Data protection key to cloud in financial services: CIO

Growing Asian direct insurer takes initial steps with trusted service providers to test resilience and security of critical apps in a cloud environment.

ZDNet Cloud TV interview with Jean-Marc Henaff, CIO of

Direct insurance business launched in Singapore in 2010, aiming to disrupt traditional Asian insurance models, bypass agents, and deal direct with the customer.  After the successful launch, it expanded into Hong Kong in 2012, and Thailand the following year.  The acquisition by specialist insurer, Hiscox, at the end of Q1 2014, signalled the start of a new chapter in's development.

Following the acquisition, Managing Director Simon Birch reflected in a blog post on the initial aims of the business, and made clear how important IT was to the success of the business model.  ''We set to work on building from scratch a company with world-class service processes, segmentation and IT that would out-do the old incumbents who were dependent on legacy systems and traditional processes."

ZDNet recently caught up with CIO Jean-Marc Henaff, the man responsible for the world-class IT that was to "out-do the old incumbents," to talk about where cloud fits in the company's strategy.

Henaff is a cloud advocate, but is moving in a cautious manner due to the challenges of compliance with financial service regulations across three countries, plus changing data privacy legislation. On 2 July 2014 the main rules of Singapore's Personal Data Protection Act (PDPA) will come into force, while last year Hong Kong introduced its Personal Data (Privacy) Ordinance. "Personal data protection is very key to cloud enablement in the financial industry," insists Henaff.

"We are already using some bits of cloud services…mostly for non-critical activities, essentially for back-up purposes…we have designed a work email platform recovery to sit on the public cloud offering of [a] trusted security vendor," Henaff explained.

"For critical business activity it's a different story. Earlier this year we have selected a new host for co-location needs, basically our own private cloud, and we are in the midst of fully virtualising our infrastructure to reduce our footprint…by about 25%...both energy consumption saving and footprint reduction."

Henaff says the interesting aspect of partnering with the new co-location service provider is is able to "ride on their cloud offering to experiment, and essentially we intend to do so by using their Infrastructure-as-a-service and/or Platform-as-a-service offering."  

The plan is to "test elasticity and resilience of our applications as well as performance and security," adds Henaff.  "Our approach for core business processing on cloud is still very experimental and we can only really consider 'cloudifying' the organisation when we can have ensured that the application can perform fully secure and has demonstrated proper elasticity and resilience under cloud test labs."

Henaff says cloud adoption for financial services businesses in Asia and Singapore is relatively low currently, as "traditionally, financial services organisations are treading on the cautious side with regards to ensuring compliance with the regulatory framework, and specifically data protection regulation."

Henaff says Singapore's Infocomm Development Authority (IDA) is putting a lot of effort into "clarifying what is possible and what is desirable to offer on the cloud platform."  In addition he says the IDA is: "doing a lot to promote the encouragement of…the cloud ecosystem in Singapore…by helping to put together the right partners, be it from the telco perspective with their grid that would obviously provide the right…network infrastructure, but also more with regards to computing technologies, network and security providers, so as to put in place all the layers that would offer Infrastructure-as-a-service, Platform-as-a-service to organisations."

To view the full interview with Jean-Marc Henaff, please click the image above.