Secure Whistleblowing Platform: A Cloud Development Story

In the wake of the EU Whistleblowing Directive, Gendas emerged as a paragon of ethical innovation, driven by the need to empower employees to voice concerns without fear. The co-founders of Gendas, with their foresight and commitment to integrity, recognized the imperative need for a secure platform that would enable EU companies to maintain the highest standards of compliance.

Challenge

The directive set a clear yet formidable deadline: develop a Minimum Viable Product (MVP) for a whistleblowing platform by the end of 2022, with full implementation mandated by January 1, 2023. The platform had to be a bastion of privacy, ensuring the anonymity of whistleblowers through advanced security and encryption, while remaining user-friendly and accessible. Lars, the founder of Gendas, approached us with the vision to build a secure platform featuring end-to-end encryption—a critical element to protect whistleblowers. The goal was to create a platform for companies like Gendas, with the flexibility for resellers to utilize the same platform, complete with a fully white-label option, branding, domain, and more.

Solution

INSSIO accepted the challenge, embarking on a three-month intensive development sprint. Our team, consisting of four developers, one QA specialist, and a project manager, harnessed their collective expertise to create a platform that was not only functional but also the epitome of security. We utilized ASP.NET WebAPI and Angular, hosting everything on Azure with a highly secure setup that included Application Gateways and different Vnets. Our commitment to encryption and compliance was steadfast as we introduced our proprietary end-to-end encryption solution, navigating the intricacies of protecting sensitive information within a streamlined user experience.

• ASP.NET WebAPI and Angular Development:

  • Leveraging the robust capabilities of ASP.NET WebAPI for backend operations and Angular for a dynamic frontend, our team crafted a responsive and intuitive interface for both administrators and whistleblowers.
  • The integration of these technologies facilitated a seamless interaction between the platform’s various components, ensuring a smooth and secure user experience.

• Azure Hosting with Advanced Security:

  • The entire Gendas platform was hosted on Azure, chosen for its scalability and comprehensive security features. We utilized Application Gateways and segregated Virtual Networks (Vnets) to enhance the platform’s security posture.
  • Azure’s resilient infrastructure allowed us to manage traffic effectively, guaranteeing consistent service availability while upholding strict security standards.

• Proprietary End-to-End Encryption:

  • To meet the critical requirement of data protection, we developed a proprietary end-to-end encryption solution. This ensured that all whistleblower submissions were fully encrypted, from the point of entry to storage and eventual reporting.
  • Our encryption solution underwent rigorous testing to comply with industry security standards, providing peace of mind for whistleblowers and companies alike.

• Multitenancy and White-Labeling Flexibility:

  • Designed as a Software-as-a-Service (SaaS) offering, the Gendas platform supported multitenancy, allowing multiple companies to operate within a single instance while maintaining distinct branding and domains.
  • The white-labeling feature offered resellers the ability to fully customize the platform, including branding and domain settings, to meet their clients’ specific needs.

• Dedicated Team and Agile Methodology:

  • A dedicated team of four developers, one QA engineer, and a project manager worked in concert over three months to deliver a flawless solution.
  • Employing agile development practices, we maintained close collaboration with Lars and his team, ensuring that the platform evolved in response to feedback and changing requirements.

Result

The launch of the Gendas platform was a landmark event in corporate compliance and ethics. After six months of development and testing, the platform was met with an overwhelmingly positive reception. Users praised the seamless security measures and intuitive design. The MVP’s success is a testament to INSSIO’s relentless pursuit of excellence and a sign of the platform’s potential to redefine the European business landscape. Following the initial launch, we continued to innovate, adding new features and providing unwavering support to Lars and his team on this transformative journey.