Pekin Insurance has always considered itself an agent-orientedinsurance carrier, but the insurance world has changed and morepolicyholders want direct access to their policy and claimsinformation.

Allowing their customers access through the web to thefull-service carrier's policyholder data created new securitychallenges for Pekin and its IT team to develop an application thatwould provide that access, according to Davin Miller, leadtechnical support analyst for Pekin.

IT took on the task of writing a new application, but the webapps in the past had been written in a legacy applicationdevelopment environment, according to Miller.

"With the new breed of developers we had in house and after adepartmental reorganization we decided to expand and update ourdevelopment environment," he says.

Pekin decided to go with a .NET 4 WCF-type application housed onIS 8 servers.

"We were looking at our legacy DMZ environment and at that timewe were converting all our servers to virtual machines," saysMiller. "We were faced with a dilemma. If we went with our typicalDMZ—a sandwich DMZ between two traditional firewalls—we werelooking at facing a VMware cluster within that DMZ. We had alreadyinvested a lot of money in our internal cluster and we were lookingfor ways to securely extend the DMZ to use VMs within thatcluster."

Pekin examined different topologies and came to the conclusionthat the sandwich DMZ was not going to fit its needs, according toMiller.

"Looking at that criteria that was set by the business andwanting to use more up-to-date infrastructure to support theapplication we decided on a load balancer," he says. "We stillwanted a layered approach to our security so we aren't dependingcompletely on one environment. "

Pekin began looking for solutions and the carrier's new head ofsecurity recommended F5 Networks products. The company had usedCisco products in the past, but Miller also knew F5 had a goodreputation, which turned out to be a key factor in the selectionprocess.

"When comparing products, if we don't have time for a bake-off,the first place I look at is the tech forums to see what people aregriping about," he says. "One of the things I was impressed withabout F5 was the responses their customers were getting from the F5engineers. It just impressed me how quickly they were getting backand how thorough the answers were. Being a Cisco guy I was biased,but in the long run we decided on the F5 product."

Pekin already had redundancy built into its VMware solution andwanted to do a layered approach. The IT team decided to stick withthe traditional Cisco ASA redundant pair immediately facing theInternet to perform traditional firewall functions and behind thatplace the F5 Big IP solution.

"After running some tests our security guy recommended a Webapplication firewall," says Miller. "This was going to be our firstone. Before, with the traditional access control list—your typicallayer-three type firewall—the web application firewall was new tous. There's always been a disconnect between the infrastructureteam and the development team. With a web application firewall, thetwo sides better know each other very well."

Since beginning this project in 2011, Pekinhas added a mobile app that takes advantage of the same services asthe traditional ACTPS app provided. The mobile app expands on this,according to Miller.

The project also was Pekin's first attempt using agilemethodology.

"We learned a lot from it—some things were painful, but we madeagile fit in our environment," says Miller. "It was a good learningexperience for the developers, the infrastructure team, andmanagement."

One of the positives of this project, according to Miller, isthe business side sees IT can handle the new technologies and thatthe 100-member IT shop is flexible enough to change if the businesschanges.

"Many of us have to be jack-of-all-trades, so we see more of abig picture vs. our little slice of the pie," he says. "There aremore advantages to that than disadvantages."

Miller believes that the Pekin IT shop had been in a kind oftechnology slump before this project, but he believes they have nowsprung forward.

"That's kind of rewarding. I can't say everything wentperfectly, but the fact that we delivered as good a product aswe've delivered and that it's been received well is rewarding," hesays.

Once completed, Pekin started off with some internal employeesand now they have more than 6,000 policyholders signedon.  They are also about ready to release the mobileversion, which Miller believes will be a springboard foradoption.

"We're starting with iOS, but we are going to use Android aswell," he says. "There are a lot of challenges. The businesssometimes gets a little ahead of the game and we have to come backwith some changes for security purposes. Everything is aboutsecurity today so we had to slow things down a bit, but the productwe released is better for it. Some people look at mobile apps andweb technology as almost being a commodity. It really isn't. It maybe for the economy, but not for the people that have to developit."