We contacted Knowit to help us ensure we’d meet the requirements for cloud services from the public sector. We were met with the level of professionalism and expertise you’d expect from Sweden’s leading cloud consultants. Along the way, as we worked towards goals and through challenges, the communication was consistently efficient and clear - not only the technical stuff but also about legal matters. Above all, they were a network of positive problem-solvers and a joy to work with. The personal interactions are what really puts them head and shoulders above the rest,

says Johan Olander, CTO at Goozo 

Goozo is a product company that develops support for managers and HR departments. With their app-based solution, an HR department can follow up all personnel-related efforts made in the organisation, in relation to their measurements. In this way, the customer can see the effects of their work.  

Goozo caters to both the private and public sectors. Goozo’s current solution is cloud-based and is operated by Amazon Web Services (AWS). This same solution will now to be delivered to the public sector, and this entails some challenges.  

Information can be monitored

The challenge is that American authorities have the right to collect stored personal information from any company operating in the U.S. that controls and owns its information, regardless of the storage location. This right has been widely criticised from a privacy-protection point of view, since in theory it allows the United States to access information without the need for consent from the country where it is stored. The challenge here is to counteract this possibility by taking technical measures to prevent such data collection from occurring.

Regulatory requirements for privacy

Together, Knowit and Goozo developed a solution that meets the requirements of Goozo’s customers in both the public and private sectors. This was carried out by creating environments with technical limitations that make it impossible for users, to activate third-country transfers - even accidentally. There are far-reaching measures for encrypting data, regular testing of backups for increased continuity, and the environments are monitored in such a way that it is possible to provide evidence of key usage and access to data.

Goozo commissioned Knowit to develop a cloud-based solution, with AWS ClearStart as its foundation, that would ensure that Goozo’s solution met the public sector’s security requirements. These are based on Swedish and the European Union's (EU) regulatory requirements, including the Law on Public Access to Information and Privacy (lagen om offentlig tillgång till information och sekretess, OSL) and the General Data Protection Regulation (GDPR), as well as recommended measures from the report “Cybersäkerhet i Sverige 2020” (“Cybersecurity in Sweden 2020”).  

A new market opened up

Knowit used a special method to set up the encryption keys so they can only be used within Sweden. The keys are owned by the end customer and managed by either the end customer or Goozo’s representative. The confidentiality of the data, and thus the personal privacy of the users mentioned in the stored information, is preserved, despite the risk of data disclosure. With Knowit’s solution opened up the opportunity for Goozo to deliver its cloud solutions in the public sector market, as well.

“In collaboration with AWS, we created a solution for Goozo’s service that met the requirements of Swedish public authorities for privacy and confidentiality. AWS was very accommodating and had a great understanding of the Swedish requirements. Our good relationship with AWS also facilitated the development of the encrypted service,”

says Ali Yenidogan, Account Manager at Knowit. 

Contact us
Ali Yenidogan
Nordic Business Alliance Lead for Google Cloud at Knowit
Contact me
Contact me

Back to top