Police officers, redaction, and real-world impact of cloud security
The Police Digital Service linked Adobe with the National Police Chiefs Council, using Adobe Acrobat DC as its standard redaction tool for 90,000 officers and staff.
Image source: Adobe Stock / Brian Jackson.
Security is a major priority for organizations as they move to the cloud, and rightly so. Cybersecurity breaches continue to make headlines and threats are on the rise worldwide. Consumer data privacy issues have become more stringent. And the stakes of security issues and potential downtime are high, especially for large enterprises and public sector agencies.
Not surprisingly, most organizations have a lot of questions when they’re looking to migrate critical processes, data, and transactions to the cloud. How safe is the cloud? Where does our data get stored and processed? How do we know our vendors comply with regulations? How safe are we against evolving security threats?
As director of product security at Adobe, Dave Lenoe leads many of those conversations — working with Adobe customers to understand and address their requirements. He and his team constantly look for ways to make Adobe’s products more secure and baking security into the earliest stage of the product cycle. That includes:
- Earning compliance certifications in ISO 270001 and SOC 2 Type II
- Encrypting data at rest and in transit with the latest encryption methods where applicable
- Conducting third-party penetration tests
- Building security into the product lifecycle and training developers
But there’s “no magic wand for cloud security,” as Lenoe points out. “Third-party validation is a good start, of course — it shows we’ve achieved a certain level of security assurance,” he says. “Adobe goes beyond compliance by working to implement practices we feel will make a difference from a real-world security perspective.”
For Adobe, that means building a strong culture of security and constantly striving to improve as the landscape shifts — focusing on initiatives that will make an impact for customers. And it’s not just about maintaining strong security practices. It’s also about building the product features customers need to help keep data safe and manage compliance. In the UK, the Police Digital Service (formerly the Police ICT Company), which helps UK police forces harness the power of digital, data, and technology, relies on Adobe for both.
How document security helps keep people safer in the UK
More than a year ago, the Police Digital Service (then the Police ICT Company) linked Adobe with the National Police Chiefs Council (NPCC) who were tasked with solving a challenge that affected all 43 police forces across the UK. Police officers were spending a lot of time redacting sensitive information from case files as they prepared to send them to the Crown Prosecution Service (CPS). Bogged down in paperwork, police forces had a hard time keeping up with rising volumes, maintaining standards, and creating secure documents that ultimately led to delays in the justice system.
“Our objective was to create a nationally consistent requirement for redaction and standardize on technology,” says Simon Yates, chief inspector for the Sussex Police, seconded to the e-Disclosure Project for the Police Digital Service. “We needed to make the redaction process quick and more secure to better safeguard all the personal sensitive investigation information we gather.”
The NPCC chose Adobe Acrobat DC as its standard redaction tool for 90,000 officers and staff across the country — but only after making sure that Adobe could meet its stringent security standards and regulatory requirements.
“As a working officer, I need to be sure that my redactions are irreversible and that we follow the management of police information (MOPI) guidance on data handling and archiving — keeping files in a safe place, preventing duplication, and storing it for only a certain period of time,” says Philip Burn, detective sergeant for the British Transport Police, also seconded to the e-Disclosure Project with the Police Digital Service. “Another concern we have is license management. We need to be able to restrict and remove access when people leave the force or face disciplinary action.”
For Adobe, meeting those requirements was simply an exercise in communication and business analysis— as Adobe Document Cloud aligned well with the police forces’ needs, from its granular access controls to the ability to prevent sharing, printing, copying, and editing. And the Police Digital Service knows Adobe has the backend security practices in place to help keep user data safe in the cloud.
“We’ve spent years refining our redaction capabilities so it’s easier to help ensure that sensitive data isn’t left in the document,” says George Harris, information security and data protection specialist at Adobe. “For a national police force, that’s essential for avoiding costly and damaging mistakes.”
Highly secure redaction has clear impact on UK’s justice system
Today, policing is reducing error rates on redacted case files, which translates to stronger privacy protections for the citizens police forces strive to protect. It also means police forces are at less risk of incurring fines for data exposure. At the same time, police officers save a significant amount of time on paperwork. On average, the redaction process dropped from 226 minutes to 131 minutes with Adobe Acrobat DC — more than an hour and a half saved per case.
“An officer had to redact a 40,000-line mobile phone transcript, which would have taken weeks to complete by hand. With Adobe Acrobat DC, it took just a few hours,” says Burn. “Previously, the workload for officers and staff was going through the roof. Adobe Acrobat DC has brought that workload back down to a manageable level.”
On the horizon for cloud security
For the Police Digital Service and other Adobe customers, it’s important to keep adapting — and keep asking questions. Chances are, Adobe is already working on the answers.
“Adobe tries to stay at the cutting edge, so we have a lot of cool stuff happening — Including applying machine learning to threat intelligence and launching a content authenticity initiative to combat deep-fake content,” says Lenoe. “But we also know that in terms of real-world security, sometimes the hardest thing to do is execute on basic security hygiene, so we’re making it easier for customers to keep their Adobe software patched and updated by default.”
Ultimately, the work to keep organizations safe and more secure in the cloud is never over. “Cloud security is not something you set and forget,” says Lenoe. “It’s a constant challenge. You need to continue to evolve your security to meet and mitigate emerging threats.”
For more information on the benefits of Adobe Acrobat DC, please visit here.