FBI insists cloud providers meet strict security requirements

February 9, 2012 Off By David
Grazed from FierceCIO.  Author: Caron Carlson.

Large enterprises continue to have reservations about the security of cloud computing, and apparently the FBI does too. The agency made it clear this week that any cloud providers who want to do business with U.S. law enforcement agencies must abide by its Criminal Justice Information Systems security requirements–which is a very high bar, reports Jaikumar Vijayan at Computerworld.

"The FBI remains committed to using technology in its information-sharing processes, but not at the sacrifice of the security of the information with which it has been entrusted," Stephen Fischer Jr., a spokesman for the FBI’s CJIS division, told Computerworld

As Vijayan notes, the Los Angeles Police Department recently cancelled plans to move to Google Apps, citing lack of compliance with the CJIS requirements. Google claims that the requirements are not compatible with cloud computing, but the FBI’s Fischer said they are compatible, although they may be difficult for vendors to meet.

To meet the requirements, providers have to identify all administrators–system, database, security and network–who are given access to criminal justice data, according to Fischer. They also must require fingerprint criminal background checks on those administrators.

"Admittedly, these requirements may be difficult for some cloud-computing vendors due to the sheer numbers and the geographic disbursement of their personnel," he said. "However, these requirements aren’t new to vendors serving the criminal justice community and many vendors have successfully met these requirements for years."