Alfresco News

Subscribe to Alfresco News feed
News, views, commentary on Alfresco


Updated: 2 hours 45 min ago

Transforming Insurance with Cloud BPM – guest post from Sandy Kemsley

We’re delighted to introduce a blog series, featuring Sandy Kemsley, independent analyst and systems architect, specializing in Digital Process Automation (DPA), Business Process Management (BPM), the social enterprise, enterprise architecture and business intelligence.

Sandy will lend her expertise and commentary on topics such as digital transformation and the cloud, the convergence of process and content, the role of microservices in cloud-based BPM software and more. We hope you enjoy her insights and provide us your comments about these topics on Twitter @skemsley@alfresco

Transforming Insurance with Cloud BPM

Understand the customer demands and business models for today’s insurance business, and plot a path along the maturity model to technology modernization.

In this blog post, I plan to explore the role BPMS plays in integrating packaged software, custom-built systems, and external services into a seamless process that includes both internal and external participants. What if you need to include customers in your process without having to resort to email or manual reconciliation with an otherwise automated process? What if you need employees and partners to participate in processes regardless of their location, and from any device? What if some of the functions that you want to use, such as machine learning for auto-adjudication, industry comparative analytics on claims, or integration with partner portals, are available primarily in the public cloud?

Let’s consider the case of an established property insurance company that wants to expand into online insurance in order to grab a piece of the market of younger people who are just getting their first apartment. Although there are older consumers in this market, younger consumers are more likely to want to make financial services purchases online, particularly on their mobile devices, instead of dealing with an agent or going to the local branch of their financial institution. The problem is that the insurance company has a lot of non-automated processes, and the automation that does exist is buried in on-premises systems of record (SOR) such as legacy policy administration and claims systems, as well as monolithic on-premises BPMS. They also have a conservative culture, averse to change and mistrustful of new intelligent automation technologies. All interactions with their clients are on paper, usually by postal mail. In other words: slow, inefficient, unwilling and unable to change quickly to respond to the new market demands, and ripe for disruption.

This results in some very different business models and needs for the old and new world of insurance:

Old World Insurance New World Insurance Customer service model High-touch agent interaction Customer self-service Use case All insurance needs Straightforward property insurance Process initiator Paper documents Data entered by customer on web or mobile app Transactional processes Manual procedures, with some automation embodied within systems of record Automated processes and decisions with human intervention only for exceptions Customer interactions mid-process Calls and paper mail Web or mobile app


It’s not that easy to just start a new online insurance company from scratch; instead, the company needs to marry their existing reputation and stability with a technology architecture that can better serve the needs of the new market. Changing out policy administration and claims management systems is not an option for the short term, and the company doesn’t want to move those off premise due to perceived problems with data security and sovereignty. How, then, does an existing company modernize their architecture to address the new world needs?

Here’s a maturity model for insurance company technology modernization:

Level 1: Prepare systems of record for automation. Enable/expose API service interfaces to the SORs used for underwriting, policy administration and claims management, so that data can be read and written, and functions invoked within those systems. The ability to do this is dependent on the SOR platform, and may require signification customization or the creation of an integration layer, but is essential to create automated customer-facing processes that interact with the SOR.

Level 2: Prepare SOR for integration and scalability. Move the systems of record into a containerized on-premises/hybrid cloud infrastructure for easier integration with other cloud infrastructure, and simplified administration. Due to the company’s conservative data security and sovereignty policies, these systems will remain on premise but will more easily be able to interact with public cloud infrastructure.

Level 3: Develop customer-facing self-service processes using a cloud-native BPM. Create processes that follow the customer journey, allowing customers to initiate and participate in flows that create policies, update their policy information, and manage claims via the SOR service APIs. Internal tasks that cannot be fully automated will be routed to an internal worker as required. The customer-facing portions of the processes will execute in the public cloud – in a highly secure manner – but very little data needs to be persisted outside the company’s SORs, minimizing data security concerns. I believe in the advantage of cloud-native BPMS deployments, and the benefits they bring in situations where you’re bridging between on-premises legacy systems and public cloud customer interactions.

Level 4: Make processes more automated and intelligent. Incorporate intelligent automation technologies, including machine learning, artificial intelligence and third-party industry analytics, to fully automate the customer-facing processes where possible. For example, most rental or homeowner policies can be issued without employee intervention, and many types of claims can be adjudicated automatically and paid out immediately.

By implementing integration and automation modernizations with a cloud-native BPM, the insurance company can create and deploy customer self-service processes and specialized insurance products faster, providing a significant competitive differentiation. A cloud-native infrastructure also provides elastic scalability for dynamic scaling: for example, in the case of a regional flood or wildfire, the claims process can scale dynamically to handle the increased load, reducing the risk that an anxious customer sees a website or application that won’t load due to traffic.

