Thank you for the interesting article. Are there any gov regulations (i.e. restrictions) in US regarding the usage of "cloud" services for the storing sensitive information? Does the vendor have to comply to specified requirements from the point of security, encryption etc.?
Taser Aims To Be Emerging VSaaS Powerhouse
Taser, the company, is best known for its stun-gun product (or "CEW - Conducted Electrical Weapon") which is commonly referred to as a "Taser".
But over the last few years, Taser has grown to include body cameras and video storage rather than just, well, Tasers.
In this report, we examine Taser's past and present business, dig into the financial details of their fast growing video / VSaaS business, and examine the impact they plan to have on the video surveillance market.
There do not appear to be any end-to-end regulations that would prohibit the use of cloud services, especially for law enforcement purposes.
Personally, I've found the nuclear power generation companies to be the most paranoid about any technology, they would probably have some regulation or guideline preventing it.
I've had first-hand experience with law enforcement organizations in the US using cloud-based services, platforms, and applications for video purposes and I don't recall any of them ever mentioning or being concerned about specific regulations.
If Taser gets hacked, though, that would be a PR nightmare. Cop camera videos are a tempting target and would get massive (bad) press.
I think the migration of data to some kind of off-site repository is likely to happen, just due to the pure volume of data that gets collected, indexed, and then collaborated together for a case/trial.
I've spoken with several government entities that want a "private cloud" for data. They essentially want some other company to build and manage the core platform, but they want the physical servers in their own DCs (presumably with a VPN connection to the manufacturer for maintenance and updates) where access is more tightly controlled through VPNs or internal networks only.
But the common theme is that data security is a key factor in all of these situations.
If each PD does their own cloud-ish thing they would probably, net net, be LESS secure than an offering from a cloud provider (Dropbox, Taser, etc.), but each department would need to be uniquely exploited in order to be hacked. High profile departments like LAPD or NYPD would be juicy targets, whereas the Meredith, NH PD would likely be much less of a target even though they might technically be an easier target.
But if all of these PD's sign up to any common service, a single exploit would theoretically expose them all. In some cases you could draw the conclusion, as a police chief, that you would specifically NOT want to be on the same platform as the LAPD just so you don't get caught up in anything targeting them.
The collaboration aspect in particular can really make security messy. For the most part it makes storing encrypted files in a way that prevents decryption by a 3rd party more difficult. You need to either store and share a decryption key, or store everything encrypted with a key that only the uploader/original PD has, and then make a copy of the data that gets shared with a new sharable key.
Even the big guys have struggled with implementing solid encryption.
Security and encryption are *very* hard to do right.
It would be interesting to see the Taser service and logic they have implemented. For example, how do they manage access to information or how do they (if at all) make possible to share info with other PDs? They should think it through otherwise if it is just a clone of Dropbox for the specific customers then it will a bad idea to use it.
I've asked Taser if we can test the body cams and service. Hopefully they can help us make that happen.
The most prominent standard in this space is CJIS, which is a security policy put forward by the FBI. Compliance is mandated to the individual department, but certain products (if deployed correctly) meet CJIS requirements. Taser does take on much of this responsibility because they are offering to provide the entire ecosystem with the evidence.com product.
The CJIS requirements do not go away when a 3rd party is used to provide data services. The local agency still has a duty of care and responsibility for securing the data throughout it's lifecycle. That agency is also responsible for enforcing CJIS requirements for the 3rd party, i.e. IT & Data governance, IT audit, inspection, etc. Very few agencies are skilled in these areas so the risk to that agency for storing CJIS information off-site is not insignificant. Hybrid models with the primary data store under the agencies direct physical control with safety copies encrypted in a Cloud for safe keeping is emerging as a best practice that is in many cases cheaper than what the likes of Taser offer. As an example Taser has quoted several agencies $0.05/GB/month for additional storage vs generic Cloud storage available from multiple providers at $0.01/GB/Month. We'll see how Taser reacts to significant downward price pressure as credible turnkey solutions come on line for less than half of Taser's like cycle costs.
Unfortunately everything you say makes perfect sense. The reality is they are plugged in and have a stronghold. They could be selling 2 cups tied together with a string and call it a radio and the agencies would buy it. Best solution does not always win. We know in our industry that many top brands are not the best performing.
How someone can justify not being able to see the live camera image and not know what you are seeing without another device (smartphone) makes no sense. It is the most expensive solution and the logical and yes with standard def video which went out with the last stone age.
Even in the gun business their cost of goods = sales expense.
Who wants a third of the money they use to buy a product to be spent on selling them more?
"Who wants a third of the money they use to buy a product to be spent on selling them more?"
How many steak dinners and bribes does that equal?
Seriously, I doubt 1 in 50 end users know how much of their purchase goes to pay for sales but most end users will see the benefits from it.
Seriously, I doubt 1 in 50 end users know how much of their purchase goes to pay for sales...
I agree. Just like many give to charities without knowing that most of their money is going towards calling you back next year. And I didn't know until I saw Brian's report.
They may see some benefit, but I'm thinking most end-users would prefer lower prices or added features over more brochures and freebies and closers.
Its just a red flag. Maybe it's their industry, but can you name another product company whose cost of goods sold equals their sales expense?
Call me old fashioned, but the better product you have, the easier it is to sell, no?
"Call me old fashioned, but the better product you have, the easier it is to sell, no?"
This is a sale to government agencies, so I am not sure how 'easy' any sale is with the processes and rules in place.
Taser is the Google of Tasers, so evidently they are doing something right.
I do not that market, so I am not saying it is a good or bad product, but their high market share and tremendous profits seems to indicate that their strategy is working.
I sat through a Taser presentation to the Midwest Chief's of Police at the show here in Chicago last year. They hire ex COP's and from what I have heard their body worn camera is solid but it seems it's all about getting that cloud storage offering (evidence.com) and they take a margin hit on the hardware. We approached them to sell the solution as we have done a lot of police stations here in Illinois and have our clients coming to us to help them with this technology but Taser seems happy with selling direct and not using dealers. Anyone else approach them to sell their solution?
"Taser seems happy with selling direct and not using dealers. Anyone else approach them to sell their solution?"
Somewhat correct me if I am wrong but my understanding was that is their system, by design, sell direct.
In a conversation I had with Taser I asked them about using dealers instead of direct sales. Seems like they are sticking primarily with the direct sales model in the US and using distributors in the international markets. That's a very common approach for US-based manufacturers. I believe there may be a very limited number of US dealers, but those are legacy things and not something that Taser is likely to expand on.
Most of these services are working with Azure. The sticking point for guys like Taser and Panasonic are that they lock down the entire ecosystem in an effort to preserve the chain of evidence. Eventually, someone will open themselves up to working with 3rd party storage and applications. If a dealer understood the full ecosystem, they could do very well by providing a few quality camera options on a solid software platform and offer storage as either on-premise (server), cloud (Azure, Amazon, or Private), or Hybrid. I really think that a hybrid approach is going to be what most departments will want.
Having dealt with the technical and sales engineering side of Law Enforcement for a couple of years, I've found that overwhelmingly Law Enforcement won't go through dealers with ONE exception..... very small towns.
In a small town, where there is usually only one or two dealers in town and the PD is very small, they might not have the technical staff to deploy anything, so they basically 'outsource' it to a dealer. I'd say this is less than 10% of the time.
Most departments are large enough they have an IT staff so they will go direct for whatever they need. Also, it's easier to use GSA, DIR or any other sort of purchasing contract when you go direct, vs going through a dealer.
Law Enforcement is a very close knit community. They ALL talk to each other. Once you get in good with one, you're in with another. Word of mouth and reputation is EVERYTHING with them.
Taser is THE name in the field. They have been pushing the cloud stuff since the beginning. They are under some pressure from the Chinese knock offs, but that's mostly from the small to medium size PD's that don't have the funds. You won't see LAPD with a body cam from AEE most likely. Some smaller PD's are asking their officers to buy their own body cams, or they are doing it on their own.
Just like with anything else, it's a matter of scale. The change over process with the body cams gets logistically harder the more units that you have. If you've got 2,000 cops, you couldn't manually offload them all fast enough. The original Taser unit I saw was very slick... the USB port was built into the charger. You drop it in like it's a 2 way radio and it takes care of the rest. Slick idea.
I do wonder what sort of chain of custody and encryption there is on that transfer though... Interview room systems have very specific, technical requirements to be admissible.
You also have an issue of the end user interface for retrieving that data. If you just had 100 self contained recording units that you were manually offloading and putting into a NAS, how in the world are you going to go back to a specific unit to a specific officer (if everyone is sharing) to a specific date/time. In car systems have the same situation. The hardware might not be that special, but the back end needs to be able to handle a million different situations and be usable for it to be of any value. Sticking a $30 dash cam in a police car might 'work' but it's not 'usable'
I disagree with you about large departments not using security dealers but maybe you are just talking about body worn but maybe thats the only way they have been sold.
That's been my experience, but it's certainly not a given or a rule. I suppose it depend on what they are looking for. We all know that some products are only sold through distribution and some are sold direct.
Some of the body cameras I dealt with were not sold directly.. at least at first..
They ended up shifting to a direct sales model, which naturally annoyed the distributors.
Point of integration:
Using Taser the weapon can automatically trigger Taser the camera.
LAPD's Body Cams To Be Synced To Taser Deployment
Los Angeles police on Tuesday ordered Tasers that, when used, automatically activate cameras on officers' uniforms, which will create visual records of incidents at a time of mounting concern about excessive force by U.S. law enforcement officers.
Strong selling point for Axon, no?
Taser clearly has the relationships because the solution makes no sense. Taser offers data packages which can cost more than $1,000 per year per device using evidence.com. Over a 3-5 year life that is $3,000 - $5,000 plus the cost of equipment and internet.
Brian is on target with how can you justify the cost of an under $300 hard drive vs. cloud ($3,000+). The costs are not only for the cloud but the cost of Internet service to upload the data to the cloud. A 10x higher cost for what perceived value?
The camera is a standard def camera with no display to see what you are recording. Another device such as a smartphone is required, which further increases costs as an officer needs to be outfitted with a smartphone and those recurring costs.
Credit has to be given to Taser who has managed to own the market. Think of what you get with a GoPro in terms of high definition and capabilities. In fact, the majority of the Body Cams are using Ambarella the GoPro provider.
There are lower cost alternatives with more functionality and usefulness which can work on local storage with no recurring revenues. The challenge is getting the attention of the end user who have long and intimate relationships with Taser and now Motorola.
The Motorola advantage is the integration with the radio which each and every officer carry. One device with one PTT.
The downside to the Motorola integration is that the camera is pulling power from the radio. The possibility of being without radio communication is a big deal to a lot of officers.
Taser was the only fully developed solution when the market broke open. All of the other vendors were still in development of some kind.
The biggest problem for any company breaking in which comes back to the "appearances" is there is little to no chance. In researching many of these opportunities "all" of them require several years past performance with law enforcement agencies and minimum of 100s of cameras deployed, etc. Basically, no one can comply other than Taser and a couple of others.
There have been other solutions available which are better in terms of usability and video quality but no capability to break the old boys network.