Securing data in a way that complies with European directives is important to ensure the high availability and resilience of critical software needed for our society to function - a point emphasized by Johan Tordsson, co-founder and CEO at Elastisys, who argues that it is particularly important for critical societal functions such as energy, healthcare, and financial services.
"Our society depends on these services, and keeping them available online and secure to use is vital," Johan says.
In today’s global digital ecosystem, the concept of digital sovereignty is gaining increasing relevance. The latest example is the EU directive, NIS2, which came into effect in January 2023, aiming to enhance collective cybersecurity within member states. Starting on October 18, 2024, all affected organizations, so-called essential entities, are expected to comply with the new requirements, an action made to increase cybersecurity in Europe. The consequences of ignoring this can give essential entities fines up to €10,000,000, or 2% of the global annual revenue, whichever is higher (CMS, 2023). This highlights the importance of considering data security not as a one-time effort but as an ongoing task integrated into companies' daily operations. Elastisys already serves several clients covered by Swedish legislation, thereby meeting the requirements as a provider for such customers.
What is NIS2?
NIS2 is an EU directive aimed at improving digital security across critical sectors in Europe. It covers industries like energy, transport, banking, healthcare, and digital services. It mandates entities to adopt strong security measures, report incidents, and promote collaboration among EU members to combat cyber threats. The NIS2 directive shares a strong connection with other initiatives, such as the Critical Entities Resilience (CER) Directive and the Regulation for Digital Operational Resilience in the Financial Sector, commonly known as the Digital Operational Resilience Act (DORA).
Establishing a Secure Digital Infrastructure
Elastisys enables organizations to develop crucial software rapidly without compromising security or regulatory compliance in applications or data storage. We strive to foster digital innovation in Europe through cutting-edge cloud technology, prioritizing security and regulatory compliance.
Our solution ensures digital sovereignty for European companies by processing and storing data that complies with Swedish and EU legislation. It also ensures high availability and resilience, crucial for entities that play a key role in society's functioning, especially in industries like energy, defense, healthcare, the public sector, education, and finance, all of which have strict regulations and confidentiality requirements.
"No Longer Ignorable"
One of the most common challenges for companies needing data security is choosing between security and efficient software development. And, of course, understanding the risks associated with this trade-off.
"More industries must prioritize data security to prevent cyberattacks. Previously, security has often been deprioritized within companies due to the challenge of quantifying it. However, we can no longer afford to ignore it. Companies must be well-versed in regulations and IT security to safeguard their future, both legally and ethically, and to meet customer demands," says Johan Tordsson.
Elastisys provides a secure cloud platform for modern applications where data is processed and stored according to the new NIS2 directive and other EU security standards and regulatory requirements such as ISO27001, GDPR, BSI, and much more.
"The primary advantage of running applications in a cloud is accelerated innovation, but this should not come at the expense of security and regulatory compliance. By entrusting us with the 'cloud,' our customers can achieve both," Johan concludes.