Although I’ve put the recommendations in this post in the context of an insurance company, there are potential benefits for any organization looking to modernize to a containerized cloud architecture and improve customer-facing processes:

  1. Applications, both internal and customer-facing, can be assembled from independent services including legacy APIs, BPM microservices and third-party cloud services. This allows them to undergo rapid iteration to match the speed of your business.
  2. Containerized hybrid cloud applications can be quickly ported from development to test to production environments, whether on premise or in a private or public cloud, with minimal risk of incompatibility.
  3. Cloud applications can be scaled up (or down) automatically to meet demand, providing better cost efficiency.

Let us know about the ways you’re modernizing your BMPS – leave us a comment on Twitter @skemsley, @alfresco

Alfresco in the News – 2018 Technology Predictions and Insights

With the new year ahead of us, we’re pleased to share with you some recent news coverage that features Alfresco’s continued product innovations and business insights from our experts. We’ll be bringing you news coverage several times a month so you can continually see the new, exciting things we’re working on – and what others are finding helpful about our solutions.  Thanks for reading and sharing your thoughts with us on LinkedIn or Twitter @alfresco:

ZDNetHow to execute on strategy: Getting great ideas from the whiteboard to the boardroom – top CIO leaders lend their perspective on how to bridge strong strategies with execution. McDermott International CIO, Akash Khurana highlights how Alfresco is key for delivering open and connected systems.

Website Magazine: 2018 Digital Forecast – Global business leaders shed light on this year’s marketing and technology predictions. Alfresco Strategic Solutions Leader, Ankur Laroia lends his commentary on data security.

CRN 10 Security Predictions For 2018 – This predictive piece also features Ankur’s insights about the growing importance of the Chief Security Officer and the Chief Information Security Officer in today’s business organizations.

DevOps: The Value of Commercial Open Source – Alfresco’s VP, Product Marketing, Chris Wiborg shares his thoughts on the value of commercial open source platforms to innovate and meet unique customer needs.

We look forward to engaging with you about these and other future topics on our social channels. Drop us a comment on LinkedIn or Twitter @alfresco:

Security and Data Protection at Alfresco – meet our Security Director, Phil Meadows

October is Cyber Security Awareness Month and as official champions of the scheme, we wanted to shine a light on security here at Alfresco. So we asked Alfresco Security Director, Phil Meadows about his role here keeping us, and customer using our products, secure.

What do you do at Alfresco and how did you get into this role?

As the Security Director here at Alfresco I’m responsible for ensuring that the products that we deliver are secure and also that we’re running our business in a secure way. I originally come from a software engineering background and most recently I led the DevOps team here so I have had a lot of experience with both software and operational security, which was great preparation for being Security Director.

How do you ensure that Alfresco is developing products that keep customer organizations secure?

We make sure that we consider people, tools and policies to help ensure that security is an integral part of our product development process, not a separate activity. We support the engineers with training and personal development to make sure that they’ve got the right level of security awareness. We’re also building a virtual team of secure coding representatives from across the engineering teams to be able to share best practices and also make sure that security is considered up front in everything we develop.

We follow some of the DevSecOps approaches and integrate automated security scanning analysis tools into the development pipelines. I’m a believer that if the engineers can have potential security flaws highlighted as they are writing code, then it’s a lot easier to resolve while it’s still fresh in their mind. We also use more heavyweight automated scanning tools and we make use of third party penetration testing companies to give us external validation.

We also put in place policies to make sure that if and when security issues are reported, that they’re categorised and responded to appropriately.

What are some measures the security team takes to ensure the protection of customer data?

As a company we have regular SOC2 assessments of our own operational processes. This makes sure that we have appropriate policies and processes in place to cover security, availability, processing integrity, confidentiality, and privacy of customer data that we hold. Our documentation team provide extensive documentation about Authentication and Security of our products to help customers correctly configure and run their systems.

For customers who have compliance obligations around storing records we also have information governance solutions which meet a number of standards including NARA/OMB 2016 and 2019, ISO 15489, MoReq and VERS.

Your job means you’re responsible for helping our customers run Alfresco securely. Tell us more about that.

As a security team, we work closely with all parts of our company that are helping customers  to help them out with guidance and advice on how to run our products securely. We also work closely with product engineering on tools like our AWS Quick Start and other reference documents and deployment tools to make sure that they have a good level of security built in.

