CIO interview: Mark Foulsham, group CIO, esure

Mark Foulsham, group CIO at insurance firm esure, is overseeing an IT transformation plan that he hopes will help future-proof the business

This article can also be found in the Premium Editorial Download: Computer Weekly: A world of mobile possibilities

Mark Foulsham, group CIO at insurance firm esure, is overseeing an IT transformation plan that he hopes will help future-proof the business for the fast-evolving nature of modern business technology.

The programme – which involves operating platforms, computing appliances, virtualisation and the cloud – is just the latest project for experienced IT leader Foulsham. He has spent 10 years running IT at esure, during which time he has fulfilled a number of business roles at the fast-growing organisation.

The remit of his group-wide role covers IT, procurement and facilities. The company floated in March 2013 and he recognises that working for a publicly listed organisation brings new, but not radically different, pressures. 

“Shareholders are looking for an edge in a competitive industry,” he says. “Being a PLC is no different – we’ve always answered to investors, but now it is the market rather than private individuals, so more transparent.”

The IT transformation initiative that Foulsham is running is linked to the future of esure. His aim is to build the kind of infrastructure that will help the firm cope with external twists, in terms of macro-economic and technological developments. “As a business, we’re preparing for a cyclical market turn and we’re building an underlying platform to support both this and future change,” he says.

“What we’re going though is much more than simply a technology refresh. The process is extensive. Rather than refreshing a legacy approach, transformation should be about future-proofing the business and creating sustainable IT. We’re not thinking in a linear fashion.”

Future-proofing IT

Foulsham is sensible enough to recognise that the nature of change in modern enterprise IT means attempts to second-guess developments in the technology market are inherently complicated.

Successfully transforming IT under such conditions might sound like an intractable challenge. But for esure, future-proofing IT is about being flexible enough to take advantage of any new offerings that come about, particularly in regards to hosting.

“The whole IT market is changing and the movement towards a service-based model for technology purchasing represents a tectonic shift,” says Foulsham. “As a CIO, I must think about how we can try to build a solid platform on constantly shifting ground. I need a technology platform that can cope with the flexibility of modern business demands, but with the type of contracts that give us the opportunity to make changes as required.”

Foulsham says his organisation needs to avoid the restrictions that are traditionally associated with long-term enterprise IT contracts. He says the move towards a service-based model presents an opportunity for both sides – both the customer and the supplier – to try to introduce innovation into service contracts, an aim that has remained core to CIOs for many years.

“What I’m trying to build isn't a road towards some pre-determined destination, but rather a route map towards an understanding of how both the business and IT might need to operate in the future,” he says, suggesting that this desire for flexibility has been adopted by the senior IT managers in his department. “It’s great that my team have thought through our approach in terms of commercial flexibility and the providers we’re choosing to partner with.”

The crucial elements of change

The esure IT transformation project covers a number of key areas, including platforms, computing appliances, virtualisation and the cloud. At the operating system level, Foulsham is leading a change from Oracle Solaris, which he describes as an ageing technology, to the open platform Linux. “It’s scalable and is compatible with our aim for greater flexibility in business IT,” he says.

Another element of the IT transformation involves greater use of computing appliances, which analyst Gartner expects to become an increasingly influential factor in enterprise IT. Computing appliances are self-contained IT systems that can be plugged into an existing IT infrastructure to carry out a single purpose.

The self-contained nature of a computing appliance – which might include an operating environment, storage, specific applications and even network functionality – leads some experts to compare the approach to consumer electronics. It is a metaphor that resonates with Foulsham, who likens computing appliances to the replacement of stereo separates with an all-in-one system.

We actually believe the cloud offers more security. The barriers you have to overcome are often to do with perception, education and experience, rather than anything to do with technical issues

Mark Foulsham, esure

“It means you have to worry less about interconnectivity,” he says. The appliance approach will be used in some core business areas, including the call centre. “It creates economies of scale around efficiency and, as the components are often provided by a single supplier, it also means you have fewer issues around interoperability.”

