Asurion, one of the nation’s leading providers of consumer technology and appliance repair, planted its flag in the cloud more than seven years ago. The Nashville-based company, which provides insurance and supporting services for clients’ technologies such as mobile phones, has been reaping the rewards of its early adoption ever since. That includes competitive advantage in its ability to move fast and at scale, embed security across all its processes, and reduce friction for customers and developers. Casey Santos, Asurion’s CIO, discusses her company’s cloud experience with McKinsey partner James Kaplan. What follows are edited highlights from that conversation.
An early start leads to more experience
James Kaplan: Casey, I’m especially excited to have you on Cloud Value Radio because of how far along Asurion is in its cloud journey. Could you tell us about your environment and how you use cloud?
Casey Santos: We’ve been at this for seven-plus years and made a move very early on to go cloud-first. That means pretty much all of our applications, probably 80 to 85 percent, are running on cloud and have been rearchitected and reenvisioned over the years. We containerize our applications and host them throughout the world to support our global services in a strong API environment to keep them speaking to each other.
Our cloud service provider (CSP) is one of the cornerstones of our architecture, and we’ve found it’s really helped us be agile in the way we build, deploy, and scale. The journey has been very interesting. I’ve been here for only two years, so we were already well established on the cloud. But seeing how the tools have advanced and how we’ve evolved to keep up in those two years, it’s clearly a never-ending journey.
The value of time to market
James Kaplan: If we were to bring in some of your business partners and ask them how they think about the value of cloud, what do you think they would say?
Casey Santos: They’d say, “time to market.” We have 23,000 employees, so we’re a large company, but we act like a start-up. We put businesses up and roll out code at a very fast clip. We’re a technology company at heart, so getting to market fast with new launches for clients is really important.
We come from the old days, when you had to find a server, load the operating system, and install all the services to get them talking to each other. That was a six- to eight-month ordeal just to set up. So being able to roll out as fast as we do, along with the ability to deal with unpredictable scale, are crucial. We don’t know when things are going to surge, so when we start seeing large volumes of calls coming in, we have to be able to take them quickly.
James Kaplan: Is there any quantification you can put around that? Do you have a sense yet of how much more quickly you’re able to introduce a new capability than you could before?
Casey Santos: That’s a very good question. I’d say that when we compete for work or have a new product we need to roll out, we get asked quite a bit about how hard it is to get things set up. And clients tend to want what they want, and they want it fast without a lot of complication. We hear the word “friction” a lot, and nobody wants high friction.
The cloud reduces that friction and lets us focus on the things that add value, like customer experience, integrating more efficiently, and dealing with volume. It’s hard to put a dollar value on that.
I think in some ways the value is in staying competitive, or even staying in front of competitors. There have been times where we were involved in competitive bidding, and because we’re cloud-centric and can move quickly, it’s really helped us with those deals.
Cloud Value Radio
The priceless value of good developers
James Kaplan: How do you think about developer experience and productivity, and how do you measure it?
Casey Santos: It’s very hard to measure, but I’d say a couple of things. Developers really like to work with the latest and greatest technology, and in the old days, technology was a major lift to take on and implement. We’re constantly evolving, so our technology is not such a heavy lift anymore. Our developers are always able to try new things, and they get a lot of satisfaction out of that, while building skills that are becoming incredibly hard to find.
In terms of productivity, we deploy continuously and allow developers to own their environments. As I said before, nobody likes friction—customers don’t like it, and developers don’t like it. So we can roll out some pretty complex things within days, if necessary, and have sophisticated environments, which allow us to do a lot of controlled and canary releases to avoid all that friction.
James Kaplan: Part of me believes the core of enterprise cloud value for many companies is developer productivity, because so much innovation is technology dependent. Many folks struggle to bring the right capabilities to market at the right time and can’t find and train good developers quickly enough. We also know from long experience that you don’t necessarily double output by doubling the number of developers.
