Modern computing is based on the cloud, an ever-expanding array of shared resources that provides a single platform for everything — from storing data to remotely accessing applications. The cloud is just one aspect of a modern computing ecosystem that has exploded in size and complexity over the past decade. Cloud computing was developed to overcome the limitations of various computing methods, including traditional, on-premise hosting solutions as well as big data and artificial intelligence.

Organizations big and small are rushing to get their data into the cloud. However, the advent of cloud computing has also brought a new set of cybersecurity challenges. Many organizations have done nothing but glorify the cloud, often forgetting the sheer amount of cybersecurity risks that can be present. Organizations with particularly sensitive data, such as law enforcement agencies (LEA), can never fully rely on the cloud.

To start, why did organizations turn to using the cloud?

The Rise of the Cloud

Since the cloud fever began, some of the biggest cloud computing companies, like Apple and Microsoft, have dramatically increased their reliance on the cloud. In addition, in-house IT teams have turned to the cloud for solutions to a host of in-house problems, including data centers and security.

While the term cloud computing and its ilk have gained popularity in recent years, it's not a concept that's new. In fact, we've known about it for almost 20 years now. Apple's late CEO, Steve Jobs, gave a keynote speech at the 1997 WWDC conference, alluding to the concept of cloud computing and its necessity: “I don’t need a hard disk in my computer if I can get to the server faster… carrying around these non-connected computers is byzantine by comparison.” More recently, IT visionaries such as Satya Nadella, CEO of Microsoft, became one of the most vocal executives about the importance of the cloud. During the Microsoft Ignite conference in 2016, he described cloud services as a fundamental capability to define the company. He also highlighted the central role the cloud plays in Microsoft’s strategy for the future:

And to build perspective on this, let’s go back to what we’ve been talking about, mobile-first, cloud-first … customers are achieving digital transformation where it’s about the mobility of the human experience across all of the computing in our lives. That’s what the cloud enables. Even the cloud is not a single destination but a distributed fabric. That’s what’s driving all of these ambitions that we have in terms of technology.

As emphasized by Nadella, the cloud began to grip the world's population like never before. The masses were enthusiastic about the concept of online data storage, as well as the benefits that it would provide. But the excitement waned considerably when data breaches and data loss incidents began to flood headlines. How could the world be so enthusiastic about a concept that could be jeopardized by human error and technology failures?

Security Risks

The cloud has become a popular location for businesses to store their sensitive data. Unfortunately, it's not the safest place to store all of that information. As a result, businesses are increasingly concerned about the security of their cloud-based services.

In 2010, Microsoft experienced a breach with its Business Productivity Online Suite that allowed unauthorized users of the cloud service to access employee data, such as their contact information. While the incident only took two hours to fix, it still is a clear indicator of what could happen with the cloud. The consequences of having confidential data exposed could be catastrophic for organizations.

Additionally, Apple similarly experienced a security breach with its iCloud service. Hackers were able to break into personal phones to retrieve private photos. The well-known incident that occurred with Jennifer Lawrence back in 2014 illustrates the very high risk for data breaches on the cloud. Any company, organization, or individual that leaves the security of their data in the hands of a third party is putting their data at risk. For LEAs, cloud storage is simply not an option. Fortunately, high-quality, on-premise solutions remain available. Many LEAs struggle to find an all-in-one solution to finding data. Social Links responded to their needs by creating a solution—SL BOX—that enables users to search among the most valuable and publicly available information.

An Alternative Solution

Since the early 1990s, open-source intelligence (OSINT) has become a growing industry, with hundreds of thousands of people working in corporate information security, government intelligence, academia, and the private sector. It is an industry that continues to flourish, and with each passing day, is becoming a more powerful and pervasive part of society. The vast majority of OSINT methods are conducted via the Internet, and many of these are cloud-based, with no storage on the organization's computer.

When it comes to highly sensitive data, such as internal police data, protecting that information is paramount.

