As local law enforcement agencies continue to pursue smarter policing, one huge potential benefit on the horizon is cloud computing. Three-quarters of the nation’s 14,000 local law enforcement agencies have 25 or fewer sworn officers, and nearly half have fewer than 10 officers. Cloud computing, which can minimize up-front investment and ongoing costs for IT systems and applications, makes sense in this era of fiscal austerity.
The International Association of Chiefs of Police surveyed its members and found that nearly half were either using cloud computing or were considering it. “That ran counter to what we thought was a broad reluctance about the cloud,” said David Roberts, senior program manager for the International Association of Chiefs of Police. “Our survey found 16 percent were already using it and 38 percent were planning to use cloud computing within the next two years.”
Like other government agencies, police hope they can save some money and get rid of legacy hardware and software by using the cloud. Email is the most popular cloud application, followed by storage, access to the FBI’s Criminal Justice Information System (CJIS) and crime reporting, according to the survey. But cops also see the cloud helping with disaster recovery and backup, crime analysis and records management. “The cloud opens up sophisticated technology tools and services to smaller agencies that don’t have the funds to purchase an entire application on their own,” said Roberts.
Most experts would agree. Cloud computing has given a leg up to small businesses looking to be the next success story. It would follow that small police departments also could move quickly as far as using the latest digital productivity tools without big up-front costs. But the IACP survey found that large police agencies, with hundreds of officers, were likelier than small-town departments to use the cloud.
What’s holding back many police departments — large and small — are security concerns. In fact, for some time, police were virtually shut out of the cloud computing market thanks to the fact that cloud providers couldn’t meet the FBI’s stringent security standards for data sharing on the Criminal Justice Information System (CJIS) network. In 2009, Los Angeles announced plans to migrate city workers to a suite of cloud-based productivity tools, including email. But the LAPD balked at the idea, citing the fact that the service did not meet the FBI’s security and privacy requirements.
The sticking point was that anyone who has access to CJIS records must pass a criminal background check, including people who work for cloud providers. But cloud computing, by its very nature, is a borderless technology with servers and workers scattered across the globe. Given the architecture of cloud computing, storing emails with CJIS information in the cloud was nearly impossible.
But a 2013 FBI update to the CJIS security policy gave cloud providers a little more wiggle room to store criminal justice information, but with some limitations, including the insistence that law enforcement agencies retain data ownership and that cloud providers not conduct any metadata analysis to ensure the privacy and security of the information. Other limitations pertain to data portability, integrity and confidentiality. As a result, some cloud providers have made moves to meet the new criteria so they can provide cloud services to the law enforcement community.
At the same time, there’s growing interest in so-called community clouds, where a group of law enforcement agencies build their own cloud solution for infrastructure, platform or services, Roberts said. “Because of the CJIS requirements, some agencies think the better solution is in having multiple justice agencies coming together and fashioning their own solution,” he said.