Pekin Insurance has always considered itself an agent-oriented insurance carrier, but the insurance world has changed and more policyholders want direct access to their policy and claims information.
Allowing their customers access through the web to the full-service carrier’s policyholder data created new security challenges for Pekin and its IT team to develop an application that would provide that access, according to Davin Miller, lead technical support analyst for Pekin.
IT took on the task of writing a new application, but the web apps in the past had been written in a legacy application development environment, according to Miller.
“With the new breed of developers we had in house and after a departmental reorganization we decided to expand and update our development environment,” he says.
Pekin decided to go with a .NET 4 WCF-type application housed on IS 8 servers.
“We were looking at our legacy DMZ environment and at that time we were converting all our servers to virtual machines,” says Miller. “We were faced with a dilemma. If we went with our typical DMZ—a sandwich DMZ between two traditional firewalls—we were looking at facing a VMware cluster within that DMZ. We had already invested a lot of money in our internal cluster and we were looking for ways to securely extend the DMZ to use VMs within that cluster.”
Pekin examined different topologies and came to the conclusion that the sandwich DMZ was not going to fit its needs, according to Miller.
“Looking at that criteria that was set by the business and wanting to use more up-to-date infrastructure to support the application we decided on a load balancer,” he says. “We still wanted a layered approach to our security so we aren’t depending completely on one environment. “
Pekin began looking for solutions and the carrier’s new head of security recommended F5 Networks products. The company had used Cisco products in the past, but Miller also knew F5 had a good reputation, which turned out to be a key factor in the selection process.
“When comparing products, if we don’t have time for a bake-off, the first place I look at is the tech forums to see what people are griping about,” he says. “One of the things I was impressed with about F5 was the responses their customers were getting from the F5 engineers. It just impressed me how quickly they were getting back and how thorough the answers were. Being a Cisco guy I was biased, but in the long run we decided on the F5 product.”
Pekin already had redundancy built into its VMware solution and wanted to do a layered approach. The IT team decided to stick with the traditional Cisco ASA redundant pair immediately facing the Internet to perform traditional firewall functions and behind that place the F5 Big IP solution.
“After running some tests our security guy recommended a Web application firewall,” says Miller. “This was going to be our first one. Before, with the traditional access control list—your typical layer-three type firewall—the web application firewall was new to us. There’s always been a disconnect between the infrastructure team and the development team. With a web application firewall, the two sides better know each other very well.”
Since beginning this project in 2011, Pekin has added a mobile app that takes advantage of the same services as the traditional ACTPS app provided. The mobile app expands on this, according to Miller.
The project also was Pekin’s first attempt using agile methodology.
“We learned a lot from it—some things were painful, but we made agile fit in our environment,” says Miller. “It was a good learning experience for the developers, the infrastructure team, and management.”
One of the positives of this project, according to Miller, is the business side sees IT can handle the new technologies and that the 100-member IT shop is flexible enough to change if the business changes.
“Many of us have to be jack-of-all-trades, so we see more of a big picture vs. our little slice of the pie,” he says. “There are more advantages to that than disadvantages.”
Miller believes that the Pekin IT shop had been in a kind of technology slump before this project, but he believes they have now sprung forward.
“That’s kind of rewarding. I can’t say everything went perfectly, but the fact that we delivered as good a product as we’ve delivered and that it’s been received well is rewarding,” he says.
Once completed, Pekin started off with some internal employees and now they have more than 6,000 policyholders signed on. They are also about ready to release the mobile version, which Miller believes will be a springboard for adoption.
“We’re starting with iOS, but we are going to use Android as well,” he says. “There are a lot of challenges. The business sometimes gets a little ahead of the game and we have to come back with some changes for security purposes. Everything is about security today so we had to slow things down a bit, but the product we released is better for it. Some people look at mobile apps and web technology as almost being a commodity. It really isn’t. It may be for the economy, but not for the people that have to develop it.”