Debate - on affordability and digital sovereignty, by Torbjörn Lindkvist, cloud services expert and business development manager at Storegate AB.
For many of the customers I meet in the public sector , it is taken for granted that when two or more parties cooperate with each other with digital information, there is always someone who has full control of the information, usually the client. Almost exclusively, this type of information exchange is regulated in a contract or cooperation agreement that precedes a partnership or delivery. It clearly specifies how and where information may be processed, in which jurisdiction it may be stored, and who will be the data processor and data controller.
Similarly, it is assumed that the IT systems or cloud services consumed comply with applicable laws and regulations within the framework of the cooperation. Most of the information processed today is regulated by specific legal requirements such as the Security Protection Act, NIS, GDPR, the Accounting Act, OSL or other regulations in Sweden and the EU.
Private companies also handle a large amount of information scattered among several different suppliers, clients and often with the public sector as a stakeholder. The information created in a company can be of a sensitive nature and can contain anything from personal data, medical records, confidential information or, for example, information about sensitive infrastructure that requires protection. Many companies are careful to secure the data (know-how) that employees contribute to the projects in question. They simply want to ensure that the value they create remains within the company. Unfortunately, private companies are not as careful as the public sector to comply with applicable laws and regulations.
The difference between having access to information and actually owning it is what I call control. Having full control over your information also means that you become sovereign. You have the ability to store and share your information on your own terms.
When it comes to processing information in public cloud services, it is exposed not only to the cloud service provider, but also to the jurisdiction in which the cloud service is domiciled. This is regardless of the continent in which the hardware itself is located and there is thus a real risk of exposure to third countries. Before choosing to store and process information in public cloud services, you should therefore analyze whether you still have full access and sovereignty after processing.
Now, some studies show that Sweden is at the forefront of digitalization, while others indicate the opposite. Digitalization is a good tool for streamlining physical processes into digital ones, but it must never be at the expense of losing control of information or exposing the country and its citizens to danger. In Sweden, in less than ten years, we have handed over a large part of the authority to third countries. For the uninitiated, I am referring to the home of the big five.
Companies and the public sector should be better at providing the right conditions and tools for employees to handle information in a legally correct way. What information can be handled and where it should be handled should be decided at management level and implemented in the management system. This is only after an impact assessment has been carried out with both a legal analysis and an information security analysis. And regardless of the conditions and smart tools for individuals, nothing replaces the most important thing. Namely, training staff in critical and conscious security thinking.
The fragmented world situation has made it clear to us Swedes that we cannot be as naive as before. There are threats that we need to defend ourselves against together. And together we must also ensure that our information assets get the sovereignty they deserve.
In light of these concerns and that many of us in naive Sweden have woken up, we at Storegate have seen an increased demand. We are a Swedish provider of GDPR-safe cloud services for file sharing, signing and continuity planning. We complement existing operating systems and office support. We have the opportunity to help customers streamline operations with cloud services while complying with the laws, regulations and other regulations that exist to protect us and keep us sovereign.
So, hand on heart, do you have control over your information?
Contact us
Would you like to discuss data ownership with us? Fill in your email address and we'll be in touch to tell you how Storegate can help your business.
Recommended by eSam
Storegate one of two eSam-recommended services(PDF report) for document management, file sharing and digital signing in Sweden under Swedish jurisdiction.