ASSOCIATE Magazine FBINAA Q4-2024

Continued from "Data", on page 10

Sharing information between agencies and / or other de partments often involves cumbersome processes, that cause de lays and inefficiencies. These challenges have been exacerbated because the volume and complexity of data stored and managed has increased exponentially. Law enforcement agencies now recognize they require more efficient and secure methods for sharing and storing vast amounts of sensitive information while adhering to stringent regulatory requirements and maintaining the highest stan dards of security and confidentiality. EXPLORING SECURE OPTIONS FOR SHARING SENSITIVE MATERIAL Agencies have several options for sharing sensitive mate rial, each with its own advantages and limitations. Traditional methods such as email or physical courier services are no longer secure enough to handle sensitive data due to the risk of inter ception or loss. Secure file transfer protocols (SFTP) offer a more secure al ternative but very often lack the scalability and user-friendliness required for seamless and fast collaboration. Cloud-based solutions have emerged more recently as a compelling option for sharing and storing sensitive information securely. Cloud platforms can provide scalability, accessibility, and robust security features, making them ideal for law enforce ment agencies. Although most cloud solutions claim to be secure there is a vast chasm of difference between the many solutions that claim to be secure and the handful that actually are secure. In short, agencies must prioritize solutions that are end-to-end encrypted protecting data at rest, in transit, AND at work. In addition, Zero Trust as well as Zero Knowledge security must be added to end-to-end encryption to ensure the highest level of security and privacy. BENEFITS OF SHARING SENSITIVE MATERIAL IN THE CLOUD confidential documents, messaging, email, and video conferencing, over 50 percent surveyed cite saving money and eliminating the need for software and hardware as key motivators to move to the Cloud. The International Association of Chiefs of Police reports that law enforcement agencies throughout the United States and around the world are increasingly considering cloud computing as a viable option to support information management and operations. Law enforcement leaders surveyed shared that over half already use or are consider ing using the Cloud. While there are many operational benefits to using secured cloud services for the storage and sharing of sensitive or Leveraging the Cloud for Law Enforcement However, not all cloud solutions are created equal.

Cloud-based solutions, particularly those offering both Zero Trust and Zero Knowledge security offer several significant ben efits for law enforcement agencies sharing highly sensitive data: 1. Enhanced Security: As discussed earlier, cloud-based solutions that provide Zero Trust and Zero Knowledge security can never be compromised – not even by the service provider. 2. Scalability and Flexibility: Cloud platforms can scale resources based on demand, accommodating the growing volume of data generated by law enforcement activities. Additionally, cloud-based solutions enable remote access, facilitating collaboration between agencies and personnel across different locations. 3. Cost-Effectiveness: Cloud solutions eliminate the need for expensive infrastructure maintenance and upgrades, reducing operational costs for law enforcement agencies. 4. Compliance and Auditability: Cloud providers adhere to industry standards and regulatory requirements, ensuring compliance with laws such as CJIS (Criminal Justice Information Services) Security Policy. Cloud-based solutions also offer audit trails and logging capabilities, enabling agencies to track access to sensitive information for accountability and regulatory purposes. CHOOSING A SECURE CLOUD SOLUTION WITH ZERO TRUST AND ZERO KNOWLEDGE ENCRYPTION When selecting a cloud solution for storing and sharing sen sitive law enforcement data, agencies must prioritize security, privacy and auditability. Cloud solutions that have both Zero Trust and Zero Knowledge security are essential foundational principles that guarantee data always remains protected, even in the event of a breach or unauthorized access. Zero Trust architecture adopts a "never trust, always verify" approach, where access to resources is granted based on strict authentication and authorization policies. This mitigates the risk of insider threats and unauthorized access by assuming that no entity, whether internal or external, should be trusted by default. Zero Trust Basic Tenets 1. All data sources and computing services are considered resources. 2. All communication is secured regardless of network location. 3. Access to individual enterprise resources is granted on a per-session basis. 4. Access to resources is determined by dynamic policy- including the observable state of client identity, application/service, and the requesting asset-and may include other behavioural and environmental attributes. 5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets. 6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed. 7. The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture. continued on page 27 Zero Trust alone is not enough.

26 FBINAA.ORG | Q4 2024