Casey Santos: That is true. Training someone to code, in general, is not hard. Anyone can take classes. But getting them to code in your environment and know your business is another thing. I think that’s the secret sauce: finding somebody with a deep understanding of the nuances of your business who can quickly roll things out.
We have large, complex call centers, and while our experts are incredibly talented, there are moments when we’ll start to see a difference in performance among them, and it could be something very nuanced. Having developers who understand how that business works, who can go in and analyze the data coming out of their systems and put in new capabilities or fixes, just pays for itself tenfold.
So having developers who are satisfied and skilled and don’t have to deal with much friction is a value that’s hard to put a price on.
Three essentials for the cloud journey
James Kaplan: We’ve spoken to various people about their cloud journey and concluded that you need to get three things right. The first is figuring out which use cases drive value. The second is building a scalable cloud platform with foundational services so you’re not building use cases on a one-off basis. And the third is rewiring the organization toward more of an agile-product-type model. How much of that resonates with the Asurion cloud journey?
Casey Santos: I think it definitely resonates. There’s always some unpredictability about cost once you’re up and running, but having a high-level view on whether this is worth an investment is important. So you have to take the 30,000-foot perspective and then commit to doing it. Having those conversations about value up front is important, rather than inching your way into it and then realizing you’ve spent a bunch of money that didn’t have an output. We used to do endless design cycles before rolling things out, but by then, the opportunity was gone.
When it comes to creating agile teams, we have “journey teams.” They need some autonomy but also need some guardrails. I like to think of it more as value-add services for developers. You’re saving them time. A very wise leader once told me, when I was trying to get him to address something with security, “If you’re going to make me take the medicine, at least give me some sugar to help it go down.”
So what is that sugar? How do we make sure the developers and teams trying to innovate, as well as the business leaders who want everything yesterday, are getting some benefit? It’s about figuring out the right level of those services, not stifling innovation, and putting the right security monitoring services on the things they’re rolling out. If they have an API platform, make sure it’s standard so they can reuse what they’re writing in APIs. That’s a big benefit. I also think it’s a mind shift we’ve been evolving toward for years, and that’s now happening really fast.
Securing the cloud with upskilling and code
James Kaplan: Could you tell us how you think about cloud security?
Casey Santos: There are a couple of things worth mentioning. One is having that partnership between the technology and security teams, and even the product teams and development teams, and having the right mindset.
Security can feel overbearing, but we have a very collaborative relationship. We have what we call a “security maven” program to train and certify people on security throughout our business, be they developers, product owners, or engineers. They also have sponsors in the security team, and when they do projects and find things that need fixing, they present their work to senior management, and we celebrate those wins. What that does is embed that skill set within our teams, because you can’t be everywhere.
We’ve also been trying to “shift left” by building security in the initial designs of everything we’re building on the cloud. Because cloud moves so fast, if you don’t shift left, you’ve missed the opportunity, and then you’re just cleaning up constantly.
James Kaplan: We believe that security in the cloud must be more automated, and you need to be able to describe security as code. To what extent is that part of your journey?
Casey Santos: Having intelligent threat protection or detection is very important. We do embed security in our processes when we’re splitting services up, so we know we’re standardized across different things. We used to build these things ourselves but now use a lot of tools from the cloud providers.
We also use a lot of automated security around our identity services, making sure you can’t use our APIs unless you’re coming through our security protocols. Those things are really critical to get right up front. I’ve seen situations where you’re working with another company that hasn’t built that in, and cleaning up is much harder than getting it right up front.
The importance of verification
James Kaplan: How important is identity in the cloud as you interact with customers? I’m sure you have people who need to log in so they can check, for example, what the status is of their return or their warranty. How big a part is that of Asurion’s customer experience?
Casey Santos: Identity is incredibly important, and we don’t trust anybody. So multifactor authentication (MFA) verification is definitely something you need to have at the beginning. I think it gets really complicated when you’re trying to connect externally—connecting services across different platforms, different clouds, and different environments. Getting your identity management correct means making sure you have the right identities, assigning those identities to the right people so you’re not sharing the crown jewels with the whole world, and automating that process.
