We are a well-established supplier of IT security solutions for Swedish authorities, especially those under the security protection regulation. We have learned that a well-functioning solution must balance requirements for, among other things, functionality, usability, IT security and compliance with regulations in order to be used efficiently and effectively in the agency’s daily operations. An essential part of this is choosing proven components with a good reputation.
When the pandemic hit, the threshold for the authorities shrunk and became even smaller as the requirement for remote work appeared overnight. Authorities then showed good digital adaptability and started using the tools that were available, including Skype/Teams.
Cyber security is not a destination, to keep up you need to constantly evaluate yourself and your own solutions. Swedish authorities are setting a very good example. At the same time that Skype was implemented to meet the changed situation that the pandemic meant, they chose to critically review the software.
The report: “Digital collaboration platform for the public sector” from eSam in November 2021, states:
“During the spring of 2021, the Swedish Tax Agency and the Kronofogdemyndigheten (Kronofogden) jointly investigated the conditions for replacing the software Skype for Business (hereafter Skype) with the cloud service Teams as the main video and collaboration platform.1 The investigation was carried out due to the announcement that support and maintenance for Skype would end within about five years and a judgment from the European Court of Justice in which the court, in simplified terms, judged that the design of the American intelligence and surveillance programs did not meet the EU’s requirements for how personal data may be handled. The court also ruled that personal data could not be transferred to the United States unless it could be ensured that the personal data transferred there was not accessible to the US authorities.”
The report concluded that Skype/Teams is not a solution for the future. Another section in the same report states:
“In their investigation, the Swedish Tax Agency and the Norwegian Kronofogden were able to determine that the use of Teams as the main video and collaboration platform would be incompatible with the rules that apply to the authorities’ operations. The main justification was that if Teams were to be used in the same way that Skype is used today, it would expose large amounts of information to Microsoft in a way that was not compatible with data protection and privacy regulations. The Swedish Tax Agency and Kronofogden also considered risks of lock-in effects, costs, continuity, suitability and continuous changes to the solution3 in their report. Several other authorities, i.a. Arbetsförmedlingen, Försäkringskassan and Trafikverket later joined the Tax Agency and Kronofogden’s assessment.”
Authorities worked together to investigate the matter both more closely and more broadly in a comprehensive report. They concluded that solutions that have historically been used no longer meet the requirements. The outside world changes and authorities change with it, so must the IT systems that the authorities use to ensure the integrity of citizens and the security of the kingdom.
Our opinion is that the Swedish public sector is awake both from a general IT-perspective and from a specific Cyber security perspective.
In the report Cybersecurity in Sweden – Threats, methods, shortcomings and dependencies, published in 2020 by the Swedish Armed Forces Radio Institute, the Armed Forces, the Swedish Agency for Community Protection and Preparedness, the Swedish Police Agency and the Security Police, states, among other things, the following:
“Outsourcing of IT infrastructure also means that there is a dependency on the service provider. When IT services are outsourced, it is often done to global service providers, which means that the dependency that arises is international. This is sometimes expressed as a risk of loss of digital sovereignty, a concept used in the EU context and means that a state loses parts of its control over its independence, autonomy and freedom of action in the digital area.”
We agree, for every authority that places its digital environment in the hands of a supplier from another legal domicile, the nation in question decreases her digital sovereignty.
Sweden is one of the world’s most connected countries and we have such good conditions for data storage that international giants locate their data centers in Sweden. We consider the conditions for being a digital sovereignty to be very good. We interpret it as eSam making the same assessment when we read the appendix to the report: “Digital collaboration platform for the public sector”. There, solutions with functionality for, among other things, are investigated:
- Video conference
- Document storage
- Fixed chat rooms
- Kanban (virtual board for visualizing work tasks, among other things)
- White board
In addition to functionality, it was also important that:
- Data storage can take place in a way that meets the authority’s requirements
- Authorities do not get locked into a system
- There are good collaboration opportunities with authorities and third parties that use other systems
We are pleased to note that the investigation highlights Nextcloud as one of two candidates that best meets the requirements for an overall solution. We make the same assessment and have therefore chosen to integrate Nextcloud into our collaboration platform link22 Standard.
We strongly believe in a society where authorities and private companies work together for citizens’ integrity and society’s safety. We think it is smart not to put all your eggs in one basket, to use systems that can be combined with other systems. We believe that it is wise to keep citizens’ data at home and we believe that if there is any country that can do it, it is Sweden.
Want to see how we take this challenge on? Book a demo here.
Related Products: link22 Standard