Mark Cleverley | Tuesday, March 13, 2012
The FBI’s decision to reaffirm that all cloud products sold to U.S. law enforcement agencies must comply with the FBI’s Criminal Justice Information Systems security requirements gives momentum to cloud computing becoming the key catalyst in the world of security, privacy and data protection.
And there are good reasons for vendors to make the effort. Public safety organizations are now dealing with more information than ever before. And quite frankly it’s becoming cost prohibitive for them to store and maintain.
For example, cloud storage enables large amounts of electronic information to be hosted by third parties that have the capacity. There are huge significant benefits – cost savings. Beyond not having to pay for the physical space to host the servers where all the data resides, public safety organizations no longer have to shoulder the responsibility on ensuring the hardware and software are operating and up-to-date. They also no longer have to dedicate as many personnel to maintain IT systems.
Okay, so let’s just get the two biggest “why cloud computing isn’t right for law enforcement and public safety organizations” arguments out of the way right now:
I lose control of my information.
Not true. In fact, the cloud can assist police departments in ensuring only those who are supposed to access the information have the secret handshake to get past the guards at the virtual gates. That said, some of the onus of who accesses what still falls to the content owner. Organizations must be thoughtful about their ability to control the data managed by the cloud provider and ensure that authorized users across their organization have access to the data and tools that they need, when they need it—all while blocking unauthorized access.
With cloud environments typically built to support a large and diverse community of users, these controls are even more critical. In addition, clouds introduce a new tier of privileged users: administrators working for the cloud provider. Privileged-user monitoring, including logging activities, becomes an important requirement. This monitoring should include security fundamentals such as physical monitoring and background checking.
Certainly, cloud computing has become a catalyst in the world of security, privacy and data protection. It is driving the open standards process and the modernization of data centers which will ultimately help support better security and privacy initiatives. Cloud computing also allows for more flexible IT acquisition and improvement by organizations so they can adjust the cloud environment according to the sensitivity of the data.
It’s not secure.
Again, not true. In fact, we believe clouds have the potential to be secure than most traditional environments. However, cloud service providers must deliver security and privacy expectations that meet or exceed what is available in traditional IT environments. They must do this in the same way transformational technologies of the past overcame concerns, such as PCs, outsourcing, and the Internet.
What we’re really talking about is securing the data put into clouds. Clouds are purpose built and designed to accomplish specific tasks. It’s this purpose built attribute that can make locking down this environment more effective than trying to secure a traditional network which has been built over many years based on different and competing business priorities.
If configured appropriately and adjusted as needed, clouds are healthy, secure environments. Security is an ongoing process. Additionally, analytics can be delivered through a cloud, making it easier for departments to scale up and down based on need.
And the reality is that you could make the argument that the cloud is already being utilized by police agencies across the nation. Case in point: the FBI’s Law Enforcement National Data Exchange, (N-DEx).
As a national information-sharing system available through a secure Internet site for law enforcement and criminal justice agencies, N-DEx enables agencies to search and analyze data using some powerful automated capabilities, helping to connect the dots between people, places, and events.
N-DEx has become an invaluable tool is fighting crime across multiple jurisdictions because it allows law enforcement officials to:
- Conduct nationwide searches from a single access point;
- Search by “modus operandi” and for clothing, tattoos, associates, cars, etc.—linking individuals, places, and things;
- Receive notifications of similar investigations and suspects;
- Identify criminal activity hotspots and crime trends.
Like N-DEx, COPLINK from IBM organizes vast quantities of seemingly unrelated data to provide tactical, strategic and command-level users with access to shared data in a single, or multiple, consolidated repositories. Its proven ability to quickly identify investigative leads helps agencies solve crimes faster, thereby helping to keep officers and communities safer. Additionally, COPLINK enables information sharing initiatives across regional, statewide and national agencies by providing rapid, simultaneous search across multiple COPLINK sites and external data sources.
N-DEx and COPLINK are both excellent examples of law enforcement agencies taking a significant step towards taking better advantage of Web-based solutions to fight crime across multiple jurisdictions. Given how quickly we seem to be gathering and consuming data, broader and smarter cloud solutions are just around the corner to ensure we’re doing all we can to reduce our budgets and protect our citizens.