Karma Insurance

Karma Insurance doesn’t rely on good faith to keep their data safe and site fast.

Key Results
10 times faster site delivering life insurance quotes to customers
80% savings on IT, Security Professional, and Security Incident costs

Almost one year ago, we wrote about how Karma Insurance, an insur-tech startup aimed at disrupting a stagnant insurance industry, had optimized and secured their beta platform with Cloudflare. Since then, they’ve launched their platform to the masses, partnered with one of Canada’s leading Insurance companies, and provided life insurance quotes to thousands of Canadians. Recently, we asked Martin Bailey, Founder and CEO of Karma Insurance, some of the challenges his company faced this past year and how Cloudflare continued to provide value as his company grew.

Karma Insurance’s Challenge: Sensitive Data & Insensitive Bots

Data Security is important for any company, but when you’re in insurance handling highly sensitive information, preventing a breach is everything. “It would be catastrophic for us to have any sort of breach,” related Bailey. “We take data security very seriously and design our systems to ensure sensitive data can only flow in one direction. Your IT staff might be diligent, but you can always miss something. The Equifax leak happened because of unpatched software. The vulnerability was public knowledge in March, but they didn’t patch their servers quick enough. So when the stakes are this high having a security partner you trust as a first line of defense is crucial.”

As Karma Insurance promoted itself and garnered more notoriety, it also became important to make sure Bot traffic wouldn’t affect the user experience for real customers. “Since we’ve launched to the general public, we’re doing advertising to promote our business and about 10% of all traffic and ad clicks we see are generated by bots. Bot traffic can be problematic because it affects advertising campaigns and leads to slower site performance for legitimate users who want life insurance quotes.“

Karma Insurance’s Solution: Advanced Security that Improves Performance

“I have a background in Cryptography,” Bailey began, “so I like to ask precise questions about data security and I always get the answers I’m looking for from Cloudflare. By knowing that our data is secure, Cloudflare allows me to focus most of my effort on my business.”

“Cloudflare has helped us stay on top of best security and encryption practices. For example, when they first released TLS 1.3 over a year ago it was a very new encryption protocol. I was able to test it, experience the benefits, and adopt it early because people at Cloudflare were able to explain it to me. It’s rare that a more secure product is also faster, but with TLS 1.3 that’s actually the case. With TLS 1.3, after you’ve exchanged security keys on HTTPS, the browser memorizes the handshake, so the connection is already established between the server and the browser. Cloudflare calls this 0-RTT (or Zero Round Trip Time), and the savings on that round trip mean your pages practically load instantly. So not only is our site more secure, but it’s also faster, so overall the user experience is better especially on limited bandwidth mobile devices.”

“In addition,” continued Bailey, “With the Cloudflare WAF, we can detect fake bot traffic, rate limit it or completely ban it at the source. Our servers don’t even need to get involved because all the detection and blocking is being done at Cloudflare’s edge. This ensures that the user experience for the site is uninterrupted regardless of bot traffic.”

“Cloudflare fulfills that role of being a trusted first line of defense. Even when you’re doing your best you still might miss things, and Cloudflare greatly decreases the chances of one of those misses being problematic. It’s almost like having an extra IT team to handle your site security, but at a fraction of the cost. I would estimate we save around 80% in terms of IT, Security Professional, and incident response costs by having Cloudflare protecting our site.”

“Secure WebSocket proxying is another thing we’ve been using that improves our user experience,” Bailey noted. “Using WebSockets we can connect and authenticate users once and then leave their connection open instead of reloading data over HTTP and adding extra hops to re-authenticate customers every time they provide or ask for data. Now, when our customers open our app after their first time, they’re just sending little bits of information to us and the WebSocket is able to send just the little bits that they need. That’s been huge for our mobile first approach. There are multiple steps in our application, so opening and authenticating a new connection for each data transmission request was unnecessarily slow. By using WebSockets we now serve that same application 10x faster.”
Related Case Studies

“Even when you’re doing your best you still might miss things, and Cloudflare greatly decreases the chances of one of those misses. It’s almost like having an extra IT team to handle your site security, but at a fraction of the cost.”

-Martin Bailey
Founder and CEO