Circle Opinion

Policing’s future is in the clouds

Damon Ugargol

For the uninitiated reading this, what is the cloud?

Well in its simplest form, the cloud refers to a remote Data Centre, commonly owned and operated by a 3rd party, that is used to host applications and store data that a Force would have previously provided via their own on-premise Data Centre facility.

The cloud is commonly accessed via the internet, meaning any device that has some form of internet connection can access the applications and data that reside there. That device could be a desktop in the station, but it could just as easily be a remote device such as a laptop, mobile or tablet being used out in the field. Given access is via the internet it also means that it makes it far easier to share anything that’s stored in the cloud with other entities should you wish to do so. Ideal if you want to work collaboratively with other agencies and share data.

Another added benefit is that the cloud hosting provider takes on the responsibility for maintaining the infrastructure on which your data and applications are stored, as well as being responsible for the environment in which it resides.

Cloud services are typically subscription based, which shifts the commercial model from a capital one, where the Force has a large capital outlay relating to procuring and maintaining their own in-house IT provision, to a revenue-based, ‘pay as you go’ model allowing for easier budgeting with no large initial outlay. Cloud technology also provides the ability to ramp services up and down as needed, meaning the Force only pays for what it needs, typically with a lower overall total cost of ownership.


Back in 2013 the Government introduced its “Cloud First” policy. Within it was a recommendation to all Public sector organisations that, they should prioritise the use of cloud when considering new IT solutions. The inference being the public cloud rather than a community, hybrid or private deployment model.

Key to this recommendation was that “Departments should always source a cloud provider that fits their needs, rather than selecting a provider based on recommendation.” I’ll come back to this point later.

The Government stated that, “By exploiting innovations in cloud computing we will transform the public sector ICT estate into one that is agile, cost-effective and environmentally sustainable.”

The benefits of having a cloud-based deployment were clearly evidenced in 2017 following the Manchester terrorist bombing. In the aftermath of the incident, the cloud based HOLMES2 (Home Office Large Major Enquiry System) was used to set up a Casualty Bureau, to support with missing persons, the identification of individuals and logging of evidence. Thanks to being hosted in the cloud, within two hours of the attack, 27 forces were able to utilise the casualty bureau to support one another with mutual aid.

Another cloud native system that will undoubtedly benefit all forces is the much criticised and highly controversial LEDS (Law Enforcement Data Service). LEDS is the Home Office’s new “super-database” for Police. It combines the PNC (Police National Computer) and the PND (Police National Database) into one data source. Although massively over budget and behind schedule, no one doubts the benefits it will bring to Policing. Given the amalgamation of the systems there will be reductions in running costs by supporting a single, far more efficient system. Police will have access to a much broader set of information, which should help in speeding up the identification of persons of interest. LEDS is to be hosted on the commodity cloud service within Amazon Web Services (AWS). This will widen the scope beyond policing in terms of organisations able to obtain access, such as the DVLA, Financial Conduct Authority, Highways England, Competition and Markets Authority and the Royal Mail.

Arguably, the cloud-based technology that has had the biggest positive impact of late is Microsoft’s 365 Productivity Services suite, being rolled out to Forces as part of the National Enablement Programme. The national lockdown that was imposed in response to trying to combat the Covid 19 pandemic, added an additional level of complexity to Policing. Whilst most things ground to a halt, criminal activity continued and so did the need to police it. By using the collaboration tools that are offered as part of the productivity suite, Forces were able to continue to operate using a virtual environment, allowing employees to come together whatever and wherever their location.

Given the exhortations of the Government and the evidential benefits of adopting cloud technology, does that mean all Forces have rushed to go ‘all-in’ pushing all their Applications and data into the cloud in haste?

The short answer is no. Despite the numerous benefits to adopting a cloud first approach, as recently as 2 years ago, reports suggested that as many as 75% of all Forces still accessed and managed their data and applications on premise. So, the big question is why?


Understandably, Police by the very nature of the job they do are quite anxious when it comes to re-housing their applications and data. A good percentage of the work is sensitive and needs guaranteed security. As you would imagine, most forces were initially very sceptical that the cloud could offer the same level of security as that provided in their own on-premise data centres. Surely no-one would be as concerned about the security of Police IT than the Police themselves.

When we talk about security in this instance, it usually relates to the need to ensure that everything belonging to the force is protected from a potential data security breach. When you have been responsible for security for so long it is hard to share that responsibility with someone else and have the confidence that they will look after things as well as you do. It is also unnerving when your security is no longer fully reliant on the tangible devices sitting in your data centre, that you can see and touch with a reassurance that everything is ticking along as it should be.

In a traditional on-premise solution, IT teams must manage and maintain security at every single location and for every single application. When it comes to Public Cloud, providers don’t have visibility of where or what the ultimate endpoint is, therefore all security has to be centralised and unified, able to cater for all possibilities. This unified security approach means you may end up with access to more security than you currently have employed on premise.

Let’s just for a moment take a look at cloud security:

  • Security is now a shared responsibility with the cloud vendor, meaning there is less of a burden on your IT teams and your finances.
  • Updates and patches no longer have to be resourced and scheduled in by the IT team, instead being applied in a timely fashion.
  • Cloud security is highly automated, meaning a reduced need for human intervention and less opportunity for errors.
  • As security is centralised there are less boundaries in relation to possible end points.
  • Cloud security may offer more specialised and robust options that would probably otherwise be unavailable due to cost.
  • Although public cloud involves trust of a 3rd party. They are generally experts in their field and are focussed purely on security and nothing else.
  • Cloud providers are now compliant with necessary regulation, meaning you can rest assured they are using best practices.