One of my colleagues in the security team, Toni de la Fuente, has his focus on operational security. Increasingly, our customers are running Alfresco on AWS. With Cloud security a big concern, and as open source believers, we like to share the tools that we create. We have an active project called Prowler which anyone can use to assess the security of, and then harden, their AWS accounts based on the industry standard CIS benchmarks. We’re also working on a new project called The Trooper which will allow automated deployment of an integrated suite of AWS security monitoring tools. Watch this space!

To hear more from Phil and Toni, watch them discuss Security at Alfresco in this recent Tech Talk Live:

Change is in the air, Alfresco style, and I like it

The air is changing here in Northern California, as the daylight shortens, the nights get cooler and Autumn 2017 sets in.  With every change of season, I always seem to reflect back on the past year, and with so many recent developer centric events concluding, and gearing up, I thought it was a good time to acknowledge all of those efforts.  Not sure if 2017 was a strong developer year because of the North American Eclipse of not, but it could be… </bad pun>

Thinking back on 2017, it’s been a strong year in the developer community, and while it’s not over yet, there is positive momentum.  It was great to meet many community developers in Spain this past at April at BeeCon.  That was time well spent with great sessions and conversations.  Most recently, I was impressed with the number and quality of projects presented in the most recent Hackathon earlier in October.  It was great to see the list grow as there was a call for projects.  For those that missed it, there was an extended (>90 minute) Office Hours which included many demonstrations.  I made this video “required viewing” within the product management team as we are always looking for inspiration and ways to improve the product.  Ideally, I’d love to see some of these projects make it into the product and we have taken steps to make the contribution process easier.

I love seeing the steady stream of interesting topics in the Tech Talk Live and Office Hours events, as well as other demonstrations that are archived on our YouTube channel.  In addition, to see how these projects are made, I like to subscribe to many of the Alfresco projects in github.  I often find I send links to these when asked about topics from partners, developers and customers.  We have also taken a broader view of personas to include technical architects and devops, in addition to developers to address deployment, test automation, scaling, and security best practices, as we strive to support continuous integration and continuous deployment.

There continues to be great topics posted and conversation at for Alfresco Content Services, Alfresco Process Services, and the rapid releases of the Application Development Framework.  Some have also commented on the increased depth of documentation at as well as a single landing page to help newcomers at As more developers choose to deploy Alfresco in IaaS, we are happy to have updated the AWS Quick Start a few times over the past year with refinements and enhanced security. Speaking of AWS, it’s also exciting to posts for adding value to image content in an Alfresco repository using Kinesis Firehose, Rekognition, Lambda.

Also, I am very excited for the upcoming DevCon which will occur Jan 16-18, 2018 in Lisbon Portugal. The call for papers is now, so if there is a topic or project you are passionate about, I highly recommend you take this opportunity.  I look forward to sharing the latest product roadmap at DevCon and hearing from all of you what types of use cases you are addressing.  Overall, we want to do a better job of providing direction on each area of the roadmaps (Process Services, Content, Services, Governance Services, Applications Development, Analytics, etc.) to make it easier to plan your development and contributions.

But, this year is not over and if you want to get together with others interested in Alfresco, let us know how we may be able to help you host a MeetUp in your part of the world.

So, while 2017 continues on, there is a nice change in the air for our developers which reminds me why we are called Alfresco in the first place; It’s open and fresh, with the smell of clean air.

Alfresco Once Again Positioned as a Challenger in Gartner 2017 Magic Quadrant Report for Content Services Platforms

I’m delighted to announce that Gartner, Inc. has named Alfresco a Challenger in its 2017 Magic Quadrant for Content Services Platforms. 2017 marks the second year in a row that Gartner has placed Alfresco as a Challenger in the evolving Enterprise Content Management (ECM) market.

I believe placement in the 2017 Gartner’s Magic Quadrant for Content Services Platforms Challengers’ quadrant validates Alfresco’s ongoing innovation and execution in the rapidly evolving content services market. Our Digital Business Platform is a great fit for organizations that are looking to differentiate themselves by delivering engaging customer experiences at scale. For organizations with Digital Transformation initiatives, our open source roots and transparent approach are appealing to developers, content professionals and architects alike.

In the last year, we have expanded our technology partnerships to advance differentiation and innovation, including being the first content services provider on Amazon to launch an Alfresco instance with an Amazon Web Services Quick Start. By providing our customers with an extensive set of open APIs, developer tools and cloud-ready deployments, we build a level of agility, engagement and loyalty that is fundamentally different than many of our competitors.

Alfresco’s cloud-ready and developer-friendly, open source software powers the daily work of millions of people, addressing the unique needs of financial services, healthcare, insurance, government, manufacturing, and publishing companies, in countries around the world.

Download the Gartner Magic Quadrant now to read Gartner’s full analysis of the Content Services Platforms segment.

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.