Volltext-Downloads (blau) und Frontdoor-Views (grau)

The Need of Security Inside a Microservices Architecture in the Insurance Industry

  • Even for the more traditional insurance industry, the Microservices Architecture (MSA) style plays an increasingly important role in provisioning insurance services. However, insurance businesses must operate legacy applications, enterprise software, and service-based applications in parallel for a more extended transition period. The ultimate goal of our ongoing research is to design a microservice reference architecture in cooperation with our industry partners from the insurance domain that provides an approach for the integration of applications from different architecture paradigms. In Germany, individual insurance services are classified as part of the critical infrastructure. Therefore, German insurance companies must comply with the Federal Office for Information Security requirements, which the Federal Supervisory Authority enforces. Additionally, insurance companies must comply with relevant laws, regulations, and standards as part of the business’s compliance requirements. Note: Since Germany is seen as relatively ’tough’ with respect to privacy and security demands, fullfilling those demands might well be suitable (if not even ’over-achieving’) for insurances in other countries as well. The question raises thus, of how insurance services can be secured in an application landscape shaped by the MSA style to comply with the architectural and security requirements depicted above. This article highlights the specific regulations, laws, and standards the insurance industry must comply with. We present initial architectural patterns to address authentication and authorization in an MSA tailored to the requirements of our insurance industry partners.

Download full text files

Export metadata

Additional Services

Search Google Scholar


Author:Arne KoschelORCiDGND, Andreas HausotterGND, Robin BuchtaORCiD, Pascal Niemann, Christin Schulze, Christopher Rust, Alexander Grunewald
Parent Title (English):SERVICE COMPUTATION 2022, The Fourteenth International Conference on Advanced Service Computing
Document Type:Conference Proceeding
Year of Completion:2022
Publishing Institution:Hochschule Hannover
Release Date:2023/05/05
Tag:Authentication; Authorization; Insurance Industry; Microservices Architecture; Security
GND Keyword:Computersicherheit; Autorisierung; Authentifikation; Versicherungswirtschaft; Mikroservice
First Page:6
Last Page:12
Link to catalogue:1847846203
Institutes:Fakultät IV - Wirtschaft und Informatik
DDC classes:004 Informatik
Licence (German):License LogoUrheberrechtlich geschützt