FBI Warns Cloud Providers About Security Requirements
If you are a cloud service provider looking to contract with U.S. law enforcement agencies, of late, there has been a bit of a shift, regarding security measures. The FBI has announced that there will be no compromise in its new rule that cloud service providers comply with the agency's Criminal Justice Information Systems (CJIS) security requirements. Though the agency understands the difficulties facing vendors in attempting to implement security requirements, they insist that there is an imperative at stake. And the FBI has made it clear, if the provider can't fulfill the requirements, they can take their business contracts elsewhere.
The announcement follows fast on the heels of what happened with the Los Angeles Police Department two months ago. It was then that the LAPD and the city attorney’s office ultimately decided (two years after moving their e-mail systems to the cloud in order to save costs) that no cloud computing intervention was in sync with the federal security guideline requirements for their departments. The LAPD dropped Google Apps, with the following response by the LAPD's CIO who told the LA Times, "It will be difficult for law enforcement to move to a cloud solution until the 'security requirements' and cloud are more in line with each other."
Google Apps couldn't comply with the CJIS requirements. But there is some question as to whether it was a problem related to LAPD, according to John Stokes of Cloudline who said in response to the Apps rejection,
"Unlike the problems related to the Patriot Act and EU customers, I think the damage is fairly localized in this instance...for two reasons: 1) Google will overshadow this news shortly with some large announcements, and 2) the LAPD is probably wrong about the security issue here."Continued on the next page