Best Practices: Police cloud policies
Law enforcement has moved or is considering moving to the cloud. More than half of the police departments who responded to the latest International Association of Chiefs of Police (IACP) cloud survey say they already use the cloud (16 percent) or are considering or planning to use the cloud in the next two years.
James Quin, senior director of content and C-suite communities at CDM Media, weighs in on the topic. CDM Media is a global think tank and conference facilitator for CIOs. Quin’s photo is below on the right.
GPN: Which law enforcement and police apps are best suited for the cloud?
James Quin: At this point, for the general enterprise, the cloud is best suited to relatively standardized processes, such as Email, CRM, etc. because of the way it works. For it to be efficient, Cloud must deliver in a standardized way (that’s how economy of scale works) so standardized applications are best. Transposing that to law enforcement, where a lot of the work is specialized, the focus is probably best on those things that are not unique to the field. So things like email, human resources, backup and disaster recovery make sense because even for law enforcement they are going to be handled the same way they would for a generic business.
GPN: What are the biggest cloud security risks?
JQ: Everyone thinks that the cloud introduces all kinds of security risks but surveys keep showing that a move to the cloud generally increases security. In an on-premise world an enterprise has to secure dozens of platforms and hundreds of applications where in a cloud environment, the provider generally has to protect one. Which do you think is going to be easier to secure? The issue is less around security and more around compliance – will a move to the cloud allow an organization to maintain compliance with any regulations under which it operates?
GPN: Is it OK for cloud providers to share law enforcement data?
JQ: I’m going to say “probably not” but without knowing what specifically “law enforcement data” entails, its difficult to say. That said, no provider should be sharing a client’s data without its express consent so this isn’t just a law enforcement question.
GPN: According to a recent IACP survey, respondents overwhelmingly believe that police agencies only should control cloud encryption keys (61 percent). Who should control cloud encryption keys?
JQ: In all cases, without exception, the government client should always manage their encryption keys. Leaving the responsibility with the cloud provider is akin to giving the night guard at a bank the key to the vault – break into one system and there’s a pretty good chance you can get to both the lock and the key. But if the key is kept elsewhere then everything stays nicely locked up even if someone gets to the vault.
GPN: In that same survey, about 61 percent of survey respondents say they are going to the cloud to save money. The next highest-scoring reason: the cloud helps eliminate software and hardware buys (52 percent). What’s driving police/law enforcement to go to the cloud?
JQ: The cloud has three big advantages – cost savings, improved service delivery, enhanced time to market. In short it allows organizations to do more things, it allows them to do those things better, and it allows it for less money. Anyone going to the cloud for cost savings only is not realizing the maximum benefit.
GPN: Should cloud providers abstain from data mining?
JQ: Cloud providers should absolutely abstain from data mining. They are being contracted to provide a service and being recompensed for doing so. There is no justification for mining data on top. If, on the other hand, the business model is around data mining, then the cloud service should be provided at no charge, because charging for the service isn’t the business model. Case in point – general Gmail is a free service so Google is fine to mine that data as a way to monetize the platform. Google apps, however, is a for-pay service and so mining of the data should be strictly verboten.
Michael Keating is senior editor of GPN, an American City & County sister brand.