Foulsham completed his firm’s move towards virtualising the desktop in 2013. All internal Microsoft Windows applications are delivered via virtual desktops and most workers are now using thin-client terminals in the office. Virtualisation is also playing a part at the hardware level, with some customer-serving platforms hosted on virtual servers.

“You can’t get away from the need to have to some heavy-duty kit client-side, but we have a mix,” he says. “What we want to have is the best elements of both environments to help us create an enterprise architecture that is ready for some of the changes we’re likely to see in the future.”

Making the most of the cloud

Another element of Foulsham’s transformation programme involves the use of on-demand IT. Many technology chiefs have used the cloud for testing and development, or non-core applications such as email. Foulsham, however, says CIOs could take a different stance – and he is keen to think about the considerations that businesses would have to make to move other platforms to the cloud in the near future.

Foulsham says many companies with legacy IT have reached a stage across particular areas of the business where they need to make a decision. The CIOs charged with making spending decisions could go down the more traditional route and use classic hosting. However, Foulsham recognises the likelihood of that hosted platform having to then move to the cloud in the next two to three years is high.

The conundrum about when to move to the cloud will start to represent a significant challenge for many of his peers. Yet Foulsham believes a proactive stance could be rewarded. While detractors of an on-demand approach point to governance concerns, Foulsham says the technology has evolved at a rapid pace and security issues are not as great as often perceived.

“In some aspects, we actually believe the cloud offers more security,” he says. “The barriers you have to overcome are often to do with perception, education and experience, rather than anything to do with technical issues.”

Foulsham says he has allayed some internal fears by educating stakeholders on the use of cloud for testing and development. He used that experience to analyse whether the cloud could offer a palatable, secure and sustainable alternative for production activities in the future. That evaluation process will inform any discussions that Foulsham has with his procurement team and lawyers around key areas, such as failure, governance and disaster recovery.

“We put the models against new concepts and look at where the risks exist,” he says. “We replay potential scenarios to senior executives and aim to pre-empt their key questions about cloud provision. During any analysis, we cover all the key areas, like two-factor authentication and encryption.”

Foulsham says the aim for any evaluation process must be to demonstrate that providers are very secure. “CXOs need to know that, even if someone somehow managed to get access to the provider’s datacentres, and managed to pull the servers off the racks, the data is encrypted and not in a usable form,” he says.

Being ultra-agile and using hackathons

Encouraging the use of an alternative approach is nothing new for Foulsham. He has, for example, been keen to use ultra-agile approaches that draw on a broad range of expertise. The approach, known as a hackathon, was used for the first time at esure last year. Foulsham and a select group of executives used the agile approach to make esure’s web platform was mobile-ready in just two months.

The mobilisation project involved a dozen individuals from across the business, including IT, security and facilities. These employees were separated from the rest of the organisation, and they worked together in intense, fast-paced and iterative sessions. The three four-day sessions were run across two months, during which all work on the web mobilisation plan was completed.

“The project has been a big success,” says Foulsham, who reflects on the experience by suggesting consumers can now receive a quote, and purchase insurance, on any device, operating system or web browser. Regardless of screen rendering or physical location, the customer experience is always consistent and high quality.

Foulsham says the short timelines associated with the hackathon were crucial. The esure business wanted to create a step-change in the way it offered services to mobile customers. He says the fast pace of digital change meant any project that took months and years would simply be inappropriate.

The project moved through three clear cycles: first, scoping and setting requirements; second, building, developing and testing; third, completing and deploying. The success of the ultra-agile initiative means it now forms a key part of Foulsham’s approach. “Hackathons are part of our delivery toolkit. Being able to spin up ideas quickly allows us to run multiple projects and to decrease the time to market,” he says.

“We’ve also tried to use hackathons to undertake keyhole surgery on projects in our work stream that need to move a bit quicker. Some elements of technology, such as mobile and social, will be better suited to an ultra-agile approach. The key to the success of a hackathon is to establish the right approach for the desired business outcome.” 

Read more on CW500 and IT leadership skills