How? Through the latest stage in the evolving technological platform model: cloud computing. Their chief competitors, the mainstream vendors, such as Aon eSolutions and Marsh Client Technologies, say, “Not so fast.”

All this, of course, is great news for the consumer. Competition always is good in business, especially one as mature as the RMIS industry. New vendors and new technology always tend to invigorate an industry.

The objective of this article is twofold: 1) to reduce the confusion on terminology; and 2) to present the pros and cons of the new cloud model from a high level. It isn't to get into the details of sales literature claims or to delve into the intricacies of the underlying technology.

What are cloud applications?

As you will see, vendors disagree on their definitions.

Eric Wild, executive director of strategic product delivery for Marsh's STARS Risk Technologies, says: “We are our own cloud (private/hybrid) with enterprise, as our clients can access it via our ASP (application service provider) platform using our software as a service (SaaS) offering from anywhere at any time.”

David Black, Aon eSolutions' chief information security officer, echoes that opinion: “We are already in the cloud (private) with RiskConsole.”

Yet, the two cloud computing RMIS vendors disagree, saying cloud computing is the next level in the technology evolution.

Mr. Morrell, president of Riskonnect, says: “We empower our customers with world-class technology. They have a work platform that is always fast, always reliable, and always does the job. The cloud model is revolutionizing other businesses. It will revolutionize the risk management industry, too.”

Mr. Petrie, president of Origami, said: “The public cloud model provides tremendous value to the user; this technology improves performance, lowers cost, and is easier to use than systems built with older technology. The big advantage of cloud computing is that it reduces complexity while increasing reliability and performance. We have leveraged these advantages across our product with a particular focus on improving the features that everyone uses: data consolidation and analytical reporting.”

Are they really different?

Quoting from Arthur Cole, an information technology blogger on ITBusinessEdge.com, “the cloud is currently in the market-hype phase—and definitions in marketing, like truth in politics, are anything you can get the public to believe.”

To sort this out, it is helpful to begin with a brief history of the small RMIS industry. Consider that it got its start in the late 1960s when Corporate Systems introduced a computerized method of producing loss runs. The technology (called mainframe/timeshare) lasted into the mid-1980s and was distinguished by providing data over secured lines to clients. The vendor controlled the data. The next technology upstart arrived: the stand-alone personal computer, where the client controlled the data. In the early 1990s, the PC was replaced by client/server technology, where the client and vendor shared data control. Some Web capabilities were added to the client/server technology in the mid- to late '90s and then fully Web-based products arrived in 2000.

Today's versions of RMIS applications usually are fully Web-based. As Aon and Marsh note, RMIS vendors have been computing “in the cloud” for a long time.

Prior to the latest generation of Web systems, two Web deployment options were available—private self-hosted and application service provider.

With private self-hosted Web applications, the vendor loads its application on the client's Web servers with all the necessary components. Those servers and databases reside at the client's data center and are used only for that client's information.

With shared (ASP) Web applications, the client uses the vendor's servers and generally shares a database with other clients, though appropriate controls and protocols are in place to protect the client's data.

Enter “cloud computing.” Wikipedia defines cloud computing as “the provision of dynamically scalable and often virtualized resources as a service over the Internet on a utility basis. Users need not have knowledge of, expertise in, or control over the technology infrastructure in the ‘cloud' that supports them.”

Practically speaking, cloud computing takes the ASP concept a step or two further. The servers aren't the clients or the RMIS vendors; they belong to technology powerhouses the likes of Salesforce.com or Amazon.com. Further, much of the application is not the vendor's; it also belongs to the same technology powerhouse. They simply lease it out to RMIS vendors to build upon and configure for the task of managing risk management information.

Origami utilizes Amazon.com's cloud infrastructure, while Riskonnect uses Salesforce.com, one of the pioneers in the SaaS (software as a service) movement. Herein lies these vendors' claimed advantages: the “supercomputer-like” infrastructure of true cloud computing, which is able to provide the tremendous speed and capacity vs. their ASP competitors. Further, that they are able to rapidly implement their system solutions because the infrastructure already exists. Salesforce.com and Amazon.com have been around for a while using this approach and are allowing businesses to build on their infrastructure for a fee.

There are differences between how Origami and Riskonnect utilize their chosen infrastructures, but that is beyond the scope of this article.

What about security?

The mainstream vendors raise security issues regarding the cloud-computing options.

Paul Holden, CIO of Aon eSolutions, says: “One of the advantages of the Web/hosted solution is that the partner is totally in control of and responsible for not only the applications and security of data but also the infrastructure. With a public cloud model, control of security and infrastructure is outsourced to the public cloud owner (Amazon or Salesforce).”

Yet, Mr. Petrie of Origami contends that “Security and privacy are strengths of the cloud environment. Cloud vendors like Amazon and Salesforce specialize in technology. Brokers specialize in insurance.”

Like any new environment, there are legitimate concerns about complex issues such as security. But the same concerns were raised when Web-based products entered the market a few years ago. Risks need to be evaluated, no matter what.

Conclusions

What to conclude? The introduction of new vendors in a mature market always is a welcome thing for consumers. Although the cloud computing model is new to the RMIS industry, it isn't new technology. The critical questions always asked about new vendors are, How will they be able to grow in a mature market under the current economic conditions across the world? How will they deliver quality service? How will they handle adversity? Time will tell.

These, after all, are the same questions the traditional vendors face as well. And remember, at one point, they were the upstarts entering a mature technology landscape in the early years of the RMIS industry. It really all comes down to a blend of effective use of technology, good functionality, excellent service, and a reasonable pricing strategy. It always has and probably always will.

David A. Tweedy is practice director of risk information consulting at Albert Risk Management Consultants Inc. in Needham, Mass.