Not all clouds are created equal: understanding security and privacy cloud requirements of justice and public safety
Updated October 4, 2017
Microsoft is committed to providing Justice and Public Safety (JPS) organizations with cloud services they can trust and is uniquely equipped to help them become CJIS compliant. We have assessed the operational policies and procedures of Microsoft Azure Government, Microsoft Office 365 Government, and Microsoft Dynamics CRM Online Government, and have attested contractually with 33 States their ability to meet the applicable controls and comply with FBI CJIS requirements. Over the past few months we have continued our commitment in this area and contractually worked with the States of Montana, Alaska, Tennessee, Rhode Island and most recently Virginia. Any State, City, County Government in these 33 states is now able to use the Microsoft Government Cloud for organizations that require CJIS compliance.
Critical in the CJIS standard are employee background checks, detailed security updates and the ability for the State CJIS Systems Agency (CSA) to examine and inspect cloud solution providers to meet their audit requirements. We design compliance from the ground up, so our cloud services and our entire Government Cloud are integrated via this approach. Unlike other vendors in the market, we don’t have partial coverage, don’t make unsubstantiated claims, and we don’t require our Government customers to use third party software (that adds unforeseen IT cost and lowers user productivity).
Our approach empowers JPS organizations to utilize government cloud services to support their mission via a solution they can trust. Our focus on regulatory compliance allows for greater cost savings and increased productivity via IT consolidation across the spectrum of current IT trends (e.g. Enabling centralized email across a State, City or County, enabling intra-agency productivity, citizen focused case management, advanced data analysis, IOT and hyper-scalable compute environments). All of which reduce Government IT operational costs, increase productivity and allow for a digitally transformed, integrated Government.
This approach empowers JPS organizations to utilize government cloud services to support their mission via a solution they can trust. Our focus on regulatory compliance allows for greater cost savings and increased productivity via IT consolidation across the spectrum of current industry technology trends (e.g. Enabling a consolidated, centralized email system across a State, City or County; enabling intra-agency collaboration; enabling citizen focused case management, enabling advanced data analysis of multimedia, structured and unstructured data; enabling Internet of Things (IoT) and hyper-scalable compute environments). All of which reduce Government IT operational costs, improve Government performance and allow for a digitally transformed, integrated Government.
Cloud service providers must be evaluated to meet the stringent CJIS requirements.
Microsoft has a long-term commitment to the promise of enabling digital transformation across global government and law enforcement agencies empowering law enforcement for citizen safety. Meeting CJIS regulations is a key part of this ongoing dedication to meet the needs of urban, regional, and state governments and law enforcement agencies in the U.S. Microsoft is an industry leader across hyper-scale cloud providers in helping agencies to achieve CJIS compliance.
How should you choose the right partner for your agency to meet CJIS security policy?
Microsoft recommends seven essential questions you should ask in your selection process.
1. Does the cloud provider have experience with Justice and Public Safety and CJIS?
Microsoft is a leader in this area. Microsoft has contractually attested to the applicable CJIS controls and signed CJIS agreements in 33 states, reaching more than 61% of the U.S. population
In these states, with access to Microsoft Government Cloud solutions, information obtained through technologies such as body cameras, police video, and records management, will be managed in the government cloud according to the requirements of the CJIS Security Policy.
2. How committed is the cloud provider to CJIS?
Microsoft is a leading hyper-scale cloud provider with this scale of commitment to meet the applicable controls for adjudicated employees in CJIS Security Policy v5.5 which allows law enforcement agencies to be certified CJIS compliant. Microsoft is continually updating its services to meet and exceed evolving CJIS standards.
3. Is the cloud provider trustworthy and experienced?
Over 1,300 U.S. federal government agencies and over 8,700 state and local government agencies use Microsoft Cloud services. Microsoft provides a differentiated end-to-end set of solutions and an integrated Microsoft Cloud for government platform, including Microsoft Azure, Office 365, and Dynamics CRM.
4. Can the cloud provider provide a multi-cloud, end-to-end solution?
Microsoft is a leading service provider offering a complete hybrid cloud approach for state and local governments. Agencies can integrate their existing on-premises datacenters with solutions and services running in private, public and/or government clouds. This includes an extensive partnership with ISVs, service providers, and equipment manufacturers to enable solutions such as body worn cameras and records management.
5. What level of policy controls does the cloud provider have in place?
Microsoft is committed to the highest standards of policy control. Microsoft Government cloud services are available to qualified government entities, including US federal, state, local, tribal, and territorial government entities, and other entities who handle data subject to government regulations and requirements. In addition, Microsoft government services are operated by US Citizens that are being adjudicated and cleared by the states. These background checks include, but aren’t limited to, fingerprint records, criminal histories, and other information that government agencies must review for access to Criminal Justice Information. Microsoft Government Cloud differentiates with this level of employee security clearances spanning this broad geography.
6. What coverage exists for disaster recovery and reliability?
Should the worst events occur, you need to count on redundant data centers that are located far enough apart to ensure the safety of your data. A Microsoft distinction is our widely dispersed, U.S.-based geographic data center coverage–our data centers are at least 500 miles apart. Microsoft also runs redundant systems to protect sensitive data and records.
7. Where are data centers located?
Microsoft data centers are sited within the continental U.S. This eliminates any questions about U.S. national data sovereignty. See Data Center information here.
When you are thinking about CJIS and digital transformation across your government and Justice and Public Safety priorities, you should seek a partner committed to CJIS compliance and security today and in the future. We stand as leaders in the government arena, and continue building a government cloud you can trust.
Microsoft Cloud solutions can help drive increased cross-agency cooperation because they deliver familiar, effective tools to staff, contractors, and mobile workers anywhere. Millions of agency workers nationwide are already using Microsoft. Why make compliance more difficult to implement and/or risk the high costs of non-compliance?
To get started contact CJIS@Microsoft.com for a guided discussion on how to meet CJIS standards using the Microsoft Government Cloud.
