But what's the reality behind the buzz? The idea of having software you use living somewhere other than your own data center isn't new. Having lived through the development of service bureaus and application service providers, skeptical IT execs listen to chatter around SaaS and can be excused for asking, “What can it do for me?”

The answer, according to Joe Cardenas, is “everything.” Cardenas is CIO and founding management member of Employers Direct, a California-based workers' compensation insurer. “I can't imagine anything SaaS can't do,” he says.

The assessment of Cardenas, former CIO of SaaS pioneer salesforce.com, is among the most optimistic to be found in the insurance industry. However, he does back up his claim through the IT strategy Employers Direct has pursued since the company was formed in 2002.

Employers has no on-site data center, meaning all the applications the company uses are delivered either via SaaS or another remote hosting model. It's what Cardenas calls a “zero footprint” IT strategy.

“I have no operational folks on my payroll. I have no DBAs,” he says. “Instead, I have a staff of 17 in IT that oversees the output of our vendors and providers.”

Cardenas believes today's market presents better opportunities than ever for insurers to capitalize on a pay-as-you-go IT strategy. “SaaS is more and more prevalent today. We've been able to find more and more insurance-specific services now, whereas a few years ago it was zero. Today, our largest owned infrastructure investment is in network bandwidth. It's a completely different philosophy,” he says.

SaaS shares some features with yesterday's application service provider (ASP) model. However, rather than simply slapping a Web front end on an existing application, SaaS is built from the ground up to capitalize on the delivery capabilities and integration strengths of Web services and SOA.

“Using an ASP generally meant you got the same solution as you would have if you were using on-premises software. You simply were choosing to have the solution hosted at a remote location with a third party,” says Kimberly Harris-Ferrante, vice president and distinguished analyst at Gartner Research. “SaaS is not just about hosting; it's the delivery and functionality.”

Also, SaaS typically is a multi-tenant solution. “With SaaS, users have less ability to customize and configure solution functionality, since it is a shared model,” she says.

Adding to the buzz around SaaS is all the current commotion about cloud computing, which often is mentioned in the same context as SaaS.

The difference is SaaS is limited to the delivery of software on demand; cloud computing is about delivering any number of IT capabilities on demand–software, infrastructure, platform, or other services. In other words, all SaaS is cloud, but not all cloud is SaaS.

SAAS STRENGTHS

Insurers looking to SaaS are targeting two key benefits: lower cost and faster access to better, more modern technology.

Cardenas believes there are several factors that contribute to the cost benefit of SaaS. “A lot of the analysis I see focuses on the run rate of a SaaS product being a little bit lower, comparing the subscription cost with the amortized purchase price,” he says. “But what that analysis doesn't include is the monstrous cost of constant upgrades. The true cost of ownership over time is a huge expense,” he maintains.

Furthermore, Cardenas believes making an ownership investment leads to inertia that prevents companies from making needed changes. “What people don't realize is as you purchase products, there is a debt and an investment that mount up. Any company with a mountain of installed, purchased software is limited in what it is willing to do. You are going to depreciate that investment out to the end, no matter what, even if something better comes along,” Cardenas says.

Carriers also look to SaaS as a better business solution, according to Jeff Goldberg, senior analyst at Celent. Carriers strategize SaaS “will free up resources for us, put us in connection with more modern technology, and help us do our business processes better. That is a more valuable way of thinking about it than when carriers simply are looking at it being cheaper than hosting the software themselves,” he says.

This solution focus has led to interest in SaaS originating from the business side. “If I'm a business manager, I may want a new system, but I may see IT as a roadblock–it takes too long to get a system implemented. But maybe I can find a SaaS alternative I can implement quickly, with limited-to-no IT involvement, particularly if it's an ancillary system that sits on the periphery,” Harris-Ferrante says.

RISK MANAGEMENT

Benefits of SaaS come with risks to manage. Insurers' largest areas of concern about SaaS remain data security and service availability.

“You want to make sure in choosing the provider you do your homework going in and have a very good SLA built into the contract,” says Vino Valle, senior vice president and operations and systems officer for Lexington Insurance Company, an AIG member company.

Lexington already had been using hosted versions of AMS Service's Phoenix policy administration system for specialty homeowners and Duck Creek's policy administration platform for middle-market commercial lines. In early 2007, the insurer began using the SaaS-based Aspire platform from Maple Technologies to administer a specialized “bloodstock” insurance program for racehorses.

