Digitalization and digital networking have become an integral part of every industry. The economy is increasingly being shaped by these trends – and they also affect the insurance industry to a large extent. The insurance companies themselves are working intensively on their digital strategies: customers want more and more digital processes, from pure insurance products to online customer advice. The focus is on a positive customer experience – regardless of time and place.
Initial situation in the insurance industry
This also has a particular impact on IT. 24/7 availability, flexible, “limitless” scalability and super-short “time to market” cycles are (new) challenges that go hand in hand with digitalization. It is also hard to imagine digitalization without the cloud. In its various forms, it is omnipresent and promises simple, cost-efficient solutions for all these requirements. However, the path to the cloud is not always easy, especially for established companies. For example, existing processes and solutions in the area of security, which meet existing internal requirements in terms of risks and compliance, often cannot simply be transferred 1:1 to the cloud. On the contrary: the relocation of applications to the cloud has a strong influence on the architecture of the security infrastructure – especially in the area of web access management. Short development cycles, modular or micro-services-based applications and DevOps pose new challenges for shared web application firewall (WAF) infrastructures that are centrally located in front of the application landscape.
Challenges for insurers
These challenges were also encountered at a large, internationally operating insurance company. Due to the strategic shift of applications and application development to the Azure cloud, the number of cloud-based applications is constantly increasing. At the same time, however, the cloud-integrated WAF lacked internal security approval. As a result, the USP Secure Entry Server® infrastructure, which was operated locally and on-premise, was placed in front of the cloud-hosted applications. This led to various infrastructure-related disadvantages: Firstly, the new setup introduced an undesirable overhead in network communication, as every request was routed through the insurer’s local infrastructure. Secondly, the cloud applications became dependent on a centralized, shared and therefore rather static platform. This resulted in disadvantages in terms of agility, independence and dynamic scaling compared to a pure cloud solution.
Docker-based deployment as a customer solution
In order to cover this specific customer case with the USP Secure Entry Server® (SES), United Security Providers developed a new deployment form for the product. In addition to existing hardware and software appliances, a Docker-based deployment is provided, with which web application security, authentication and federation functions of the SES are also supported on container platforms (managed OpenShift). Moving the accredited USP Secure Entry Server® WAF to the cloud, combined with an application-centric approach, significantly improved the customer’s situation. The Web Application Firewall (WAF) as part of the application stack not only allows the customer to decouple the security-relevant access layer from the centralized, on-premise infrastructure. Rather, this application-centric approach can also guarantee the complete integration of the security layer into the development and deployment lifecycle of the application. In particular, this ensures that the interaction between the WAF and the application is already tested during application development.
However, decentralization does not bring advantages for all aspects of the WAM infrastructure. The management of configurations as well as log management and reporting of container-based WAF instances will continue to be provided centrally, partly as a SaaS solution and partly as an additional component in the customer’s cloud environment. This means that existing dashboards, reporting and anomaly detection functionalities can be used centrally via the digital customer interface “USP Connect®“.
Benefits for the insurance industry
Insurers are confronted with additional regulatory requirements, increasing competition and enormous cost pressure. The use of the USP Secure Entry Server® as a “SaaS component” supports insurance companies in pursuing their profitability targets in terms of performance and response time. At the same time, it ensures that a company-wide security policy is enforced and company guidelines are adhered to – even in multi-cloud and hybrid environments. The insurance industry also benefits from lower costs, for example due to the elimination of acquisition and/or investment costs for hardware and software. In the context of cloud usage, a “pay as you go” model also comes into play, which only generates costs depending on actual usage.