The International Association of Chiefs of Police (IACP) announced results of an IACP/SafeGov/Ponemon Institute survey of IACP member agencies. The survey examined how local and state law enforcement officials view the potential of cloud computing in the law enforcement environment and their plans for the future. A total of 272 agencies responded to the survey, and nearly three-quarters (71 percent) of the respondents were the chief executives of their agencies.
Over half (54 percent) of the agency respondents indicated that they had implemented or were planning or considering implementing cloud-based solutions in the next two years. While cloud email is currently the most popular law enforcement cloud application (17 percent), many agencies are considering adopting a much wider range of cloud applications within the next two years, including CJIS access (51 percent), cloud storage (50 percent), records management, crime reporting, and mapping and analysis (each at 47 percent).
“These survey results are really quite important,” noted IACP Executive Director, Bart R. Johnson. “They illustrate that chiefs of local and state law enforcement agencies understand the potential value of this new computing paradigm, are actively engaged in exploring the technology, and are seeking guidance for effective planning and implementation.”
Of those agencies who indicated they were not adopting cloud computing, their primary concerns were that their current applications are not being offered as cloud-based solutions (54 percent),and that cloud-based services do not provide sufficient security for law enforcement systems and data (44 percent).
87 percent of respondents called for the IACP to develop model clauses for cloud procurement contracts banning inappropriate or unauthorized use of customer data by cloud providers and reinforcing the confidentiality and security requirements of law enforcement data.
Guiding Principles in Cloud Computing for Law Enforcement
The International Association of Chiefs of Police (IACP) is pleased to release “Guiding Principles on Cloud Computing in Law Enforcement” at the Leveraging the Cloud for Law Enforcement Symposium held January 31, 2013 at the Newseum. Developed in collaboration with key law enforcement subject matter experts from around the nation as well as experts from SafeGov.org, the principles establish clear and concise parameters and a path forward for the exploration of cloud-based computing solutions and services by law enforcement.
The IACP principles focus on addressing some of the most tangible benefits that cloud computing offers, including cost savings, rapid deployment of critical resources, off-site storage and disaster recovery as well as meeting dynamic operational needs, while maintaining the security of systems and the proper use of data.
Key principles include:
- FBI CJIS Security Policy Compliance – Services provided by a cloud service provider must comply with the requirements of the Criminal Justice Information Services (CJIS) Security Policy.
- Data Ownership – Law enforcement agencies should ensure that they retain ownership of all data.
- Impermissibility of Data Mining – Law enforcement agencies should ensure that the cloud service provider does not mine or otherwise process or analyze data for any purpose not explicitly authorized by the law enforcement agency.
- Confidentiality – The cloud service provider should ensure the confidentiality of law enforcement data it maintains on behalf of a law enforcement agency.
In response to this call, the IACP will be working in the coming months to develop model policies associated with cloud computing through the IACP National Law Enforcement Policy Center. Model policies are expected to be released at the IACP Annual Conference, scheduled for October 19-23, 2013 in Philadelphia, Pennsylvania.