raf deck for leim - amazon web services · key issues for law enforcement 2. ... – hybrid cloud...

2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013

1

Leveraging the Cloud for Law Enforcement

Richard A. Falkenrath, PhD

Principal, The Chertoff Group

Law Enforcement Information Management

Training Conference & Technology Exposition

May 21,2013

Outline

1 Cloud computing: Definitions1. Cloud computing: Definitions

2. Cloud computing & law enforcement survey results

3. Key issues for law enforcement

2


2

Cloud vs. On‐premises Computing

On‐premises computing

Typically involves CAPEX funding

Compute resources typically managed by your org

Organization retains full control over data and applications3

Cloud Computing Definition

• “Cloud computing is a model for enabling ubiquitous, convenient, on‐demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effortor service provider interaction.”or service provider interaction.

• This cloud model is composed of five essential characteristics, three service models, and four deployment models.

4


3

Cloud vs. On‐premises Computing

Cloud computingCloud computing

Typically OPEX funding or utility model with lower TCO

Compute resources typically managed by provider

Control and access to data should not be compromised5

Cloud Characteristics

• Essential Characteristics d d lf On‐demand self‐service

• Users can provision themselves

Broad network access• Access from anywhere on broad range of devices

Resource pooling• Shared resource use

Rapid elasticity• Scale up or down, even automatically, based on need

Measured Service• Resource usage can be measured, optimized, metered and controlled

6


4

Cloud Service Models• Service Models

– Software as a Service (SaaS)

• Microsoft Office 365, Google Apps, SalesForce.com

• Can have sub models e.g., Email as a Service (EaaS)

– Platform as a Service (PaaS)

• Microsoft Azure, Force.com, OpenStack

– Infrastructure as a Service (IaaS)

• Amazon Web Services, AT&T, CGI7

Cloud Deployment Models

• Deployment ModelsP bli l d– Public cloud

– Private cloud– Community cloud– Hybrid cloud Multi‐tenant public cloud

Plus…– Cloud and on‐premisesworking together

Single entity private cloud8


5

Survey Results

9

Agency Size (n=272)Mean = 216/Median = 36

Number of Full‐time Sworn Officers

20%

25%

30%

35%

40%

45%

50%

Sample

IACP

0%

5%

10%

15%

20%

Less than 25 25‐49 50‐99 100‐249 250‐499 500‐999 1000+


6

Respondents

Chief Executive/Sheriff71%

IT Manager8%

Sworn Officer3%

Contractors1%

Command Staff11%

IT Director6%

Total: 272 respondents

11

Over Half Already Use or are Considering Using the Cloud

Already Using16%

Considering/Planning

(next 2 years)

Not Considering 46%

(next 2 years)38%

12


7

Email is the Most Popular Law Enforcement Cloud App today…

17%15%

11% 10%10%

15%

20%

25%

0%

5%

Cloud Email Cloud Storage CJIS Access RMS, Crime Reporting & Analysis, Mapping

13

But Agencies Expect to Use a Wider Range of Cloud Apps

Pl i C id i Cl d I l i i h N 2 YPlanning or Considering Cloud Implementation in the Next 2 Years

51% 50%47% 46%

30%

40%

50%

60%

0%

10%

20%

CJIS Access Cloud Storage RMS, Crime Reporting & Analysis, Mapping

Cloud Email

14


8

Apps Most Suited for Cloud

45%

50%

50%

51%

55%

69%

CJIS/NCIC Access

Crime reporting

Document collaboration

Crime analysis & mapping tools

Email

Backup & Disaster Recovery

23%

39%

39%

0% 25% 50% 75%

Computer‐Aided Dispatch

Records Mgmt Systems

State (CCH, DMV, Warrants, Corrections)

15

Why Are They Going Cloud?

61%Save money

16%

19%

33%

34%

39%

52%

More secure

Easier for end‐users

New features

Replace old apps

Dynamic provisioning

No more software & hardware

y

5%

5%

15%

0% 25% 50% 75%

Political mandate

Utility‐based pricing

Better tech support

16


9

Early Adopters Tend to be Larger

Average Number of Sworn Officers

335

286264

150

100

200

300

400

Sample Average = 216

0

100

Using Planning to use Considering Not considering

Cloud Email Usage

17

Greatest Cloud Security Risk

100%

70%

60%

43%

21%25%

50%

75%

100%

21%

0%

25%

Outside attack on cloud infrastructure

Outside attack on our infrastructure

Cloud provider employees Own employees

18


10

Should Cloud Provider Employees Pass Background Checks?

Neutral 4%

Somewhat Important 4%

Not at all Important 6%

Very Important 74%Important 12%

19

Preferred Cloud Security Standards

100%

68%

54%

20% 19%25%

50%

75%

20% 19%12%

0%

25%

CJIS Local/State Other Federal CSA NIST, FedRAMP

20


11

Who Should Share Law Enforcement Cloud Infrastructure?

37%

42%

53%

Locate in U.S. only

Share with no one

Share only with other LE

15%

27%

0% 25% 50% 75%

Locate in own city, county or state

Share only with other Govt.

21

How Familiar Are You With CJIS?

No Knowledge 10%

Very Familiar 23%

Somewhat

Aware, but not familiar 32%

So e atFamiliar 35%

22


12

Aware that CJIS Rules Apply Even to Email?

Yes 77%No 23%

23

Who Should Control Cloud Encryption Keys?

Agency Only61%Cloud Provider

3%

Unsure15%

Agency & Cloud Provider21%

24


13

Okay for Cloud Providers to Mine Law Enforcement Data?

4%

71%

87%

89%

OK for cloud provider to offer ad serving

CJIS compliance make‐or‐break for cloud

Support IACP "model clauses" for LE cloud procurement

Cloud provider must abstain from data mining

1%

4%

0% 25% 50% 75% 100%

OK for cloud provider to data mine if lower price

OK for cloud provider to offer ad serving

25

Key Issues

26


14

Key Issues for Law Enforcement

1. Policy and legal impediments to – Innovation

– Cost savings

2. Discovery and data integrity– Chain of custody

– Encryption

– Location of data

3. Risk of breach … cybersecurity

4. Novel issues– Ubiquitous surveillance

– New forms of social media

– Power of the cloud providers

27

Promoting trusted and responsible

Thank you!For more information, visit:

http://www.SafeGov.org

g pcloud computing for government

p // g

Or contact us at:

[email protected]


15

www.safegov.org www.iacp.orgg g p g

raf deck for leim - amazon web services · key issues for law enforcement 2. ... – hybrid cloud...

Documents