Migrating to the Cloud: An In-Depth Guide to AWS Cloud Solutions for Public Safety

Public safety agencies around the globe are facing continued challenges keeping pace with technology; adapting processes and procedures while keeping operational and secure.

At the same time, technology vendors continue evolving their products, harnessing optimized hardware to make products faster and more adaptable for agency’s use. Over 90% of all crime is recognized as having a digital element according to Digital Forensics Science Strategy July 2020 issue¹ and IDC predicts that the collective sum of the world’s data will grow from 33 zettabytes this year to 175ZB by 2025, for a compounded annual growth rate of 61%.

With as many appliances, data streams, and pieces of evidence flowing through a police department as there are, many are running into both processing and storage shortages in their tech stack. In this article we’ll explore the various options Amazon Web Services (AWS) offers to public safety organizations for utilizing cloud resources effectively and securely.

The use of public cloud infrastructures has skyrocketed in the past few years, with one of the market leaders being AWS at a 32% share. While organizations are used to working with traditional on-prem physical data centers, first let’s understand some of the key reasons why many have looked to migrate to the Cloud. While there are always hesitations to making such a drastic change to your business, many find cloud computing worth the trials and tribulations. 

Types of Cloud Computing Services

When it comes to cloud computing services, users have several options to weigh when it comes to selecting the right service for their agency’s needs. Let’s look at the different types of cloud computing services from most configurable to least:

Infrastructure as a Service (IaaS)

The first service, which yields the most flexibility and adaptability for an enterprise solution is Infrastructure as a Service (IaaS). IaaS is regarded as the most comprehensive of the cloud computing services since it essentially provides a virtualized infrastructure for an organization to build on.

With IaaS deployments, agencies manage it all—from software and OSes that are installed, down to specific needs for their organization—without interference from the cloud provider. One of the many services AWS offers includes laaS deployments, and for organizations who may be part of a municipality with various divisions all being supported by a centralized IT Department, laaS allows for complete control over the cloud tenant. This is important when IT Departments may already have Cloud Security Engineers versus utilizing a third-party for administration of the cloud account.

Platform as a Service (PaaS)

The Platform as a Service (PaaS) model is like IaaS in that it allows for some adaptability regarding building out tools required for the needs of the business. However, it comes pre-configured typically with an OS installed and the basic framework for operating in the Cloud. PaaS is great for decentralized teams who may all need to access the same tools for application development since it’s cloud/browser based. An examples of PaaS would be AWS Elastic Beanstalk. You can read more about Elastic Beanstalk here.

Software as a Service (SaaS)

Lastly, we have Software as a Service (SaaS), which provides a developed software solution to meet a particular need for the user via a subscription service. SaaS solutions include all the necessary infrastructure, operating systems, security, and data without the agency having to configure each before utilizing the software. SaaS solutions are quick to stand up, letting agencies scale very quickly based on their needs. Examples of popular consumer-based SaaS solutions would be Microsoft Office 365, Slack, and Dropbox. Law enforcement SaaS solutions would include Axon’s Evidence.com, Grayshift’s ArtifactIQ, and Flock Safety.

Cloud Concepts

Let’s now look at some of the core concepts underlying cloud architecture. Choosing the right cloud option is ultimately dependent on your need for each of these so understanding them and how they affect your decision is important.

Scalability

Organizations must continually plan for operational scaling. With traditional, on-prem data centers, this is typically a time consuming and resource intensive endeavor. Team members across the organization must work to coordinate the necessary resources and logistical intricacies when an organization wants to grow into a new market. The steps needed for locating suitable physical space, hardware acquisition, delivery, and set-up, coupled with personnel on-boarding and training can take months to perform.

While this has been the norm for business operations in the past, leveraging public cloud infrastructure makes scalability for agencies a fluid task, often performed in a fraction of the time. The inherent scalability of the cloud provides ample opportunity for cost savings—from the initial time and resource commitment for project planning, to the personnel support requirements. Cloud resources can easily be scaled to meet demand, often with just a few clicks of a mouse.

Elasticity

Another core concept of cloud computing is elasticity. Just like a rubber band, that shrinks and expands based on the current needs, cloud infrastructure shrinks and expands based on the needs of an organization. The resources being used within cloud environments can be modified to suit current business requirements.

