With nearly 4 billion people using the internet, a staggering amount of data is produced every day. Recent numbers suggest that 2.5 quintillion bytes of data are created daily, and this figure continues to grow with the adoption of the Internet of Things (IoT). While it’s natural to assume this increase has been gradual, the fact is that 90% of data in the world was generated within the last two years alone. This begs the question; can organizations handle it, or are they about to find themselves over capacity? The answer may depend on the organization.
Data Storage Challenges for Government
It’s not surprising that government organizations produce copious amounts of data, but it may surprise you to know that even local bodies are reaching their internal data capacity. One example that demonstrates the need for an increase in data storage is the use of body-worn cameras (BWCs) among police departments. Today, approximately 95% of large police departments are using BWCs to record police officers’ day-to-day activities. While these innovative devices are improving police and community relations, they’ve also created a mountain of surveillance footage. This footage, in addition to dash cam and static surveillance video, is required by law to be maintained (typically) for at least 90 days, resulting in capacity overload. With dash cams alone, police were already dealing with terabytes of data; with BWC footage added in, they’re looking at petabytes.
Why does this pose a problem? Most government agencies are bound by tight budgets. These fiscal constraints can make it difficult to innovate, let alone maintain current operations. This influx of data stands to push capacity and spending to the max, and it’s not just law enforcement feeling the squeeze. As all government agencies become more connected (ideal in helping to collaborate with other officials, sending information, sharing solutions, and solving crimes), they bring in more outside data, further weighing down their capacity and putting more strain on their budget.
The solution seems simple: move to the cloud to solve data capacity constraints. But is it that easy?
Cloud Solution Challenges for Government
Government organizations cannot choose just any cloud. Each organization is bound by Criminal Justice Information Services, or CJIS. Established in 1992, the CJIS division of the FBI is a high-tech intelligence hub that links nearly 18,000 government agencies across the country to a massive database of crime reports, fingerprints, and other agency data. Additionally, it gives law enforcement, national security, and the intelligence community the information they need to protect the United States, while preserving civil liberties.
But finding a data center that’s compliant with CJIS can be difficult, and partnering with one that’s not can cause a big problem. Government agencies manage CJIS compliance through a state-appointed CJIS Systems Officer (CSO) who administers policies for computers, networks, and other parts of the CJIS infrastructure. The CSO checks to be sure organizations are obeying regulations, documenting compliance, and reporting back to the FBI. If an agency’s CJIS compliance isn’t on point, or is non-existent, the CSO will know, resulting in penalties that an already financially-strapped agency can’t afford.
Government agencies wanting to find a compliant cloud provider need to be sure their potential partner follows these guidelines, as outlined by CJIS:
- Limits access to intelligence, this is based on employee job assignment, network address, location, and time of day.
- Employs restriction measures to prevent unauthorized users from accessing information not critical to performing job duties.
- Limits login attempts to five tries, after which users will be locked out until they contact an administrator.
- Employs a session lock timer which engages after 30 minutes to prevent unauthorized users from accessing data should a user forget to log out.
- Performs ongoing monitoring and automatic recording of various activities (such as password changes) and maintains these logs for at least one year.
- Uses multi-factor authentication for highly-sensitive data (for example, a software application may generate a unique, one-time password at timed intervals. This adds a second level of complexity to logging in, but provides another barrier of entry against ransomware and data thieves).
- Maintains division between physical and virtual servers that store intelligence, and those that can be accessed by the public through webpages and internet portals.
- Performs criminal background checks on all employees with access to unencrypted intelligence, and performs ongoing and frequent employee training on CJIS best practices with ample documentation and knowledge sharing.
Finding a CJIS Compliant and Cost-Effective Cloud
Back to cost. Once a government agency has sought out CJIS-compliant cloud providers, they need to find one that can work within their budget. Most cloud providers adhere to the consumption-based billing model, meaning that the amount an organization pays can vary wildly from month to month. For government agencies operating on a strict budget, such fluctuations are not acceptable.
Thankfully, some cloud providers offer level billing. With level billing, government organizations have full control over the financial costs and performance of their cloud services. Rather than deal with fluctuating operational expenses each month, level billing provides a static, monthly cost that is determined upon initiation so that there is never a surprise at the end of the month. Most reputable providers will also offer a 12-month SLA review and reconciliation period, so if the organization is using much less capacity than they’re paying for, they have the ability to lower it and receive lowered pricing throughout the next year.
Get Into the G-Cloud for Government
If you’re considering migrating your data to the cloud, consider DSM’s G-Cloud. G-Cloud is the first and only Florida-based VPC solution designed for national, state, regional, and local government agencies. We ensure strict security protocols, 99.99%+ uptime, and a complete compliance package, meeting requirements for CJIS, HIPAA, PCI, SOC, and SSAE16. Even better? DSM’s G-Cloud is now available for purchase through the GSA contract. Learn more about the G-Cloud difference, and the GSA advantage here, or contact one of our IT experts today for a free consultation.