raf deck for leim - amazon web services · key issues for law enforcement 2. ... – hybrid cloud...
TRANSCRIPT
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
1
Leveraging the Cloud for Law Enforcement
Richard A. Falkenrath, PhD
Principal, The Chertoff Group
Law Enforcement Information Management
Training Conference & Technology Exposition
May 21,2013
Outline
1 Cloud computing: Definitions1. Cloud computing: Definitions
2. Cloud computing & law enforcement survey results
3. Key issues for law enforcement
2
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
2
Cloud vs. On‐premises Computing
On‐premises computing
Typically involves CAPEX funding
Compute resources typically managed by your org
Organization retains full control over data and applications3
Cloud Computing Definition
• “Cloud computing is a model for enabling ubiquitous, convenient, on‐demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effortor service provider interaction.”or service provider interaction.
• This cloud model is composed of five essential characteristics, three service models, and four deployment models.
4
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
3
Cloud vs. On‐premises Computing
Cloud computingCloud computing
Typically OPEX funding or utility model with lower TCO
Compute resources typically managed by provider
Control and access to data should not be compromised5
Cloud Characteristics
• Essential Characteristics d d lf On‐demand self‐service
• Users can provision themselves
Broad network access• Access from anywhere on broad range of devices
Resource pooling• Shared resource use
Rapid elasticity• Scale up or down, even automatically, based on need
Measured Service• Resource usage can be measured, optimized, metered and controlled
6
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
4
Cloud Service Models• Service Models
– Software as a Service (SaaS)
• Microsoft Office 365, Google Apps, SalesForce.com
• Can have sub models e.g., Email as a Service (EaaS)
– Platform as a Service (PaaS)
• Microsoft Azure, Force.com, OpenStack
– Infrastructure as a Service (IaaS)
• Amazon Web Services, AT&T, CGI7
Cloud Deployment Models
• Deployment ModelsP bli l d– Public cloud
– Private cloud– Community cloud– Hybrid cloud Multi‐tenant public cloud
Plus…– Cloud and on‐premisesworking together
Single entity private cloud8
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
5
Survey Results
9
Agency Size (n=272)Mean = 216/Median = 36
Number of Full‐time Sworn Officers
20%
25%
30%
35%
40%
45%
50%
Sample
IACP
0%
5%
10%
15%
20%
Less than 25 25‐49 50‐99 100‐249 250‐499 500‐999 1000+
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
6
Respondents
Chief Executive/Sheriff71%
IT Manager8%
Sworn Officer3%
Contractors1%
Command Staff11%
IT Director6%
Total: 272 respondents
11
Over Half Already Use or are Considering Using the Cloud
Already Using16%
Considering/Planning
(next 2 years)
Not Considering 46%
(next 2 years)38%
12
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
7
Email is the Most Popular Law Enforcement Cloud App today…
17%15%
11% 10%10%
15%
20%
25%
0%
5%
Cloud Email Cloud Storage CJIS Access RMS, Crime Reporting & Analysis, Mapping
13
But Agencies Expect to Use a Wider Range of Cloud Apps
Pl i C id i Cl d I l i i h N 2 YPlanning or Considering Cloud Implementation in the Next 2 Years
51% 50%47% 46%
30%
40%
50%
60%
0%
10%
20%
CJIS Access Cloud Storage RMS, Crime Reporting & Analysis, Mapping
Cloud Email
14
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
8
Apps Most Suited for Cloud
45%
50%
50%
51%
55%
69%
CJIS/NCIC Access
Crime reporting
Document collaboration
Crime analysis & mapping tools
Backup & Disaster Recovery
23%
39%
39%
0% 25% 50% 75%
Computer‐Aided Dispatch
Records Mgmt Systems
State (CCH, DMV, Warrants, Corrections)
15
Why Are They Going Cloud?
61%Save money
16%
19%
33%
34%
39%
52%
More secure
Easier for end‐users
New features
Replace old apps
Dynamic provisioning
No more software & hardware
y
5%
5%
15%
0% 25% 50% 75%
Political mandate
Utility‐based pricing
Better tech support
16
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
9
Early Adopters Tend to be Larger
Average Number of Sworn Officers
335
286264
150
100
200
300
400
Sample Average = 216
0
100
Using Planning to use Considering Not considering
Cloud Email Usage
17
Greatest Cloud Security Risk
100%
70%
60%
43%
21%25%
50%
75%
100%
21%
0%
25%
Outside attack on cloud infrastructure
Outside attack on our infrastructure
Cloud provider employees Own employees
18
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
10
Should Cloud Provider Employees Pass Background Checks?
Neutral 4%
Somewhat Important 4%
Not at all Important 6%
Very Important 74%Important 12%
19
Preferred Cloud Security Standards
100%
68%
54%
20% 19%25%
50%
75%
20% 19%12%
0%
25%
CJIS Local/State Other Federal CSA NIST, FedRAMP
20
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
11
Who Should Share Law Enforcement Cloud Infrastructure?
37%
42%
53%
Locate in U.S. only
Share with no one
Share only with other LE
15%
27%
0% 25% 50% 75%
Locate in own city, county or state
Share only with other Govt.
21
How Familiar Are You With CJIS?
No Knowledge 10%
Very Familiar 23%
Somewhat
Aware, but not familiar 32%
So e atFamiliar 35%
22
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
12
Aware that CJIS Rules Apply Even to Email?
Yes 77%No 23%
23
Who Should Control Cloud Encryption Keys?
Agency Only61%Cloud Provider
3%
Unsure15%
Agency & Cloud Provider21%
24
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
13
Okay for Cloud Providers to Mine Law Enforcement Data?
4%
71%
87%
89%
OK for cloud provider to offer ad serving
CJIS compliance make‐or‐break for cloud
Support IACP "model clauses" for LE cloud procurement
Cloud provider must abstain from data mining
1%
4%
0% 25% 50% 75% 100%
OK for cloud provider to data mine if lower price
OK for cloud provider to offer ad serving
25
Key Issues
26
2013 LEIM Conference - Opening Plenary Tuesday, May21, 2013
14
Key Issues for Law Enforcement
1. Policy and legal impediments to – Innovation
– Cost savings
2. Discovery and data integrity– Chain of custody
– Encryption
– Location of data
3. Risk of breach … cybersecurity
4. Novel issues– Ubiquitous surveillance
– New forms of social media
– Power of the cloud providers
27
Promoting trusted and responsible
Thank you!For more information, visit:
http://www.SafeGov.org
g pcloud computing for government
p // g
Or contact us at: