ERGO Insurance Singapore's cloud migration is a prime example of the fact that automated operations are key to dynamic digital growth and secure IT infrastructure. In addition to a smooth implementation process, it also delivered long-term results including agility in solution deployment, scalability based on real demand, and cost reduction. Karl-Heinz Jung, ERGO Insurance Pte. Ltd.’s Chief Executive, Shariq Khan, Head of Information Technology at ERGO Insurance Singapore, and Christoph Koslowski, Global IT Security Officer at ERGO Group, talk more extensively about the migration process as well as the challenges and benefits experienced while working towards this goal.
Is it true that for the first time in ERGO's history, a global division has been integrated 100% into a cloud environment?
Karl-Heinz Jung: Yes, that is correct. ERGO Insurance Singapore has become a trailblazer as one of the first of 30 international ERGO Group entities to fully migrate to the cloud.
Where did the demand come from, and why has ERGO Singapore been growing so dynamically in the cloud?
Karl-Heinz Jung: We have an obligation to comply with the Monetary Authority of Singapore’s cyber hygiene and technology risk management requirements. The cost of upgrading our on-premises hardware to comply with the regulations would have been too high and proved to be the business case for ERGO Singapore to initiate migration to the Amazon Web Services (AWS) Cloud. We have been able to show that the cloud is a good solution and have done extensive test verifications and checks to be sure that our customers are safe.
What did the onboarding process look like? And how long did it take you to migrate all the systems and data into the cloud?
Shariq Khan: It took 10 months. We had to split all the systems into three batches according to their criticality and then migrated the respective systems in batches. We did brainstorming, planning and tracking to execute the plan successfully. Of course, we also had to adjust the plan according to the migration journey, based on learnings after each batch had migrated and the recommendations from our Global IT Security and Risk Management teams. It was a challenging journey but full of learnings for all of us involved in the cloud migration program.
How are IT security issues managed in the cloud?
Christoph Koslowski: There is central oversight of IT security aspects conducted by several teams, such as the cloud operations team and the cloud security team. This oversight includes the use of AI and rule-based tools to monitor the cloud environment on a day-to-day basis and automatically trigger response processes when anomalies are detected. Furthermore, each service operated in the cloud must pass a rigorous security assessment and rating process. We use a mixture of industry standard and tailored security controls to protect our business services, networks, and data. One of the core benefits is a scalable environment that is state-of-the-art in terms of infrastructure security. It gives us a better and easier-to-manage environment with a reduced attack surface.
What are the most significant lessons learned after going through the migration process?
Christoph Koslowski: One lesson that we all learned is how important the end-to-end view of the entire system including legacy applications across all environments is. This means looking at each system as well as its dependencies to other components and systematically applying adequate security controls across the network. In other words, the crucial point is the full end-to-end view of a business process with all of its layers, and a proper integration of IT security. The cloud platform has provided us with the technological basis for the introduction of highly automated and advanced security measures.
What are the best examples of significant business improvements after moving ERGO Singapore to the cloud?
Shariq Khan: First, agility. We can deploy solutions faster as we do not need to order the hardware and related IT infrastructure, which used to take months in procurement and delivery. Secondly, scalability – our IT and business systems are able to use the auto-scale features (using Elastic Load Balancers, EC2) of AWS, whereby IT infrastructure resources are auto-adjusted based on real demand. There is also availability, because we can monitor all our systems and services more effectively thanks to available tools. Finally, reduction in cost – by using the latest generation Amazon Elastic Compute Cloud (Amazon EC2) instances, right-sizing instances for predictable workloads, and automated shutdown of non-production servers outside business hours have also helped cut costs.
If you were to sum up in three words the positives of the new data center, what would they be?
Karl-Heinz Jung: We can talk about many positive aspects. However, the three main ones are: speed, flexibility and cost. Being digital is key to achieving our business goals and stimulating ERGO Group’s digital growth. For me it starts with the cloud because we need to have this flexibility and speed, without the need to wait a few months until the hardware is delivered. And it also offers security. Cybersecurity is the major challenge nowadays, and we need to have the new tools to replace the old ones to maintain the necessary level of security.
One of the largest cloud projects in the insurance industry: