«
»

FBI Stands Solid on Cloud Security Standard

Published 02.12.2012 | By Larry Walsh

The FBI is putting its foot down on the security requirements for cloud security. Any law enforcement agency that subscribes to the Criminal Justice Information Services (CJIS) must comply with the federal agency’s security requirements, period.

The issue of security with cloud services came to light following the botched implementation of Google Apps in Los Angeles. The city wanted to migrate from a legacy on-premise Novell GroupWise email system to a cloud service to save money. Google and its partner, CSC, were chosen for the job of moving 30,000 employees – including police – to Google Apps.

What happened during the implementation is a parable of things that go wrong when an organization is fixated solely on cost savings when moving to the cloud. First Novell challenged the contract award, which delayed migration. But the real killer was security concerns raised by the FBI which scuttled half the project.

Across the U.S. and Canada, local and state agencies are migrating to Google, Microsoft and other cloud services in an effort to cut their overhead IT costs and gain access to new technologies. In the wake of the Los Angeles experience, many local law enforcement agencies are looking for the FBI to waive security requirements in light of fiscal hardship.

The FBI’s position is very simple: If a law enforcement agency connects to CJIS, all services must comply with security requirements – including the cloud providers.

In restating its position, the FBI recognized its security requirements are stringent. They are intended to preserve the integrity and confidentiality of the criminal records and intelligence system used by law enforcement.

However, the FBI and security experts say CJIS’s requirements are not impossible to comply with; just difficult and expensive. Critics say the FBI is being shortsighted, as cloud providers are often better equipped to deal with myriad attacks than individual municipalities.

The FBI’s security track record isn’t unblemished, either. It recently had to acknowledge that hacker activist group Anonymous had tapped its phone lines and listened into confidential conference calls, including coordination meetings with the U.K.’s vaunted Scotland Yard.

Without FBI waivers, solution providers will find it hard selling cloud services to law enforcement agencies, particularly on the local level where police departments are grappling with budget cuts. The consensus so far, though, is the FBI’s position is an obstacle that will eventually be overcome by cloud providers stepping up their security capabilities.

Posted in Cloud Computing | Tagged , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

     

© 2012 Cloud & Technology Transformation Alliance. All Rights Reserved.     Privacy Policy