It’s like water

The term ‘cloud computing’ befuddles many. When computers first appeared on our desks at work, in order to do anything we had to buy software and install it on the box in our offices. Today, because everything can live in the cloud, one can literally purchase all his or her computing needs from a service provider who operates in the cloud. In the beginning it was about SAAS or Software as a Service. Today you can purchase virtual servers, storage, database services – organizations can now choose to place some or all of their IT systems in the cloud. These newer capabilities are referred to as infrastructure as a Service (IAAS) and platforms as a Service (PAAS) can also come from the cloud. Not only that, but the information in the cloud can be accessed from anywhere. Just like drinking water, all one needs to do is turn on the tap.

According to Wikipedia, “The term ‘cloud’ is used as a metaphor for the Internet, based on the cloud drawing … as an abstraction of the underlying infrastructure it represents.” Clouds can be public, private or a hybrid. Public clouds, (like social networks) are available to the general public. Private clouds exist solely for the use of the organization and can be located internally or externally. Hybrid clouds describe a combination of two or more clouds that talk to each other but are separate entities.

The one certainty is that cloud computing is causing a fundamental shift in information technology for organizations. Businesses large and small are starting to leverage cloud services, which means that sheriff’s offices large and small need to follow suit.

Taking a cue from the business world

In today’s economic times business leaders are increasingly focused on economies of scale, law enforcement too can learn from these practices. Just as any business that is hyper-focused on its core business, Sheriff’s agencies might better enable themselves to focus on crime fighting by outsourcing what’s not considered primary to its overall mission. Scalable, secure IT infrastructure is essential to any sheriff organization but isn’t easily achievable with slashed resources and constant threat of data breaches.

Brian Doyle is the Vice President of IT and Data Center Services at PCNet Inc., a Connecticut-based IT services company. His company is increasingly contacted by government organizations that no longer have the resources to replace aging systems, “these organizations have legacy applications which require new infrastructure to support them and because of staff reductions they probably don’t have the IT resources in place to safeguard data.” To earn industry certifications such as SAS70 Type II and SSAE16, companies like PCNet must meet strict standards that ensure physical security, networking security and sound business operations.

Data security is of paramount concern to all but with recent highly publicized data breaches, law enforcement is increasingly worried about protecting the data they gather. This summer, after the BART Police in California shut down cell-phone service following a threat of protest at a few of its underground rail stations, members of the hacker collective calling itself Anonymous infiltrated BART databases at least twice. The first time the hackers gained information about more than a hundred police officers that they subsequently posted online. The second time, the hackers released information on about 2,400 BART customers. The protesters were calling attention to a recent officer-involved fatal shooting of a homeless man.[1] “Everybody is concerned about whether or not they can keep their data protected and what are they going to do if there’s an attack. Generally IT professionals have more experience at dealing with these types of attacks than your average law enforcement IT guy”, stated Doyle.

Scalable Innovation

Law enforcement leaders are approached regularly by companies who have innovative applications that would benefit their organizations in some way. The disconnect often occurs at the point where a purchase decision is to be made which in turn requires research and then installation on in-house servers. Additionally, many of the most innovative applications need a lot of computing power to run them.

Scott Mills is the Vice President of Global Information Technology for Conservation International. He said taking something innovative to scale is one of the primary benefits of using cloud computing services, “before, if I wanted a solution I had to buy a server and software and spend time figuring out what I wanted. Now it takes 5 minutes to turn on SAAS in the cloud, now I have capability to do things I wasn’t previously able to do”.  For Mills it isn’t about having a “cloud strategy” but more about having a strategy of which the cloud is a part.

A example of this is the Baltimore Police Department’s use of Xora’s Field Force Manager Software program. The application is not only used to coordinate efforts in crowd control situations, but also to track the location of officers by the dispatchers. Without the computing power offered by the cloud, running such a program would not be possible. [2]

What does the cloud mean for forensic investigations?

