Companies that already use cloud computing say that "the cloud" is making an important contribution to digitization. In the German Cloud Monitor 2021 by KPMG and Bitkom Research, nine out of ten organizations confirm that cloud computing is making a rather large to very large contribution to the digitization of their company.
For those companies that are skeptical about cloud computing, compliance and security issues are the main concerns, as PWC mentions in its Cloud Governance Report for Germany. According to the report, 60 percent of companies that are skeptical about the cloud say that they do not use cloud computing. The reason: the risk of violating regulations and laws by using cloud services. Just over half of the companies surveyed (52 percent) share the concern that the security of company data "in the cloud" is not sufficiently guaranteed.
Despite these concerns, the use of cloud computing within the insurance industry is also on the rise. Nevertheless, insurance companies operate in a complex regulatory environment with historically grown IT landscapes and siloed organizational structures. Therefore, there are many issues associated with moving applications and data to the cloud, especially in terms of compliance and security.
Service users bear the responsibility
"Basically, there aren't many changes for service users. When transferring the operation of applications to an SaaS provider, the service user is still responsible for compliance and regulatory requirements – just like it was before when it was operating the system itself," says Karsten Schmitt, Head of Business Development at adesso insurance solutions.
The far-reaching difference, however, is that the role of the service user changes: companies that use SaaS must ensure that the service provider observes and complies with all legal regulations.
The most important regulations are:
- Data protection according to the GDPR
- BaFin's Insurance Supervisory Requirements for IT (VAIT)
- The C5 Cloud Computing Criteria Catalog of the German Federal Office for Information Security (BSI)
- The EIOPA Guideline for Cloud Outsourcing.
Based on these requirements, service providers must always assess the feasibility of an SaaS offering. To address internal concerns as well, an insurance company's selection of a cloud provider must be accompanied by a risk audit and review. Therefore, it must be ensured that the SaaS offering complies with the criteria of the various regulations.
Role change: from on-premises operation to IT provider manager
In addition to time, obtaining insurance software as a service requires diligent preparation. Most importantly, an IT organization must be transformed in order to have the necessary capabilities for moving from on-premises operations to the role of IT provider manager. This should be an important part of any cloud strategy.
This blog post is the final part of a three-part series called "Insurance Software from the Cloud." In the first post, we looked at this topic against the backdrop of digital transformation, followed by a look at technical implementation.
If you would also like to find out which regulatory and data security criteria an SaaS provider must meet in an insurance environment, download our free whitepaper Plug & Play – Application Landscape for Insurance as Software as a Service now (in German only).
Are you planning to modernize your IT and thinking of switching from on-premises to an SaaS operating model? Then get in touch with us. Karsten Schmitt will be happy to answer your questions.
Do you have any questions or comments? Then please leave us a comment.