Elasticity is the ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically.

Well-Architected Framework, Amazon Web Services

Reliability

Let’s face it, most people hate change. Especially big changes that disrupt current workflows. Common idioms like “the old way is reliable, and I know how to fix it when it breaks,” or “better the devil you know than you than the devil you don’t” seem to be popular when it comes to individuals or corporations looking to implement new technology.

Many organizations have business continuity plans as part of the NIST Cyber Security Framework, Information Protection Processes and Procedures (PR.IP) for if/when a data center or other information security technology goes down. For cross referencing, the PR.IP for business continuity plans is PR.IP-9.

Migrating operations to a cloud environment provides organizations maximum reliability due to redundancies and separate geographic regions for service failovers. This takes the burden off managing on-prem data centers that may have a short power outage or worse yet, a natural disaster that devastates the region. For some, a data center that goes offline for an extended period can have negative repercussions on that business for many months into the future.

Agility

Being agile is important for any business, regardless of the industry you’re in. On the question of agility, when it comes to on-prem solutions versus cloud, cloud has many advantages for users.

The first advantage cloud computing has is it reduces the time required to maintain the infrastructure your company depends on to run smoothly. Maintenance of the cloud infrastructure is serviced by the vendors (AWS), versus your organization.

Instead of working on upkeep of the infrastructure, focus can instead be on how to add value to the organization. On-prem solutions require many months of planning to be coordinated with various stakeholders of the organization before anything becomes operational, however with cloud, an agency can deploy a new solution much faster than they ever could before, giving more opportunities to try innovative ideas. To go alongside the notion of new solutions, organizations utilizing the cloud can often implement newer technology much faster and cheaper than if they were working towards a similar integration with their on-prem solution.

AWS GovCloud vs Public AWS Cloud

Another important question to ask when exploring how your agency may migrate to the Cloud is “which cloud?” Many U.S. government agencies prefer AWS GovCloud which is designed with sensitive workloads in mind. AWS GovCloud addresses both regulatory and compliance requirements such as Criminal Justice Information Services (CJIS) and Federal Risk and Authorization Management Program (FedRAMP). GovCloud (US) also utilizes FIPS 140-2 cryptographic modules for all the AWS service API endpoints while additionally requiring the hosted data to be physically isolated and have a logical network isolation from all other AWS Regions. AWS also restricts all physical and logical access to only staff supporting GovCloud (US) to US citizens who are vetted. Learn more about AWS GovCloud here.

Final Thoughts

While many agencies are utilizing cloud resources already, new adoption is on the rise. The transition for many organizations will be a gradual one, but to begin that process you need to identify the drivers for change and the why behind the need. The why will be the driving force for how the agency adopts cloud technology.

For many organizations who have the why identified and are now working on how best to move forward, it’s beneficial to decide whether you steer towards managing your own AWS Cloud Tenant or if utilizing SAAS based offerings where the management and security is left to the vendor is more feasible.

SAAS platforms such as Grayshift’s ArtifactIQ streamline the process for agencies to adopt new technology, which keeps their technology stack at the cutting edge versus the legacy on-prem methods where hardware/platforms have a life expectancy before they need upgrading.

If your organization decides they want to manage their own cloud instance within AWS, the internal cloud administrators will need to work closely with the DFIR unit to put proper security and restrictions in place to protect case data. It’s important to define whether the unit will utilize the cloud more for storage of data within S3 buckets for quick access, Amazon Glacier for long term archival of data, or if the unit wants to not only store data but also utilize EC2 instances for processing of evidence as well.

It’s critical for organizations to define usage patterns as they think through their deployments. While initial costs of on-prem solutions are often high, it’s typically a fixed price that agencies can work into their budgets. Cloud technology, though, is based on services. Working with AWS in addition to utilizing tools such as their pricing calculator can assist with getting budgets and procurement aligned with the transition to Cloud technology.

Learn more on public sector usage of AWS and connect with their team here. For more information on SAAS based offerings from our team please visit www.magnetforensics.com.

References

¹NPCC, APCC, Transforming Forensics, Forensic Capability Network,
Digital Forensics Science Strategy, July 2020