Which cloud approach is best for the police?

While “Cloud First” has resulted in the bulk of the UK public sector rapidly adopting cloud infrastructure since 2013, the cloud only really became a legitimate option for the police in 2017 when the UK’s National Police Information Risk Management Team accredited the major UK cloud providers to store and access police information. Forces across the country have begun to seriously evaluate the role that the cloud should play in their infrastructure. What options are available to them?

Why cloud?

It is worth taking a step back to briefly remind ourselves of the benefits of cloud computing vs the status quo of building and maintaining your own datacentre. The cloud may be the default position for the public sector, but it still needs a compelling business case. So, what are the benefits police forces should expect from migrating to the cloud? These can be briefly summarised as; lower operational and setup costs, industry-leading security (the specialist security skills of the large cloud providers simply cannot be matched in-house), scalability (spin up more resources at the touch of a button), improved resilience and disaster recovery, and lastly, simplicity; cloud services are generally much simpler to manage because many of the routine processes, such as updating operating systems and software, are handled by the cloud provider as an automated service. All of these add up to a compelling case for police forces to adopt the cloud.

What are your options?

Like so many things, the “cloud” comes in many flavours. It is not simply a choice of cloud or no cloud, but which cloud, or more accurately, how much cloud are you comfortable with?

1. Adopt Office 365 – Forces can start by migrating their office workloads to the Office 365 cloud. In fact, many have already done this. Aside from providing a safe route to cloud services in an environment familiar to users, Office 365 also provides an excellent foundation for deeper cloud migration. This is because it uses the cloud-based Active Directory system, which forces can leverage as a common identity management system for other cloud services. Once a force has adopted Office 365, Active Directory can provide a single login for all other cloud services. Since most forces require their officers to remember multiple login details and passwords to access different systems, moving towards a “single sign-on” environment would be a significant day-to-day improvement for officers.
2. Move datacentre resources to cloud – The so-called “lift and shift”. This idea is generally borne out of a misperception that the cloud is “just someone else’s datacentre.” If you manage your own datacentre then the cloud is technically no different – it’s still just a room full of servers, so surely, it’s just a matter of lifting the existing code and database to the new environment and letting the cloud provider take over the management of the infrastructure? Unfortunately not. Moving a datacentre to the cloud will provide limited benefits because the virtual machines (VMs) still need to be managed. All you achieve is a change in the cost model of your datacentre from capex to opex. Not recommended.
3. Hybrid cloud – This is the route many forces are taking and will be the logical next step after migrating office workloads to Office 365. A hybrid cloud will combine some cloud workloads with a base load kept in the datacentre. This is a prudent approach since services can be migrated to the cloud at the most appropriate time (e.g. at a datacentre’s end-of-life), gives more cost-effective scalability and avoids the risks posed by a “Big Bang” transition since different functions can be migrated over time.
4. Migrate to IaaS or PaaS – Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) are two routes towards a fully cloud-enabled infrastructure, however both options still require a good amount of management by the customer, so they are not always suitable. With IaaS for example, the Virtual Machines (VMs) and other virtual hardware is provided as a service, but much of the maintenance (updating OSs, licensing etc.) still has to be managed by the customer. PaaS is just one step above IaaS in so far as the service provider not only provides the VMs (like IaaS), but also the OS as a managed service. You can then build your applications directly onto the operating system. Given the continued management overhead of IaaS and PaaS, it is only suitable for the largest of forces with very specific IT needs.
5. Consuming SaaS – From a police force’s perspective, Software-as-a-Service is the often overlooked but most logical form of cloud computing for their needs, since it delivers all of the benefits of the cloud in a safe and manageable way. SaaS goes one critical step beyond IaaS and PaaS by providing the application itself as a service.

SaaS: Leverage the benefits of the cloud without the hassle

What makes SaaS so suitable to UK police forces? In most instances, when you move your IT services from a self-hosted datacentre to a private cloud provider, you are still using someone else’s software e.g. SAP, Oracle, Microsoft etc. If you are building or buying a cloud infrastructure simply to run someone else’s software, why not use their hardware too? If the software provider offers a SaaS option, forces would do well to evaluate it.

SaaS can deliver results to a force more quickly than all of the other cloud options because it does not automatically require any type of migration. This makes it a very good starting point because a force can leverage new technology without having to write-off its existing datacentre investments. While it does need some investment, such as integrating with a cloud-based identity management system, this is considerably cheaper and lower risk than migrating the force’s entire datacentre to an IaaS or PaaS tenancy.

SaaS offers all of the benefits of the cloud but with very few drawbacks; you can quickly add new capabilities and users at relatively low risk and cost, there is minimal or zero capital outlay, and SaaS providers practice the highest standards of security and availability (as a minimum, SaaS services are secured using HTTPS / TLS1.2 and accessed by a cloud-based identity management system such as Azure Active Directory).

When it comes to cloud, going “all in” by putting all of your IT services into your own cloud tenancy might not be the right approach. Exploring digitisation and cloud options is an opportunity to review all the solutions out there. It is not simply a matter of lifting everything you already have and putting it into a cloud server, but of finding better ways of doing things which deliver a police force fit for the 21^st century.

If a supplier offers you the choice between hosting their solution in your cloud tenancy or theirs (i.e. as a SaaS service), there are very few reasons why you would not choose their tenancy (i.e. consume it as SaaS).