Risk and Challenges associated with cloud migration in the insurance sector
In a physical intensive industry like insurance, we have seen digital adoption increase tremendously across customers, channel partners and other stakeholders. Increased mobile penetration and the availability of data started this journey, and the pandemic accelerated it. As an organization, we have been early adopters of Technology and the Cloud was no exception. We had moved our entire test and development setup to the Cloud in 2013 and our entire productivity and office suite onto a SaaS platform a year later. The ability to experiment and leverage the high computing power on the Cloud helped us in kickstarting our AI/ML journey in the year 2018 when we developed complex deep learning and machine learning algorithms.
Till recently, we had been largely utilizing the Cloud as an infrastructure platform. However, in early 2021 was when we looked at moving the entire datacenter to the Cloud. The focus at that time was multifold – (1) to adopt agility in our systems, to help rapidly develop, test and deploy new applications, (2) to be able to rapidly scale our infrastructure considering the growth in volumes and our increased focus on digital, (3) to increase reliability and efficiency of our infrastructure to help service all our stakeholders and at the same time develop a roadmap for retiring our technical debt and (4) to be able to leverage the latest technologies to help innovation and drive business in the long-run.
We started the entire Cloud migration journey in early 2021 with a strategy of following a lift-and-shift approach followed by continuous re-architecting and re-building. However, even before we started, our first focus was on security. On-prem, since we were a part of the larger ICICI Group, we had maintained the highest levels of security and it was imperative for us to have the same exacting standards of security for our cloud footprint as we would be connected to the shared datacenter for some time. We spent our initial six months to set up the entire secure landing zone on the cloud. Once ready, we had the setup audited by security experts. Only then were we ready to receive our first application from our on-prem datacenter.
Along the way, we challenged a few pre-conceived notions, such as one that movement between the on-prem datacenter and the Cloud was the job of only the infrastructure team. On the Cloud, the application owner has a lot more control on the infrastructure and we adopted a model of centralized Cloud governance with decentralized execution. This model helped reduce time and effort of migration of many applications. At the same time, this helped us in running a multi-threaded migration operation across the organization.
Our entire approach to migration was focused on setting up the foundation and security layer; followed by moving the low-risk and complexity applications first; observe, analyze, learn and fine tune the approach. This was followed by movement of the medium-risk applications and the high-risk applications. We hit some technical glitches along the way which resulted in a minor delay and small cost overrun but we are proud to say that we are the first large private insurer to move all our applications, including the core, to the Cloud.
Having said that, our journey has just begun. Our choice of the lift-and-shift route means that we have invested heavily to achieve a near-term objective. This meant that we immediately needed to start rearchitecting and rebuilding of our applications post migration. What we have seen is that moving our complete set-up onto the cloud has given us some immediate benefits, including stability, availability, and scalability. Progressive modernization of our stack, and rearchitecting our applications, would help us become truly cloud native and exploit the full benefits of the cloud.
While this has been an exciting journey so far, we have had great learnings along the way. During planning stages, most organizations spend a lot of time on server sizing and optimization but not on network sizing. Network routing is critical, especially if you are doing migration in phases and you have interconnected applications. Ensure that you plan for disaster recovery and security at the beginning itself. Be ready for a complete overhaul of the IT operating model. Reskilling and upskilling of the existing workforce in new technologies (Data, AI/ML) as well as in new ways of working (Agile/DevOps) is critical. The larger organization needs to be aligned and trained for new ways of working. Ensure that key performance indicators (be it increased digital adoption, increased reliability or big data and analytics) are discussed and finalized before you start your Cloud migration journey. This journey is an organization-wide continuous transformational journey which will help businesses both survive and thrive in years to come.
Authored by Girish Nayak – Chief – Service, Operations & Technology at ICICI Lombard GIC Ltd.