“In due time, everyone will come to the realization an on-premise solution is a necessity when it comes to safely collecting both internal and open data. The answer lies in a system that compiles, organizes, and analyzes data from multiple sources. We at Social Links are one step ahead, as we’ve innovated a technology that collects data from numerous sources in real-time: the SL BOX.” — Ivan Shkvarun, Social Links Co-founder.IvanShkvarun-4

The SL BOX has the core capability to search and visualize data from open sources and provided in a conveniently presented manner for you. For example, on IBM i2 through the API you can load the results of investigations in order systems or you can load historical data from other police sources. The most important thing here is that this whole system is on-premise, without the cloud, enabling in-house management of data.

Recently, OSINT has become a more prominent tool in the hands of the intelligence and law enforcement communities. This has created an influx of new tools that make searching the internet for information and connecting to people easier and faster.

So, what is OSINT anyway? OSINT is a field of information gathering that can be considered as one of the most useful aspects of modern-day life. In fact, it's used in a variety of ways, including:

  • to collect information regarding cyber threats, cybercrime, and cyber espionage
  • for purposes of research, intelligence, and monitoring
  • used by many different groups, including the U.S. government, private companies, and private citizens, to collect information from all over the world
  • to gather data on the internet (web crawling) and social media (Twitter and Facebook), and on-the-ground intelligence gathering in areas such as conferences, rallies, and protests
  • data scraping and web crawling have become more accessible, more efficient, and more reliable

Recent years have seen a massive boom in OSINT. Since the turn of the century, OSINT has gone from a niche, academic field of research to a field of professional practice for both governments and private companies. Without OSINT, many analysts would be unable to zoom in on the world around them and see what's going on in the interest of their organizations.

The SL BOX is an OSINT tool that is secure and offers seamless access to open-source data. For LEAs holding sensitive information, privacy is of the utmost importance. The SL BOX can integrate with existing tools and processes and maintains the security of information within an organization. With the system’s dedicated customer-success managers, every organization receives the expert support of a team that takes the necessary measures to ensure that data is kept private and secure while allowing for the integration of an organization’s own tools.

For LEA investigations, the system’s process flows as follows:

  1. An objective is defined, and an investigation is launched.
  2. The collection of data commences, which involves retrieving data from sources such as internal sources, external sources, OSINT, social networks, and the Dark Net.
  3. The data is analyzed and secured, with the analysis occurring within a closed loop.
  4. The results and report are provided, and the history of the investigation is kept completely private.

Although all of the data compiled is openly available, the SL BOX presents organizations with everything in order to conduct a successful investigation. Unlike the cloud, the information does not need to be guarded as it is entirely publicly available. The investigation itself, however, remains secure and private within the platform.

“From the customer experience side, we at Social Links recognized the challenge faced by LEAs of not having a means to effectively compile internal and external information into a single system. We simply responded to our clients by providing them with an all-in-one solution to their problem, and fixed the issue with the SL BOX.” — Anastasia Kornilova, Head of Sales and Business Development at Social Links.AnastasiaKornilova-3

Conclusion

Cloud services can be a great tool, but there are many drawbacks when it comes to security, which makes it unsuitable for LEAs and other organizations holding sensitive data. Security is one of the biggest concerns for cloud service providers, especially those who use the public cloud. Security is important, but it is definitely a process. For example, if a company is using a private cloud, there is no limit to how much data they can hold, and there is no requirement to encrypt it. However, the cloud is a shared resource, so the company needs to think of how to prevent unauthorized access to the resources.

While the cloud can be a viable solution for many organizations, a hybrid option of both cloud computing and an on-premise data system ensures that an organization has access to all existing data, both public and private. A hybrid system compiles information from both online and internal sources contained within the organization’s IT perimeter. Such a hybrid system, including the SL BOX, can collect and analyze all available data to produce a report to be securely stored and accessed only within an organization’s walls.

The SL BOX is not another police CRM system with a list of villains, nor is it another cumbersome database. The completely private investigations platform for law enforcement is designed to support large organizations and provide them with the ability to discover, map, search, find and monitor the social and Dark Net, and work with data from internal databases including investigation results from other sources. The SL BOX offers a unique solution in the industry market by providing organizations with a single, data-rich, and easily accessible platform.

In summary, Social Links doesn’t recommend eliminating the use of the cloud—we are merely suggesting that a hybrid solution is the ultimate answer, which is why we created the SL BOX, an innovative on-premise solution using data available.