When Celina Insurance Group began using iPartners Insurance Scorecard, a SaaS-based business intelligence system, data security was a key concern. “They have our data as well as the data of a lot of other insurance companies,” explains Rob Shoenfelt, Celina's CIO. “We had a lot of discussions with them about security as well as their business model–to make sure they'd stay in the data warehousing business and not become a competitor of ours down the road.”

“Data security in general has gotten better,” Goldberg asserts, “and vendors have done a better job of educating companies about security.”

Still, managing security and other risks is a multifaceted endeavor–from negotiating contractual SLAs and requiring SAS 70 Type II audits to visiting the vendor's data center to check out the system controls firsthand.

“Anybody who is looking at a vendor needs to ask for a copy of the latest SAS 70 audit,” Cardenas says. “Vendors complain about providing them, but it's like reading a book about their operations and the foibles of their operations. Particularly if it's a 'SOXable' process, you better have a Type II audit.”

For Employers Direct, the more pressing risks of SaaS were network stability and availability. “You are very dependent on your network. Your setup needs to be 'up to code' and have a lot of redundancy,” Cardenas says.

“If you don't have a multivendor network strategy–if you put in a typical, underinvested network, and then put a lot of SaaS through it–you're putting the company at risk,” he adds. “With your typical data center, losing connectivity to the outside is not a big event, but it's a different world with SaaS.”

Another concern with SaaS is vendor stability. In a November 2008 podcast on “Software as a Service for Life Insurers,” Gartner principal research analyst Juergen Weiss noted among the top reasons carriers are “very reluctant” to work with SaaS offerings were concerns with the stability and long-term viability of SaaS providers as well as provider performance.

Instability is something Valle experienced firsthand. “Many years ago, we had a situation where we used a company we felt was a very good provider for hosting and supporting a personal lines application. However, with short notice, the vendor went out of business. It was a scramble to find another vendor to pick up the application and run with it,” he says.

Also, the more SaaS offerings a carrier uses, the more integration that is required. “Interoperability and integration are important,” Harris-Ferrante asserts. “You need to assess the architecture and integration requirements of how the solution will coexist with the surrounding applications, including process execution and data sharing.”

On the upside, Web services and SOA have made it easier to do the integration, Goldberg says. “Now you can take a system that is fairly central to your operations and leverage SOA in order to integrate a third-party system that's hosted somewhere else. There has been a technology change that has happened across the industry to better enable that,” he remarks.

“There is more integration required, but it's easier to integrate when you're talking to a true SaaS service,” claims Cardenas. “Those [SaaS] providers 'get it.' They are architected as Web services, everybody's talking SOAP, and life is good. But if you've convinced a [non-SaaS] provider to deliver an application as a service, it gets more complicated.”

Employers Direct uses different techniques for SaaS integration but favors the Cast Iron appliance as an integration hub. For instance, the company uses Cast Iron to integrate a hosted claims administration system with external, Web-based systems that claims staff interacts with, such as insurance department filing systems and court record applications.

SAAS INTEREST

Despite promising benefits of lower cost, better technology, and easier maintenance, SaaS is hardly the solution of choice for most insurers. “The prevalence and use of SaaS among insurers is very low,” observes Harris-Ferrante.

That stands in contrast to other industries. Research firm IDC projects 76 percent of all U.S. organizations will use at least one SaaS-delivered application for business by the end of 2009, and spending on SaaS will increase nationwide by more than 40 percent.

There are a few areas in the insurance industry where SaaS has established a tenuous foothold. First, insurers look to SaaS in horizontal functions–CRM, contact management, sales force automation–any area of business operations where, whether you're an insurer or a widget manufacturer, processes are fundamentally the same. Conversely, insurers look to SaaS to perform specialized insurance functions that aren't transaction focused, such as business intelligence.

“Business intelligence and niche areas such as fraud detection are wonderful examples of how to use SaaS for competitive differentiation. In these instances, insurers can use a basic solution that is offered as a SaaS. The key uniqueness for these activities [becomes] the models and analysis done with the tool, the data itself within the tool, and how it is applied within the insurance operation. Using a SaaS alternative is a viable solution for these types of functions,” Harris-Ferrante says.

Prior to deploying the iPartners platform, Celina had built its own data warehouse and analysis tool. However, after building the warehouse, the system sat relatively unused.

“It was a great tool, but it essentially was turning over a blank sheet of paper to the users,” Shoenfelt says. “The solution was extremely flexible, but users had to build the analyses and develop the reports themselves. They wanted something that was 'precanned' instead.”

iPartners provided those prebuilt analyses. “They have a solution for insurance companies that allowed users to jump right in,” Shoenfelt says.

