Leveraging the Cloud for Law Enforcement

Exploring Operational, Policy, and Technical Opportunities & Challenges

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Less than 25 25‐49 50‐99 100‐249 250‐499 500‐999 1000+

Agency Size (n=272)Mean = 216/Median = 36

Sample

IACP

Number of Full‐time Sworn Officers

Respondents

Chief Executive/Sheriff71%

Command Staff11%

IT Director6%

IT Manager8%

Sworn Officer3%

Contractors1%

Total: 272 respondents

Over Half Already Use or are Considering Using the Cloud

Already Using16%

Considering/Planning 

(next 2 years)38%

Not Considering 46%

Email is the Most Popular Law Enforcement Cloud App today…

17%15%

11% 10%

0%

5%

10%

15%

20%

25%

Cloud Email Cloud Storage CJIS Access RMS, Crime Reporting& Analysis, Mapping

But Agencies Expect to Use a Wider Range of Cloud AppsPlanning or Considering Cloud Implementation in the Next 2 Years

51% 50% 47% 46%

0%

10%

20%

30%

40%

50%

60%

CJIS Access Cloud Storage RMS, Crime Reporting& Analysis, Mapping

Cloud Email

Apps Most Suited for Cloud

23%

39%

39%

45%

50%

50%

51%

55%

69%

0% 25% 50% 75%

Computer‐Aided Dispatch

Records Mgmt Systems

State (CCH, DMV, Warrants, Corrections)

CJIS/NCIC Access

Crime reporting

Document collaboration

Crime analysis & mapping tools

Email

Backup & Disaster Recovery

Why Are They Going Cloud?

5%5%

15%16%

19%33%34%

39%52%

61%

0% 25% 50% 75%

Political mandateUtility‐based pricingBetter tech support

More secureEasier for end‐users

New featuresReplace old apps

Dynamic provisioningNo more software & hardware

Save money

Early Adopters Tend to be Larger

335286

264

150

0

100

200

300

400

Using Planning to use Considering Not consideringCloud Email Usage

Sample Average = 216

Average Number of Sworn Officers

Greatest Cloud Security Risk

70%60%

43%

21%

0%

25%

50%

75%

100%

Outside attack on cloudinfrastructure

Outside attack on ourinfrastructure

Cloud provider employees Own employees

Should Cloud Provider Employees Pass Background Checks?

Very Important 74%Important 12%

Neutral 4%

Somewhat Important 4%

Not at all Important 6%

Preferred Cloud Security Standards

68%

54%

20% 19%12%

0%

25%

50%

75%

100%

CJIS Local/State Other Federal CSA NIST, FedRAMP

Who Should Share Law Enforcement Cloud Infrastructure?

15%

27%

37%

42%

53%

0% 25% 50% 75%

Locate in own city, county or state

Share only with other Govt.

Locate in U.S. only

Share with no one

Share only with other LE

How Familiar Are You With CJIS?

Very Familiar 23%

Somewhat Familiar 35%

Aware, but not familiar 32%

No Knowledge 10%

Aware that CJIS Rules Apply Even to Email?

Yes 77%No 23%

Who Should Control Cloud Encryption Keys?

Agency Only61%

Agency & Cloud Provider21%

Cloud Provider3%

Unsure15%

Okay for Cloud Providers to Mine Law Enforcement Data?

1%

4%

71%

87%

89%

0% 25% 50% 75% 100%

OK for cloud provider to data mine if lower price

OK for cloud provider to offer ad serving

CJIS compliance make‐or‐break for cloud

Support IACP "model clauses" for LE cloudprocurement

Cloud provider must abstain from data mining