Over the last few years billions of pounds have been invested by Public cloud vendors to provide efficient data security. So much so, that cloud security arguably provides better protection than that offered by a lot of on-premise facilities. Most of the major vendors are compliant with the Home Office’s National Police Information Risk Management Team (NPIRT) requirements, meaning cloud services can now support Police Forces across the UK who require Police-Assured Secure Facilities (PASF) to process and store their data in the cloud.

A big indicator of shifting attitudes around security, is the recent decision by the Defence Digital Service (DDS), a new group in the Ministry of Defence (MOD), to shift its data for its Readiness Reporting and Deployability Discovery (R2-D2) project to a public cloud.

Phil Jones from ISS (MOD’s Information Systems & Services) stated that Public Cloud is being used by several operations and projects within the MOD to identify how new services and capabilities can be delivered to Defence. Teams are able to access accounts to the Public Cloud offerings provided by Amazon Web Services (AWS) and Microsoft Azure – this provides teams with freedom to evolve their own Services that take advantage of industry leading capabilities.


Culture was cited as being another barrier to adoption. Historically, Forces have been quite parochial in their nature. Very much with a sense of, “This is how we’ve always done things!” or “We’ll wait and watch what everyone else does first before we decide.” This mentality has left forces lagging behind the criminals who they are trying to outwit (Who conversely, have exploited this new technology in advanced and innovative ways, making their criminal activities far more complex and difficult to untangle).

However, police culture is changing thanks to the everyday use of cloud in our personal lives. Barely a day goes by where we don’t perform some kind of interaction with cloud-based technology, passing data back and forth between applications and allowing us to do things on the move using our mobile devices, such as ordering food, making appointments and booking holidays, remember them?! We even trust the cloud to store our most precious memories in the form of photos and videos.

So, if security concerns have now been addressed and cultural views are changing, then what else is slowing mass adoption?

For those of you that read my last blog, you’ll already know the answer. However, for those that didn’t, go and read it! But in the meantime, the answer relates to the fact that a lot of forces maintain a large number of legacy applications, that were never designed for the cloud and don’t easily present themselves to being migrated on to one.

However, the aforementioned blog provides an indication as to how we at CACI can help forces overcome this obstacle.


If all barriers have been overcome and the decision has been made to adopt the cloud, how do you then go about deciding which cloud is best for you?

Let me try and explain by use of an analogy; when your child reaches a certain age there comes the time you want them to spread their wings and leave the family nest. Do you quickly find the first available cheap premise you can and proceed to move your loved one into it as quickly as possible? Then as each successive child reaches that same stage, find a similar property to the first and do the same again? Maybe you do!

But in all seriousness, most of us would probably seek the services of some form of an Estate or Letting Agent, someone with full knowledge of what’s available in the market that best suits your little treasure’s wants and needs. Relying on the Agent to advise and suggest viable options, before carefully choosing the best property available to them.

Well a similar approach should be applied when adopting a cloud strategy. Do you find the first cheap, hosted environment available and proceed to throw all your applications and data into it? Again, maybe you do, and I know some have to their regret. But the smart option is to seek the services of an experienced, qualified cloud migration partner, someone who has thorough knowledge of the market and an ability to provide the best advice on the optimum solution for your organisation. A partner that will consider your differing workloads and what you need to achieve and design a strategy around a perfect hybrid of available cloud resource.


So with the many benefits the cloud brings: accessibility, affordability, removal of a maintenance burden, better levels of security, increased speed of deployment and rapid scalability, as well as the Government pushing its ‘Cloud First’ strategy, is this the end for on-premise data centres?

Gartner predicts that by 2025, 80% of enterprises will have shut down their traditional data centres, versus 10% today. But, is it as clear cut as that?

Traditionally when new applications were requested by the force, IT departments would consider how they could deploy the application using their in-house architecture. This strategy has worked well for many years, whereby the goal was to deliver the application to the Force’s own end users. But as the workforce has now become more agile and the need for collaboration with other agencies grows, it drives the need to change the strategy and ask, ‘how can we deploy this so that we can easily access it from anywhere and share the information stored with others if we need to?’. Decisions now need to be less architecture driven and more about the needs for the services that are being delivered.

Cloud doesn’t have to be an all or nothing proposition – don’t let the one size fits all message fool you. Just because someone recommends a particular cloud service it doesn’t necessarily mean it is suitable for your particular workload. Every Public cloud doesn’t fit every IT function. Planning around objectives and consideration of things like low latency and high bandwidth traffic needs to take place when designing a cloud migration strategy. Hence the need for an experienced, qualified partner who will provide a comprehensive, overall assessment before further engaging with your team on creation of a mobilisation and migration plan.

Cloud computing is no longer the novel concept it once was, it is a well-established, proven mainstream technology with many benefits and as operating models shift and demands increase, Policing should recognise cloud as a more effective method of delivering applications, software and data to those that need it.

It’s now highly regarded as inevitable that in time Gartner’s prediction will come to pass, but whether it is optimistic to think that it will occur within the next 4 years remains to be seen.


“POLICING’S FUTURE IS IN THE CLOUDS” is the 2nd in our series of blogs on how tech can help the Police. Read the first blog in the series “Legacy Application Interoperability & Integration in the Police Force” now.


Contact us now
Damon Ugargol