leveraging the cloud for law enforcement
TRANSCRIPT
Leveraging the Cloud for Law Enforcement
Exploring Operational, Policy, and Technical Opportunities & Challenges
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Less than 25 25‐49 50‐99 100‐249 250‐499 500‐999 1000+
Agency Size (n=272)Mean = 216/Median = 36
Sample
IACP
Number of Full‐time Sworn Officers
Respondents
Chief Executive/Sheriff71%
Command Staff11%
IT Director6%
IT Manager8%
Sworn Officer3%
Contractors1%
Total: 272 respondents
Over Half Already Use or are Considering Using the Cloud
Already Using16%
Considering/Planning
(next 2 years)38%
Not Considering 46%
Email is the Most Popular Law Enforcement Cloud App today…
17%15%
11% 10%
0%
5%
10%
15%
20%
25%
Cloud Email Cloud Storage CJIS Access RMS, Crime Reporting& Analysis, Mapping
But Agencies Expect to Use a Wider Range of Cloud AppsPlanning or Considering Cloud Implementation in the Next 2 Years
51% 50% 47% 46%
0%
10%
20%
30%
40%
50%
60%
CJIS Access Cloud Storage RMS, Crime Reporting& Analysis, Mapping
Cloud Email
Apps Most Suited for Cloud
23%
39%
39%
45%
50%
50%
51%
55%
69%
0% 25% 50% 75%
Computer‐Aided Dispatch
Records Mgmt Systems
State (CCH, DMV, Warrants, Corrections)
CJIS/NCIC Access
Crime reporting
Document collaboration
Crime analysis & mapping tools
Backup & Disaster Recovery
Why Are They Going Cloud?
5%5%
15%16%
19%33%34%
39%52%
61%
0% 25% 50% 75%
Political mandateUtility‐based pricingBetter tech support
More secureEasier for end‐users
New featuresReplace old apps
Dynamic provisioningNo more software & hardware
Save money
Early Adopters Tend to be Larger
335286
264
150
0
100
200
300
400
Using Planning to use Considering Not consideringCloud Email Usage
Sample Average = 216
Average Number of Sworn Officers
Greatest Cloud Security Risk
70%60%
43%
21%
0%
25%
50%
75%
100%
Outside attack on cloudinfrastructure
Outside attack on ourinfrastructure
Cloud provider employees Own employees
Should Cloud Provider Employees Pass Background Checks?
Very Important 74%Important 12%
Neutral 4%
Somewhat Important 4%
Not at all Important 6%
Preferred Cloud Security Standards
68%
54%
20% 19%12%
0%
25%
50%
75%
100%
CJIS Local/State Other Federal CSA NIST, FedRAMP
Who Should Share Law Enforcement Cloud Infrastructure?
15%
27%
37%
42%
53%
0% 25% 50% 75%
Locate in own city, county or state
Share only with other Govt.
Locate in U.S. only
Share with no one
Share only with other LE
How Familiar Are You With CJIS?
Very Familiar 23%
Somewhat Familiar 35%
Aware, but not familiar 32%
No Knowledge 10%
Aware that CJIS Rules Apply Even to Email?
Yes 77%No 23%
Who Should Control Cloud Encryption Keys?
Agency Only61%
Agency & Cloud Provider21%
Cloud Provider3%
Unsure15%
Okay for Cloud Providers to Mine Law Enforcement Data?
1%
4%
71%
87%
89%
0% 25% 50% 75% 100%
OK for cloud provider to data mine if lower price
OK for cloud provider to offer ad serving
CJIS compliance make‐or‐break for cloud
Support IACP "model clauses" for LE cloudprocurement
Cloud provider must abstain from data mining