The system, which leveraged the foundation created by the data warehouse project, took about three months to deploy, most of which was related to data scrubbing. The application loads data provided by a weekly extract from Celina's policy and claims systems and displays analyses through a Web interface that is used by Celina top management and product managers.

For Celina, the usage-based model has delivered significant benefits. First, from an expense standpoint, the business can see what using the system costs and be charged that cost, rather than have IT absorb the expense in its budget.

“When you have to write a check for a specific item of usage, it's no longer just an IT cost that's 'free,'” Shoenfelt says. “It's also a time issue for us. We have only so much time to build things, so [using SaaS] gives us more time.”

From a management standpoint, Celina can look at who's running–or not running–analyses. “This has been an eye-opener of an expense to them,” says Shoenfelt. “They can decide whether it makes sense to pay for a user license for someone who's only going to use the system once a quarter or ask why some managers aren't using the system if their colleagues are.”

Celina's strategy for SaaS in general is to use it when it gives the company an advantage and own the system when it does not.

“You can get to market faster with SaaS and then decide whether to keep it off site or bring it in-house. With the [iPartners] system, we're going to keep it [off site] unless we get too many users or the demand for customization is too high and it makes sense to do it ourselves,” Shoenfelt says.

SaaS has been a bridging technology for Celina in the past. In one case, the company licensed a rating engine to use for its Web portal in order to obtain faster speed to market. But later, with the portal in place and not wanting to maintain two systems, Celina chose to extend an in-house engine to process data from both the Web and the internal quote system. Likewise, Celina had used a service to store electronic documents until the cost of storage dropped to the point where it made economic sense to bring that service back in-house, as well.

Another area in insurance where SaaS has seen somewhat stronger deployment is in support of specialized lines of business or greenfield operations, such as new lines of business or entirely new companies.

In those areas, “SaaS is a leveler,” says Andrew Berry, president of management consultancy Newport Risk Services. “Smaller or boutique players can afford more sophisticated technology. One of the areas [SaaS] is very appealing is in a startup situation. It reduces your upfront fixed costs.”

Lexington–one of the largest excess and surplus lines insurers in the U.S.–is neither a small company nor a startup, but it does have specialized lines of business for which traditional policy administration systems simply aren't designed.

“If you insure a 2008 Chevy, throughout the life of the policy it's still a 2008 Chevy. But a racehorse will change in classification throughout the life of a policy. The racehorse becomes older. It may become pregnant. There are thousands of potential factors that can change the classification of a racehorse. We also need to have the ability to create custom policies and otherwise deviate from standard products,” Valle explains.

To customize one of parent company AIG's systems to handle Lexington's bloodstock market wasn't a viable option. “It didn't make sense to modify a [corporate] system that was built to handle a multibillion-dollar book of business to accommodate a million-dollar book of business,” Valle says.

A SaaS-delivered admin system was the best option. Additionally, the Maple Technologies platform was flexible enough to handle the unique needs of racehorse insurance. “Maple Technologies simply was able to handle all the customization we required,” Valle says.

ADVANCING SAAS

Despite low levels of SaaS adoption today, Harris-Ferrante does expect to see an increase in interest among insurers, particularly because of current economic conditions.

“As the market crisis happened, we've started to see more companies look to SaaS as a way to get functionality when they don't have as much money to spend and need faster implementation cycles. They also perhaps are becoming a bit more risk-adverse when it comes to buying new technology and are looking at SaaS in 2009 as a solution that doesn't require paying upfront cost in software licensing. It's still not a mature trend, but we've seen it begin to develop,” she says.

Insurers will continue to need to gain a level of comfort they have managed any risks of SaaS.

“You are ceding some kind of control [with SaaS], even though the risks perceived and actual risks are different,” Goldberg says. “However, if you are considering a well-documented SaaS system and a vendor you trust, it's ultimately not much different having it run on your or the vendor's server.”

Carriers also have to contend with the human factor. “The bigger challenge to SaaS is the organization's culture and history. There is a hesitation on the part of insurance companies because of the traditional nature of IT organization and application development,” says Harris-Ferrante.

“For many insurers, it's still a new way of thinking. It's taking the traditional IT model and stepping back; saying, OK, up till now, I owned this 'kingdom,' but now I need to open up my environment,” Cardenas points out. “That's a hard thing for people to do.”