The world of insurance is often portrayed as staid and conservative when it comes to IT, and Hiscox was no exception.
The company has about 2,000 employees, some 250 of them working in IT. But with competitive pressures growing the company has shifted to a DevOps culture in a bid to keep up with change in the industry.
James Waterfield, senior cloud specialist at Hiscox, said at the DevOps Summit 2016 that, prior to the shift, IT struggled to support the company's increasing demands.
"The required pace of change is a pressure. The business wants change, but IT couldn't deliver change quickly enough. They also won't let you take systems down due to the fear of the unknown," he said.
Jeremy McGee, DevOps consultant at the insurer, added: "We're only just now finishing the Windows 2003 decommissioning process. IT works. Why do we need to change it and spend money on it?"
Waterfield continued: "How do you support something running on Cobol when the only guy who knows it has left? We were managing old applications which were out of support [from the vendor], and it's hard to get people to agree who's responsible. The pace of change was slow."
The firm was interested in moving to more of a DevOps culture, but the change wasn't easy to instigate.
"How do you do DevOps when you've got lots of pre-packaged applications?" asked McGee.
"There was finger-pointing, people saying 'We can't install this, it must be infrastructure's fault.' We weren't doing very well. Puppet does a survey each year, and it sums up organisations into three camps: low, medium and high performers."
Hiscox found itself in the first category, managing one software release a year which might take a week to roll out.
"And there was the problem that because the business didn't want downtime, everyone tried to cram as many changes as they could into one maintenance window. So rolling that back if anything went wrong was very difficult," said Waterfield.
McGee added that the company kept its targets reasonable, aiming for improvements in the speed and quality of delivery rather than expecting to go from an also-ran to Olympic gold.
"We wanted to go from a low to medium performer. Let's not boil the ocean. So we started in the application side," he said.
"The UK underwriting application was ancient. It needed shooting. So we bought a new packaged system, and because it was packaged deploying it was straightforward.
"The vendor had already solved the problem of installing it easily. Customer numbers two and three effectively paid for the automation of the deployment cycle, and we just rode on their coat tails. Puppet stood up the infrastructure, IBM did orchestration and deployment, and we had a little bit of Powershell in there too."
He explained that when this was presented to the IT director, he was delighted that the organisation now had the ability to deploy application code in half an hour.
"They looked at that and said it's gone from a week to 30 mins. That's great," said McGee.
However, the dirty secret, McGee explained, was on the infrastructure side. "We gave the business faster changes on the application side, so there were lots of smiles and high fives, but that doesn't help when you come to work on the infrastructure end," he said.
Waterfield added that the solution was to be able to describe the entire infrastructure in code.
"We identified that we needed to create the capability to describe the infrastructure in code. But how? On premise? Buy a solution? Create our own from scratch? Or use something which exists on a cloud platform?" he said.
Windows 10 Chinese Government Edition completed by Microsoft
And even when IoT projects do get completed, one-third aren't considered a success
So, the Frontier Edition launches at the end of June, the Radeon RX Vega in July - and the Ryzen 3 straight after?
From accidentally selling sensitive data on eBay, to forgetting that security solutions needs to be 'on' to work, we've got the full rundown of the worst security gaffes ever