Karma Insurance doesn’t rely on good faith to keep their data safe and site fast.
Almost one year ago, we wrote about how Karma Insurance, an insur-tech startup aimed at disrupting a stagnant insurance industry, had optimized and secured their beta platform with Cloudflare. Since then, they’ve launched their platform to the masses, partnered with one of Canada’s leading Insurance companies, and provided life insurance quotes to thousands of Canadians. Recently, we asked Martin Bailey, Founder and CEO of Karma Insurance, some of the challenges his company faced this past year and how Cloudflare continued to provide value as his company grew.
Data Security is important for any company, but when you’re in insurance handling highly sensitive information, preventing a breach is everything. “It would be catastrophic for us to have any sort of breach,” related Bailey. “We take data security very seriously and design our systems to ensure sensitive data can only flow in one direction. Your IT staff might be diligent, but you can always miss something. The Equifax leak happened because of unpatched software. The vulnerability was public knowledge in March, but they didn’t patch their servers quick enough. So when the stakes are this high having a security partner you trust as a first line of defense is crucial.”
As Karma Insurance promoted itself and garnered more notoriety, it also became important to make sure Bot traffic wouldn’t affect the user experience for real customers. “Since we’ve launched to the general public, we’re doing advertising to promote our business and about 10% of all traffic and ad clicks we see are generated by bots. Bot traffic can be problematic because it affects advertising campaigns and leads to slower site performance for legitimate users who want life insurance quotes.“
“I have a background in Cryptography,” Bailey began, “so I like to ask precise questions about data security and I always get the answers I’m looking for from Cloudflare. By knowing that our data is secure, Cloudflare allows me to focus most of my effort on my business.”
“Cloudflare has helped us stay on top of best security and encryption practices. For example, when they first released TLS 1.3 over a year ago it was a very new encryption protocol. I was able to test it, experience the benefits, and adopt it early because people at Cloudflare were able to explain it to me. It’s rare that a more secure product is also faster, but with TLS 1.3 that’s actually the case. With TLS 1.3, after you’ve exchanged security keys on HTTPS, the browser memorizes the handshake, so the connection is already established between the server and the browser. Cloudflare calls this 0-RTT (or Zero Round Trip Time), and the savings on that round trip mean your pages practically load instantly. So not only is our site more secure, but it’s also faster, so overall the user experience is better especially on limited bandwidth mobile devices.”
“In addition,” continued Bailey, “With the Cloudflare WAF, we can detect fake bot traffic, rate limit it or completely ban it at the source. Our servers don’t even need to get involved because all the detection and blocking is being done at Cloudflare’s edge. This ensures that the user experience for the site is uninterrupted regardless of bot traffic.”
“Cloudflare fulfills that role of being a trusted first line of defense. Even when you’re doing your best you still might miss things, and Cloudflare greatly decreases the chances of one of those misses being problematic. It’s almost like having an extra IT team to handle your site security, but at a fraction of the cost. I would estimate we save around 80% in terms of IT, Security Professional, and incident response costs by having Cloudflare protecting our site.”