One of the dilemmas that insurer CIOs wrestle with is where to set the dial when it comes to agility vs. control in IT. Control in this context means governance, security, separation of concerns, change management, and so on. Agility is the opposite direction – lightweight governance, fewer barriers, right-sized security, and devolving decision-making down into the organization.
Insurance, as a heavily regulated industry, has historically tended towards control, and with good reason – stiff legal and financial penalties are often associated with not doing the right thing. Many of us have experienced the dysfunction and chaos resulting from the control dial being set too low – budget overruns, software dropped unexpectedly into production without testing, unplanned outages, data loss, etc.
And many of us have also worked at organizations where it is impossible to get anything done because the dial is set too high. Waste and red-tape everywhere, productivity severely throttled, and innovation almost entirely absent. There is a real cost associated with control, and it’s not only the cost associated with the oversight structures it requires.
The reality is that change is constant, and the rate of change is ever quickening. It’s a fundamental truth of the information economy. The enemies of change adaptation are the very structures that we use for control. To thrive, insurers need systems that embrace change and transform it to business value or face potentially dire consequences.
So where to set that dial? As usual, there isn’t a one-size-fits-all answer, but trends across the board are towards easing up on the control and looking for strong ROI-based justification whenever new control is added.
This movement can be traced back to late 90s and the advent of
This trend continued with DevOps, which can be viewed as extending the scope and culture of Agile into IT operations. And whereas the Agile movement respected organizational boundaries (for the most part), DevOps insists on a blurring of boundaries between development, IT operations, and even the business units. It can change an organization’s structure in fundamental ways and can be both transformative and disruptive to a company culture. And viewed from a control perspective, it can be downright scary.
Microservices architecture (MSA) is another shift in the same direction. It is built on (and requires) a foundation of DevOps and again, the trend is towards increasingly devolving control and greater autonomy of the teams and systems. Loosely-coupled teams and services are simply better at responding quickly to business needs in a rapidly changing market.
Some of us with long memories will look at this and wonder about the risk a return to the days of ”cowboy” IT and “no test like production,” but there are some key aspects of these movements that are different. Yes, there is a greater reliance on trust and individual responsibility, but there are also guardrails provided by the automate-everything philosophy, the do-the-right-thing peer influence inherent in cross-functional teams, and the accountability that comes from “you build it, you run it,” one of the mantras of DevOps. Less waste, less finger-pointing, more ownership and yes, more innovation.
It won’t make an insurer with an IT headcount in the thousands look like an InsurTech startup overnight, but the truly valuable parts of startup culture aren’t the free food, unlimited vacation time, and game lounge. It’s also not about the latest automation, cloud provisioning tools, and finely-grained services.
What it’s really about is building a nimble, responsive business that’s efficient and innovative enough to be profitable in its chosen market for the long haul. It’s about expecting and getting the best from everybody, not just leadership, and Agile, DevOps, and microservices all contribute significantly towards that end.
Stay tuned for our upcoming executive brief on how DevOps is transforming the insurance industry.