Debate – on empowerment and digital sovereignty, by Torbjörn Lindkvist, Cloud Services Expert and Business Development Manager at Storegate AB
Many of the customers I meet in the public sector take it for granted that when two or more parties collaborate with digital information, someone always has full control of the information, usually the client. Almost exclusively, this type of information exchange is regulated in a contract or a cooperation agreement that preceded a partnership or a delivery. It clearly specifies how and where information can be processed, in which jurisdiction it can be stored, and who will be the processor and controller.
It is also taken for granted that the IT systems or cloud services consumed comply with applicable laws and regulations within the framework of cooperation. Most of the information that is processed is currently regulated by specific legal requirements such as the Security Protection Act, NIS, GDPR, the Accounting Act, OSL or other regulations in Sweden and the EU.
Private companies also handle a large amount of information spread across several different suppliers, clients and often with the public sector as a stakeholder. The information created in a company can be of a sensitive nature and can contain everything from personal data, medical records, confidential data or, for example, sensitive infrastructure information worthy of protection. Many companies are careful to secure the data (know-how) that employees contribute to projects. They simply want to ensure that the value they create remains within the company. Unfortunately, private companies are not as careful as the public sector to comply with applicable laws and regulations.
The difference between having access to information and actually owning it is what I call control. Having full control over your information also means that you become sovereign. You have the ability to store and share your information on your own terms.
When it comes to processing information in public cloud services, it is not only exposed to the cloud service provider, but also to the jurisdiction in which the cloud service is domiciled. This is regardless of the continent in which the hardware itself is located and there is thus a real risk of exposure to third countries. Before choosing to store and process information in public cloud services, you should therefore analyze whether you still have full control and sovereignty after processing.
Now, some studies show that Sweden is far ahead in digitalization while others point to the opposite. Digitization is a good tool for streamlining physical processes into digital ones, but it must never be at the expense of losing control of information or putting the country and its citizens at risk. In less than ten years, we in Sweden have handed over a large part of the control to third countries. For the uninitiated, I refer to the home of the big five.
Companies and the public sector should become better at providing the right conditions and tools for employees to handle information in a legally correct way. What information can be handled and where it should be handled should be decided at management level and implemented in the management system. This should only be done after an impact assessment has been carried out with both a legal analysis and an information security analysis. And regardless of the conditions and smart tools for individuals, there is no substitute for the most important thing. Namely, training staff in a critical and conscious security mindset.
The fragmented world situation has made it clear to us Swedes that we cannot be as naive as before. There are threats that we need to defend ourselves against together. And together we must also ensure that our information assets are given the sovereignty they deserve.
In light of these concerns and the fact that many of us in naive Sweden have woken up, we at Storegate have seen an increased demand. We are a Swedish provider of GDPR-secure cloud services for file sharing, signing and business continuity planning. We complement existing operating systems and office support. We have the ability to help customers streamline operations with cloud services while complying with the laws, regulations and other regulations that exist to protect us and keep us sovereign.
So hand on heart… Do you have control over your information?
Contact us
Would you like to discuss information governance with us? Contact us and we’ll let you know how Storegate can help your business.
Recommended by eSam
Storegate one of two eSam recommended services(PDF report) for document management, file sharing and digital signing in Sweden under Swedish jurisdiction.
