At ALEN we often get asked “As a cloud public safety solution provider, how do you prevent destructive computer virus’s like ransomware from compromising your solution?”. In this article we will take some time to answer just that, but first we must start by explaining what ransomware is and how it works.
Ransomware is a type of virus software that infects a computer and prevents users from accessing their computer systems or files until a sum of money (ransom) is paid within a time limit. A majority of the time the virus works by encrypting all of the files on the user’s computer rendering it useless until the user either pays the ransom to the criminal responsible for the virus in order to get the “key” to decrypt the files or by restoring their system from a recent backup.
Ransomware’s devastating effects are not limited to just the user’s computer it originally infected. Many times, it will also transmit to other user’s computers and servers that are on the same network continuing to encrypt files and rendering other systems useless.
The impact of a ransomware attack on public safety entities can be devastating. It can result in temporary or permanent loss of information (e.g. documents, databases, digital evidence, body camera video), financial losses, and disruption to general operations such as having to revert to paper reports.
So how do we prevent destructive ransomware from compromising our cloud public safety solutions?
The first method is in the way that users access our solutions, such as our Computer Aided Dispatch (CAD) or Records Management (RMS). Unlike traditional law enforcement solutions that require an on-premise server and database to operate their software, ALEN’s solutions are designed to only be accessed through internet browsers via an encrypted connection without the need for client on-premise servers or databases. This means that if a user’s computer becomes infected with ransomware it cannot automatically transmit to ALEN’s cloud infrastructure.
Our security methods don’t stop there, we know that new threats are appearing daily, so we invest heavily on ensuring our infrastructure and client data is protected at all levels. Of course, we can’t show all our cards, but here are just a few of the security measures we have in place.
- Enforcement & Compliance to FBI CJIS Security Policy, PCI 3.2 and NIST Standards
- Only Operating in FedRAMP, DoD and CJIS Compliant Datacenters.
- 24×7 Proactive Security, Intrusion & System Anomaly Monitoring.
- Regionally Distributed Computing Architecture (300+ miles of separation).
- Geographically Diverse Recovery & Backup Architecture.
- Physical & Logical Infrastructure Separation.
- Usage of Serverless Technology (PaaS) where applicable.
- Use of Privileged Access Management Systems.
- Enforcement of Least Privilege Access Policies.
- FIPS 140-2 Compliant Encryption.
- & More
To learn more about ALEN and our secure cloud public safety solutions give us a call at 1 (877) 824-9313 or email us at email@example.com .
To learn more about ransomware check out this article from the Department of Homeland Security’s Cyber Division: Protecting Against Ransomware (link: https://www.us-cert.gov/ncas/tips/ST19-001)