What's the biggest risk with external Web services?

Chicken-and-egg conundrum hampered early adopters of XML Web services.
Written by Joe McKendrick, Contributing Writer

It's not security; and I'll get to that in a moment.

A new survey specific to the insurance industry finds that 90 percent of carriers have adopted some form of Web services within their information technology architecture, and 58 percent of those have adopted the industry-specific ACORD (Association for Cooperative Operations Research and Development) XML standards as part of their Web services initiatives. The survey was commissioned by SEEC, Inc., a financial services industry software vendor.

So what's the news here?

The risk-management-aware insurance industry had to assume risk to reach this point. By reaching critical mass, XML Web services investments become less risky. And, there are some valuable lessons to be learned as XML Web services moves from internal to external integration.

In this Weblog, we've devoted 95 percent of our coverage the internal integration aspects of SOA. That's because organizations have been focusing on getting the internal integration aspect right before putting anything out there for business partners.  That's where the action is.  

But, as Avacor’s JP Morgenthal puts it, every internal-facing SOA-based deployment should always be configured as if it were outward-facing. That is, security, reliability and availability need to be part of the process. At some point, many of your internal services may end up being outward-facing.

Insurance has been a little different from other industries in that many Web services efforts are starting out as outward-facing external deployments. The biggest business problem Web services is being applied against is that of providing visibility and straight-through processing with networks of agents. ACORD of course, has taken the lead here. ACORD was formed more than two decades ago to develop an EDI standard that's still in use (AL3).

Technical connectivity is one part of the challenge; security is another. But the biggest risk may be a chicken-and-egg conundrum: Who's willing to invest and build out an infrastructure with interfaces that may or may not be fully supported by trading partners?

A couple of years back, I spoke with Sean Kelly, a managing consultant with Blackwell Consulting of Chicago, which assists carriers and agencies with ACORD XML rollouts. (Reported in a 2004 article in Insurance Networking News, link here.)

Conventional wisdom says that the major risk with outward-facing Web services is security. However, the risk may be elsewhere. That's because developing a trading partner relationship in which XML is the agreed-upon standard is not always an automatic process, Kelly pointed out. Many companies are still tightly watching their IT budgets, and early-adopting companies undertake some risk as they put out the initial efforts and assume the initial costs to develop external-facing XML Web services.

"It's a chicken or the egg principal," Kelly said. "Carriers and brokers are asking 'who is going to adopt this first. 'Who is going to be the leader to build an ACORD XML interface?' The risk is the first one out there is going to have to find a partner to do it with to try to get some type of ROI."

Here's an example I cited in the INN article: An insurance broker jumped on the XML trend early, and got burned in the process. In 2000, the agency developed an XML-based forms submission system to bid on corporate officers and directors liability policies. "We built an agency management system that takes XML transfers from our database directly into the legacy back engines of insurance carriers," said the firm's CEO. "But it was too expensive for the carriers to keep up with the edits for the data. They had to have a full IT team to monitor those edits and make sure that it was all going through the pipe."

Since the dollar volume of transactions was relatively low in comparison with more commodity lines of business, larger carriers could not justify expending resources to support the interfaces.  "If we had $1 billion of premiums going through that pipe, it would make a lot of sense. However, if you only have $100,000 going through, it doesn't make any sense for carriers to justify the expense," he said.

Editorial standards