Digital sovereignty and IT excellence with AWS

The customer is always at the centre of everything we do at adesso. And especially when we talk about IT excellence and the associated cloud, there are many questions surrounding the currently much-discussed and important topic of digital sovereignty.

If we now approach the topic from a cloud-specific perspective, two key pillars emerge: Operational sovereignty and data sovereignty, whereby the latter is further divided into data residency and operator access restriction.

Operational sovereignty involves maintaining operations despite geopolitical instability, such as foreign interference, natural disasters or technical failure.

While data sovereignty addresses issues such as full control over the specific storage location and the exclusion of access by the cloud provider and foreign countries.

BARMER has set itself the goal of actively tackling current and future challenges such as data democratisation, automation and the promotion of innovation. To fulfil these requirements, they are striving to become a data-driven company. The key to this lies in building a comprehensive data and analytics platform that enables data-driven decisions to be made and processes to be optimised.

One of the use cases for this platform involves the training of specific customised machine learning models, which should lead to a higher degree of process automation. The aim here is to increase the speed and quality of decisions as well as to significantly improve flexibility and customisability for members, while strengthening BARMER's innovative strength and future viability. The protection of member data and digital sovereignty are the top priorities in all developments.

For the implementation of the project, BARMER relies on the possibilities of the Amazon Web Services public cloud, as the broad service portfolio and the maturity of the services, as well as the extensive options for ensuring digital sovereignty, are particularly impressive.

One of BARMER's requirements is to process social data within Germany, which is why all systems and data are stored exclusively in the AWS region of Frankfurt. This measure gives BARMER full control over where the data is stored and processed.

In order to meet the relevant regulatory and legal requirements, such as the GDPR, the already encrypted data is anonymised and encrypted upon arrival in the cloud in a so-called Confidential Zone. Technically, the AWS Key Management Service with an AWS Cloud HSM and a customer-managed key is used for end-to-end encryption of the data. In order to comply with the "operator access restriction" at this point, there is the challenge that the data must be technically processable during anonymisation and encryption. With the help of AWS Nitro, a secure "confidential compute" environment is provided at this very critical point from a sovereignty perspective. To prepare the data for further processing by Amazon Sagemaker, a fully managed service to enable powerful machine learning for any use case.

This approach makes it possible to train corresponding machine learning models and then use them directly for the use case of increased automation. This ensures simpler processes, a shorter response time and therefore greater satisfaction among members.

This use case is embedded in BARMER's larger AWS data platform, which provides additional security and sovereignty features such as "need-to-know/least-privilege" access with multi-factor authentication through AWS IAM and strict control and logging mechanisms based on AWS services such as AWS Cloudtrail and AWS Organisations.

Shortly after implementation, BARMER's jointly developed solution enabled 15 per cent of all applications to be approved completely digitally via the BARMER app within one hour thanks to automation, while maintaining the same level of quality. The aim is to increase this figure for auto-approval to 60 per cent by the end of 2024, thereby reducing the workload by 50-60 per cent. At the same time, customer satisfaction increases through digital processing and the speed of responses increases enormously.

BARMER is already benefiting from the innovative possibilities of the AWS Cloud, while retaining its digital sovereignty and thus its full ability to act.