While those in the IT services business, like Doyle, would argue that he is better equipped to ensure data security, many organizations are hesitant about moving operations to the cloud and cite security and the relinquishing of control as two of the top reasons why.

For law enforcement, one significant issue is obtaining evidence from cloud-based systems.  These systems store data on massive storage arrays that make forensic data acquisition much more complex. Cloud providers haven’t designed a way to comply with forensic investigations and investigators have likewise not offered procedures either. In most cases, in a cloud environment, the investigator is not going to be able to get his or her hands on the actual physical device storing the data and current forensic investigation standards require direct access to digital evidence[3].  Further complicating an investigation is that different processes might be outsourced to different cloud service providers, each one with its own terms of service and each one in a different geography with possibly even several countries involved.

Security experts also point out that the low cost and flexibility that attracts businesses to cloud-based services also attracts criminals, and these services make it easier for criminals to cover their tracks and operate with significantly more anonymity in the cloud. Eric Jacksch is an Information Security expert who manages the Canadian Security Practice for a global IT services company. He outlined a scenario where a criminal could use a throw-away cell phone, a prepaid gift card and a fake email address to set up shop to commit fraud. “A few years ago, if you wanted to start a system you had to purchase or rent a physical server. Today you can rent virtual servers on the cloud by the hour, they’re dirt cheap and you can delete things when you’re done.” That system can also easily be moved around according to Jacksch, “and by the time a victim gets a credit card statement the server used to commit the fraud simply doesn’t exist.  We’re now in the era of the throw-away server and it’s going to be a nightmare for investigators.”

On the other hand, a diet-drug scam investigation provided what is known as the first search warrant benefiting from a suspect’s use of cloud computing last year. FBI agents were able to obtain incriminating data more easily because it existed on Google’s cloud servers rather than the suspect’s own hard-drives. The 1986 Stored Communications Act allows the government to access a customer’s data whenever there are “reasonable grounds” to believe the information would be relevant in a criminal investigation. Even though the Feds obtained a search warrant they did not have to meet the standards for “probable cause”, nor did they have to go to the suspect’s location.[4]

To Jacksch, the cloud isn’t more or less secure than traditional IT systems, just different. “So much depends on the provider and the way in which the services are managed and used”, he said, and added, “you’re giving up some control to the cloud provider but having control doesn’t always mean having better security. We can achieve a high level of security in the cloud.  However, poorly managed cloud services can lead to disaster just as quickly as poorly managed traditional IT servers.” The cloud-enabled ability to instantly back up data is significant to Jacksch, “many small organizations simply can’t afford the type of backup capability that cloud providers offer.”

Cloud computing requires a different approach by investigators.  On one hand, recreating a crime scenario in a cloud computing environment may become nearly impossible. Among the reasons is that data on the cloud often exists in several places and is mobile, making it difficult for an investigator to find and obtain the data in its original form. On the other hand, multiple copies of data and near-instant backup capabilities may allow the investigator to find or capture evidence that would have otherwise been overwritten.

While cloud computing is one of the most talked about developments in information technology, even IT professionals are struggling to absorb what it means to their organizations. Whether they outsource IT services or not, sheriff’s agencies in the future are quite likely to find themselves increasingly pushed to cooperate with other agencies as they struggle to understand the cloud, through all the haze and the fog.

[1]Melrose, Bob, “BART Hacked Again; Police Officer Data Released”, CBS San Francisco,
[2] Gourley, Bob, “Cloud Computing for Law Enforcement“, Cloud Computing Journal, April 28, 2011
[3] Reilly, Denis; Wren, Chris; Berry, Tom. International Journal Multimedia and Image Processing. “Cloud Computing: Pros and Cons for Computer Forensic Investigations”. Vol; 1. Issue 1. March 2011.
[4] Poulsen, Kevin. “Spam Suspect Uses Google Docs; FBI Happy”. April 16, 2010.

This article was previously published in the NSA’s Deputy and Court Officer magazine.