeles, Calif. On Twitter: @iv_cloudhosting