Insurance or not, many organizations are transforming themselves with agile models. We spoke to a top leader of an international insurance firm that is leveraging Agile approaches more often and in more projects. Here are some learnings we discovered.

What challenges did you need to overcome to be successful?

As we looked to scale Agile across our organization, one of the biggest problems that we experienced was that our tool wasn’t, well, agile. It was little more than a fancy looking spreadsheet and our staff spent their time battling with the tool rather than leveraging the tool to help the business. That just wasn’t sustainable.

In what ways do you address these issues?

Just like any other aspect of business, the ability to deliver work effectively using Agile requires a combination of the right information driving the ability to make sound decisions in a timely manner, and a tool that allows people to focus on doing their work rather than interacting with the tool. We needed to find a solution that could easily integrate with our other enterprise tools, and that could help us become more effective and efficient.

What was your end solution, and what impact did it have?

For us, Rally Software from Broadcom was the answer. We recently ran our first PI planning session using the tool and we cut the duration of the planning session by two hours. Multiply that across the number of people and the number of times we plan PIs and it becomes a material saving. And of course, that efficiency means staff time can be redirected into work that adds value to the business.

Rally integrates with our other tools — delivering information, consuming information, and generally improving workflow and automation. That means people have the information they need in a way that works for them, allowing them to focus on their tasks. We’re also planning to leverage Rally as a decision-making tool for the business — helping teams to prioritize and refine user stories and drive more improvements.

How is this driving your success?

We’re breaking down silos. With the ability to collaborate in a tool that actually helps us deliver, we are strengthening relationships between business and IT. That improves understanding and ultimately drives engagement in ensuring that the best possible solutions are delivered — so we can keep increasing customer and business value.


Through effective implementation of agile solutions such as Rally Software, teams can enhance innovation, optimally balance resources, and fuel dramatic improvements in delivery. Going agile is the first step toward more impactful Value Stream management — so what are you waiting for? If you find yourself in a similar business scenario and would like to learn best practices to unlock excellence with Agile analytics, be sure to download our eBook, “How To Interpret Data from Burnup / Burndown Charts.

Collaboration Software

Across the globe, cloud concentration risk is coming under greater scrutiny. The UK HM Treasury department recently issued a policy paper “Critical Third Parties to the Finance Sector.” The paper is a proposal to enable oversight of third parties providing critical services to the UK financial system. The proposal would grant authority to classify a third party as “critical” to the financial stability and welfare of the UK financial system, and then provide governance in order to minimize the potential systemic risk. The financial regulators (HM Treasury in coordination with the Bank of England, Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA)) will “be able to make rules, gather information, and take enforcement action, in respect of certain services that critical third parties provide to firms of particular relevance to the regulators’ objectives (which the regulators refer to as ‘material’ services).”  The paper references the cloud concentration risk concerns raised by the Bank of England in previous research. At that time, over 65% of UK firms used the same four cloud providers for cloud infrastructure services.  

The US regulators have been examining the third-party risk topic in various forms including request for comments last year. Recently they have increased hiring activity to bring on staff to examine the cloud software providers. Cloud concentration risk, system market risk—it goes by various names—is not a new topic. Back in 2019, a letter to the US Financial Stability Oversight Council requested the major cloud service providers be designated as systemically important financial market utilities. 

And then there’s the Digital Operational Resilience Act (DORA) in the EU. DORA received provisional agreement in mid-May with the same overarching goal of helping to provide financial stability in the financial sector throughout the EU.  

“… make rules, gather information, and take enforcement action, in respect of certain services that critical third parties provide to firms of particular relevance to the regulators’ objectives”

Are you ready for cloud concentration regulation?

So with this latest scrutiny and round of papers issued by governments, we are about to see a material shift in the regulation of critical third-party providers and specifically the cloud service providers. Rather than wait for a compliance mandate, it is critical for insurers and financial services providers of all kinds to consider—and prepare now—for  the implications.

Insurers and financial services firms are very practiced in the requirements related to redundancy and disaster recovery. The regulations surrounding an individual provider and the ability to recover from a failure is largely mandated. Complementary to this, firms are highly motivated to ensure resiliency in order to provide the best service possible, maintain smooth operations, and retain customers. Nobody wants to read about their firm’s outages in the news cycle—it’s just never a good thing! And of course, when a firm relies on a third-party provider for services, software, or a hosted environment, a set of due diligence goes along with ensuring the resiliency of that solution. We all know the drill.    

Systemic risk introduces a whole other layer of risk. It is not new either—the ripple effects of the markets are also well understood. Yet the regulation has still been focused on an individual firm’s approach. If the individual entities are strong, the markets will be more resilient. That is starting to change with the recognition that there is a critical dependency on third-party cloud service providers that are not regulated in the same manner. So what are we doing about it?  What are we doing to get ready for new compliance measures when the regulators tell us we have too many eggs in one basket?

Market collaboration is required

The cloud service providers have become an integral part of the financial services landscape. It is now the responsibility of the entire ecosystem to manage the systemic risk that comes along with embracing cloud adoption. As a data platform company, we advise a hybrid data platform approach to balance the benefits of cloud adoption while addressing regulatory concerns related to cloud concentration risk (CCR).  

Insight Enterprises

Insurers and financial institutions can manage their strict data privacy, governance, and resiliency, while gaining flexibility and portability of data and applications to run their business efficiently. Cloudera’s hybrid data platform facilitates the portability of data across any cloud to help ease regulatory concerns about concentration risk, and our Shared Data Experience (SDX) manages security and governance consistently across private and public clouds.

Cloud adoption is accelerating and providers are strengthening their infrastructures aligned with the increasingly important role they play—penetration testing, cyber security prevention, etc.   Yet they are not fully under the scrutiny of the regulators at this time. This day appears to be getting closer across the globe. (And if they are in fact regulated in any specific jurisdiction, please leave me a comment.)

Hybrid cloud is a dominant deployment choice in the market—85% of enterprises report taking a hybrid cloud approach, combining the use of both public and private clouds. (Flexera, State of the Cloud Report, 2021.) It offers flexibility, choice and control. A hybrid data platform enables this flexibility and is recommended in anticipation of regulatory oversight.  

Download our ebook to read more about cloud concentration risk. 

Cloud Management