Insurers Become More Comfortable With SaaS
Insurance Networking News, December 1, 2008
Over the past year, the concepts of Software-as-a-Service (SaaS) and cloud computing have been hot properties. They have been the "it" topic at industry conferences, and vendors have been scrambling to release their own takes on both.
The concepts-similar but not synonymous-each offer numerous compelling advantages. Cloud computing enables end-users to avoid up-front purchases of expensive hardware and software licenses in favor of monthly or incremental payments. SaaS also allows users to pay as they go, and pay for only those portions of applications they use. Each keeps the onus for maintenance, upgrades and other onerous and disruptive tasks on the vendor, rather then the customer.
Advertisement
Recent survey results confirm SaaS' popularity. For example, surveys conducted this year and last year by hosting provider Rackspace Hosting Inc., San Antonio, Texas, found that 51% of companies it spoke to already used a SaaS application, and 72% of those SaaS users are considering additional SaaS applications. Moreover, 69% of respondents see SaaS as the preferred software delivery method of the future, while 34% of respondents that are not currently using a SaaS application are considering it.
However, is SaaS appropriate for the insurance industry, which has more intense rigorous uptime and security requirements? Are data security and availability showstoppers? Industry IT executives and experts see potential for SaaS within limited roles and, so far, there have been few complaints about security. However, it's still unclear whether carriers would feel comfortable having mission-critical and data-intensive applications, such as policy or claims management, delivered from an offsite SaaS provider. Indeed, even in the mainstream, most SaaS deployments are centered on productivity or edge-of-the-enterprise functions. The most popular applications found in the Rackspace survey include customer relationship management software, used by 65% of respondents, followed by e-mail and business productivity applications (such as spreadsheets, document creation), with 48% of respondents. Another 23% employ SaaS-style applications for accounting and financial functions.
LINGERING DOUBTS
Beyond productivity or niche applications, some observers don't see a massive uptake of SaaS-based applications within the insurance industry anytime soon. "I don't see it happening," says Michael Goodside, enterprise architect for Jersey City, N.J.-based Insurance Services Office Inc. (ISO). "SaaS is less applicable to the insurance industry than it is to some other industries."
Michael Goodside
However, Randy Rodriguez, VP of Bluewolf Inc., a large New York provider of professional services for SaaS, sees things differently, saying there is great potential for insurers. For example, he says, "Salesforce.com has done a great job in addressing data security, with best in class enterprise security for SaaS solutions. As a result, major financial institutions, such as Merrill Lynch and CitiGroup, have adopted SaaS and Salesforce solutions. Because of this, the insurance industry should be confident that adequate security controls are built into SF and SaaS solutions."
Goodside argues that he doesn't see the capabilities in SaaS to effectively handle high-volume data loads required by insurers. Instead, as confirmed by the Rackspace survey mentioned above, he sees SaaS taking off for smaller, productivity-oriented applications, such as e-mail or document management-areas where data loss or corruption is not as critical an event. "Software-as-a-Service favors the simple things: low volume, pay for what you use, generic, low security," he relates. "It's not suited for specialized tasks where reliability is critical, proprietary information is involved and data volumes are large-the all-night batch job. At a very high level, I just don't see SaaS as a good mesh for the insurance industry."
Scott Fraser, CTO of Portico Systems, Blue Bell, Pa., says there are three main risk areas with the SaaS approach. First, he says, is security. "Is the enterprise opening itself up to new risk, or decreasing risk?" Then there are the risks behind availability. "Will the service be there when needed? What are the impacts of downtime?" The third risk factor is agility. "Is the solution providing an adequate amount of IT agility to enable business to not only respond to, but exploit rapid change as a competitive advantage?"
Concern over data security and availability is one that cuts across all industry categories. In the Rackspace survey, for example, 64% of respondents expressed high levels of concern about security, making this the leading category of unease. A related issue, data backup, was another top concern among respondents. In addition, a separate survey of 252 executives conducted by Midvale, Utah-based Burton Group ranked "greater information security risks" as the leading risk to SaaS. Moreover, 18% of respondents reported they have already "experienced" this risk over the past 24 months.
MORE SECURE
Data security is perhaps the most important consideration in SaaS engagements but, in some cases, security levels may be higher at SaaS provider sites than within companies' internal operations. "SaaS applications often are more secure than the customer's own environment," says Bill Nadal, SVP and CTO for Full Capture Solutions Inc., East Hartford, Conn. However, this level of added assurance doesn't come automatically. Companies need to become deeply engaged with their provider to ensure that security remains at a high level. This involvement may need to be hands on.
Barrie Parker, CTO for Pharmacists Mutual Insurance Co., Algona, Iowa, says he is closely engaged with his company's online query tool provider, iPartners Inc., Atlanta, as a member of its customer advisory board. He adds that the thorough vetting his company conducts on iPartners probably provides greater security than depending on internal IT staff.
iPartners "has the security on their end where their people can only see the monthly reports, they can't see the actual data itself," Parker says. "They have more security than a normal IT shop would put in place. They limit the amount of exposure more than you would for internal staff. It's a higher degree of security."
For more information on related topics, visit the following channels:
