Head in the Clouds

The last time I checked, computers don’t fly—unless you throw or kick them out of frustration. And they don’t really exist “in the clouds.” Still, cloud computing is a popular concept these days. So what exactly is it?

Basically, cloud computing allows users to connect to software and databases via the Internet (the cloud), instead of buying software to install on individual computers.

As with anything that involves law enforcement and information technology (IT), cloud computing has several inherent risks. But it also offers advantages and possibilities that can substantially improve operations. Cloud computing offers the potential to change the ways both beat cops and the brass approach police work.

Greater Mobility
Perhaps the most significant advantage of cloud computing is greater mobility. For example, in a traditional setup, every computer device that a beat cop uses must be set up with the right applications, account privileges, hardware/software configurations and so forth. Not only does this burden the IT shop, but it burdens officers on the frontline as well, who suffer most when a program crashes or an update fails.

Fortunately, cloud computing offers greater mobility because services are “in the cloud,” and all a beat cop needs in order to use them is a device with a web browser. This greatly expands the possibilities for on-the-beat computing. Instead of a laptop anchored to a patrol car, cloud computing offers the possibility to connect from handheld devices, cell phones, PDAs or just about anything that can browse the Internet.

Clouds Fly Over Jurisdictions
Cloud computing can also help overcome one of the biggest hurdles in law enforcement: jurisdictional boundaries. Most criminals don’t commit crimes in just one beat, sector or jurisdiction. They don’t sit around in cheap motels asking, “Should we pull a lick tonight in Sector Four … or Sector Seven?” Criminals tend to go wherever opportunity takes them.

Yet, while criminals roam freely across jurisdictions, most law enforcement intelligence information does not. If one agency wants to share timely information with another, it usually means they need the same hardware/software configuration, security and access provisioning, network configurations and more.

By using a cloud computing model, if a piece of software or data is available via Internet connectivity to one agency, it’s essentially available to any agency with Internet access. Of course, access and security privileges must still be managed. But this too can be easier and more efficient using a cloud computing model. For example, during a critical, multi-jurisdictional incident, one agency could simply use its cloud services to quickly configure access for another agency—in minutes. Personnel can also share critical information from cell phones, PDAs or laptops in the field. As we all know, getting the right information, in the right hands, at the right time, can make or break law enforcement efforts.

More With Less
Unfortunately, information sharing may seem impossible for many agencies. This is especially true considering that information sharing is typically unlawful according to the Gestapo-like IT-security policies that many agencies endure for the sake of security.

Perhaps worse, these policies keep software applications on “lock down.” Although budget cuts have everyone doing more with less, relatively few agencies even consider allowing personnel to install software to increase productivity. On the other hand, abuse of this privilege is also likely and counterproductive (just ask anyone caught watching DVDs or YouTube videos in a squad car while on duty).

Fortunately, cloud computing offers a practical solution. If officers take stock of the apps and software programs that can help them do their job faster and better, and then work with IT folks toward solutions, cloud computing can provision these apps to officers in the field. This way, traditional computer security isn’t compromised, access to counterproductive stuff is limited, and personnel can get the apps that can really help them do more.

Paying for What You Use
Budget cuts also have most organizations scrambling for services that allow them to “pay as you go.” Cloud computing is no different; it allows departments to pay for only the software or services they use, when they use them. Traditionally, every software program on every computer needs a license. And software licenses cost money, lots of money.

Using an ancient laptop to keep a spare tire from sliding around in the trunk may seem like a dutiful re-purposing. However, that ancient laptop, not to mention the desktop crammed in a closet at the detective division, likely contains thousands of dollars worth of software licenses—with upgrades and license fees attached that your agency might unknowingly still be paying.

Fortunately, cloud computing offers agencies the chance to escape the hassle of software licensing inventory and management. You’re essentially hiring a cloud computing service company to maintain the software and the upgrades. Since you typically pay for only the software and services you use with cloud computing, you don’t have to worry about spare tire props costing you hundreds of dollars in license renewals and upgrades each year.

Scaling Up & Down
Aside from the cost savings, cloud computing offers the ability to increase or decrease services as needed. For example, let’s take an agency that must police a city-wide annual event at which thousands of citizens and tourist gather. With cloud computing, the agency can easily—and temporarily—expand or scale up their computing needs to accommodate increased demands during the event.

This way, computing resources won’t be strained during critical times (when expectations are high and everybody’s watching). Further, money isn’t wasted provisioning equipment that will likely be used once or scrambling to find resources and equipment during a manhunt or search for a missing child. The ability to scale computing resources can be a great benefit to police departments, the tax payers they serve and public safety overall.

In many ways, you can think of cloud computing as renting instead of buying. Cloud computing can help law enforcement agencies get out of the IT business and focus more on police work. And the savings can be significant, even if only to avoid the hassle of the seemingly endless purchasing process.

How It Works
So how does it work? Let’s consider e-mail. Instead buying e-mail software (such as Microsoft Outlook) or IBM Lotus Notes, you can “rent” e-mail services or get them for free from providers, such as Gmail Google or Yahoo! This is perhaps the most basic example of cloud computing.

With Gmail, for example, Google provides the e-mail software, e-mail storage and the overall e-mail service. It isn’t installed on your computer, but it works, and you can access it anywhere.

Just as there are layers of clouds in the sky, there are layers in cloud computing services. These include:
 
SaaS: Software-as-a-Service—renting applications and software.
Instead of installing software on your computer, you access via the Internet. Nothing to install, update or maintain.
IaaS: Infrastructure-as-a-Service—renting IT servers, storage, hardware, network equipment, etc. Instead of buying, networking, and supporting servers and storage networks, you pay someone else to do it for you—and access everything via the Internet.
PaaS: Platform-as-a-Service—renting all the hardware and software you need to make services available via the Internet.

Security Risks
Whether you’re involved with software, infrastructure or platforms, cloud computing might seem risky and insecure. A common perception holds that if you don’t own it, you can’t control it.

However, there are security risks no matter where your IT is located. The traditional IT security model, whereby security typically starts and ends with the “physical boundaries” of networks and servers, is effective but somewhat complacent. By contrast, effective cloud computing security requires hard work, but offers substantial possibilities for improved security and performance—possibilities way beyond those you could achieve by coveting your IT infrastructure.

With all of your data in one place, on one system, it’s much easier for all of your data to be compromised. With cloud computing, you can divide your data into as many parts as practical, and store each data set with a separate provider—with separate encryption, separate provisioning, monitoring and so on (much like a wily drug dealer who keeps different stash spots in different stash houses).

This is called “dispersed allocation,” and it allows you to separate critical data and safeguard it with different providers, which can greatly improve security. If one of your data systems was maliciously hacked, only a part of the data would be compromised.

Get What You Need
Remember all the outsourcing horror stories? Like the ones about companies that rushed to save money, but ended up with five-year contracts with a service company that doesn’t speak the same language? Cloud computing service contracts can end with similar disaster. To truly save money—and make improvements—you need to do your homework.

Before you can expect a cloud computing service company to meet your needs and specifications, you need to know precisely what your needs are. Clearly state your requirements and specifications in your service contract. Otherwise, you risk repeating many of the same outsourcing mistakes and suffering similar disasters.

This will also help contractually protect your agency from aggressive sales people (who may promise what they can’t deliver) and any mergers, partnerships or alliances that will likely take place as the cloud computing market evolves. Because most IT-service disputes rarely go to court,  a solid contract, based upon your specific needs and requirements, can be your best defense, according to the article “IT Outsourcing: New Lessons for Customers, Vendors” by Richard Raysman and Peter Brown that appeared in the New York Law Journal.

Cincinnati’s Experience
Aside from emergencies, the cloud computing model also makes sense for long-term, evolving projects that involve multiple agencies. For example, as one of the first—if not the first—adopters of cloud computing in law enforcement, the Cincinnati Police Department (CPD) adopted this program for its multi-agency License Plate Recognition (LPR) project.

The Cincinnati Police Department turned to a cloud computer provider instead of buying and managing several servers to share more than four terabytes of information with more than 44 agencies (about 200 agencies plan to participate overall).

Heather Whitton, a senior computer programmer analyst for the CPD, explained that their cloud computing LPR project has been running smoothly since it launched April 1. Whitton said she can easily add more data storage “with just a click,” and that providing access for other agencies is easy. “In fact,” she says, “it’s probably more work for them than for us.”
Though most agencies don’t need to pioneer cloud computing, they shouldn’t ignore it either.

Where to Start
As with most IT projects, start small. Don’t take on an enormous cloud computing project at first. It’s also best not to mess with your most sensitive data or most critical processes.

Instead, start with an honest, comprehensive review of your business processes. At least outline the key steps in each process.

Next, align your business processes (what you do) with what you need to do it (software, applications, infrastructure, etc.). With a better understanding of what you do, and what you need to do it, you can better identify and understand potential cloud computing projects.

You’ll also be able to define your specifications and find cloud services to meet your needs more easily. Processes with significant IT demands and limited risk make good initial candidates. This means resisting the temptation to move 911 dispatching or a criminal records database to a cloud—unless your agency has already successfully managed less mission-critical stuff such as payroll, off-duty scheduling, event-staffing, etc.

Be diligent: Small steps with small projects may take some persuasion and discipline, especially since big projects appear to offer the most bang for the buck on paper. But much like a bad day at the shooting range, your agency could end up with a lot of bang, yet completely miss the target.   

10 Steps to the Clouds 
      1.  Document your business processes.
      2.  Document your IT services, platforms, infrastructure, etc.
      3.  Align what you need to do with what you need to do it.
      4.  Identify small, non-critical processes as potential cloud computing projects.
      5.  Determine your specific needs, requirements and policies.
      6.  Shop for cloud services (SaaS/IaaS/PaaS).
      7.  Switch to your partner service.
      8.  Monitor the performance and the service.
      9.  Minimize and consolidate in-house IT operations.
    10.  Review and repeat.              

Jay Chiarito-Mazzarella
is a Florida state-certified law enforcement officer and former Tulsa (Okla.) police officer. Prior to law enforcement, he was a managing editor for Gartner, Inc., the world’s largest IT research and consulting firm. He continues to work as an information security specialist and government/IT strategist and consultant.

Previous

Next